Package com.nimbusds.jose.proc
Interface JWSKeySelector<C extends SecurityContext>
-
- All Known Implementing Classes:
JWSAlgorithmFamilyJWSKeySelector
,JWSVerificationKeySelector
,SingleKeyJWSKeySelector
public interface JWSKeySelector<C extends SecurityContext>
Interface for selecting key candidates for verifying a JSON Web Signature (JWS) object. Applications should utilise this interface or a similar framework to determine whether a received JWS object (or signed JWT) is eligible forverification
and further processing.The interface supports keys selection based on:
- Recognised header parameters referencing the key (e.g.
kid
,x5t
). - Additional
SecurityContext
, if required and set by the application (e.g. endpoint where the JWS object was received).
See JSON Web Signature (JWS), Appendix D. Notes on Key Selection for suggestions.
For a key selector for signed JWTs that also uses the claims set (e.g. issuer (
iss
) claim) seeJWTClaimsSetAwareJWSKeySelector
.Possible key types:
SecretKey
for HMAC keys.RSAPublicKey
public RSA keys.ECPublicKey
public EC keys.
- Version:
- 2016-06-21
- Author:
- Vladimir Dzhuvinov
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description List<? extends Key>
selectJWSKeys(JWSHeader header, C context)
Selects key candidates for verifying a JWS object.
-
-
-
Method Detail
-
selectJWSKeys
List<? extends Key> selectJWSKeys(JWSHeader header, C context) throws KeySourceException
Selects key candidates for verifying a JWS object.- Parameters:
header
- The header of the JWS object. Must not benull
.context
- Optional context of the JWS object,null
if not required.- Returns:
- The key candidates in trial order, empty list if none.
- Throws:
KeySourceException
- If a key sourcing exception is encountered, e.g. on remote JWK retrieval.
-
-