Class DefaultJOSEProcessor<C extends SecurityContext>
- All Implemented Interfaces:
ConfigurableJOSEProcessor<C>
,JOSEProcessor<C>
,JOSEProcessorConfiguration<C>
unsecured
(plain), JWS
and
JWE
objects.
Must be configured with the following:
- To verify JWS objects: A
JWS key selector
using the header to suggest key candidate(s) for the signature verification. The key selection procedure is application-specific and may involve key ID lookup, a certificate check and / or somecontext
. - To decrypt JWE objects: A
JWE key selector
using the header to suggest key candidate(s) for decryption. The key selection procedure is application-specific and may involve key ID lookup, a certificate check and / or somecontext
.
An optional context
parameter is available to
facilitate passing of additional data between the caller and the underlying
selector of key candidates (in both directions).
See sections 6 of RFC 7515 (JWS) and RFC 7516 (JWE) for guidelines on key selection.
This processor is configured with a standard header "typ" (type)
parameter verifier
which expects
the JWS, JWE and plain (unsecured) objects to have the type header omitted
or set to JOSE
. To accept other "typ" values
pass an appropriately configured JWS and / or JWE
type verifier
.
This processor comes with the default JWS verifier factory
and the default JWE decrypter factory
; they can construct verifiers / decrypters for all
standard JOSE algorithms implemented by the library.
Note that for security reasons this processor is hardwired to reject
unsecured (plain) JOSE objects. Override the process(PlainObject, SecurityContext)
method if you need to handle unsecured JOSE objects.
To process JSON Web Tokens (JWTs) use the
DefaultJWTProcessor
class.
- Version:
- 2019-10-15
- Author:
- Vladimir Dzhuvinov
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionGets the factory for creating JWE decrypter instances.Gets the JWE key selector.Gets the JWE header "typ" (type) parameter verifier.Gets the JWS key selector.Gets the JWS header "typ" (type) parameter verifier.Gets the factory for creating JWS verifier instances.process
(JOSEObject joseObject, C context) Processes the specified JOSE object (unsecured, JWS or JWE).Processes the specified JWE object by decrypting it.Processes the specified JWS object by verifying its signature.process
(PlainObject plainObject, C context) Processes the specified unsecured (plain) JOSE object, typically by checking its context.Parses and processes the specified JOSE object (unsecured, JWS or JWE).void
Sets the factory for creating JWE decrypter instances.void
setJWEKeySelector
(JWEKeySelector<C> jweKeySelector) Sets the JWE key selector.void
setJWETypeVerifier
(JOSEObjectTypeVerifier<C> jweTypeVerifier) Sets the JWE header "typ" (type) parameter verifier.void
setJWSKeySelector
(JWSKeySelector<C> jwsKeySelector) Sets the JWS key selector.void
setJWSTypeVerifier
(JOSEObjectTypeVerifier<C> jwsTypeVerifier) Sets the JWS header "typ" (type) parameter verifier.void
setJWSVerifierFactory
(JWSVerifierFactory factory) Sets the factory for creating JWS verifier instances.
-
Constructor Details
-
DefaultJOSEProcessor
public DefaultJOSEProcessor()
-
-
Method Details
-
getJWSTypeVerifier
Description copied from interface:JOSEProcessorConfiguration
Gets the JWS header "typ" (type) parameter verifier. This verifier is also applied to plain (unsecured) JOSE objects. If none JWS and plain objects will be rejected.- Specified by:
getJWSTypeVerifier
in interfaceJOSEProcessorConfiguration<C extends SecurityContext>
- Returns:
- The JWS type verifier,
null
if not specified.
-
setJWSTypeVerifier
Description copied from interface:JOSEProcessorConfiguration
Sets the JWS header "typ" (type) parameter verifier. This verifier is also applied to plain (unsecured) JOSE objects. If none JWS and plain objects will be rejected.- Specified by:
setJWSTypeVerifier
in interfaceJOSEProcessorConfiguration<C extends SecurityContext>
- Parameters:
jwsTypeVerifier
- The JWS type verifier,null
if not specified.
-
getJWSKeySelector
Description copied from interface:JOSEProcessorConfiguration
Gets the JWS key selector. If none JWS objects will be rejected.- Specified by:
getJWSKeySelector
in interfaceJOSEProcessorConfiguration<C extends SecurityContext>
- Returns:
- The JWS key selector,
null
if not specified.
-
setJWSKeySelector
Description copied from interface:JOSEProcessorConfiguration
Sets the JWS key selector. If none JWS objects will be rejected.- Specified by:
setJWSKeySelector
in interfaceJOSEProcessorConfiguration<C extends SecurityContext>
- Parameters:
jwsKeySelector
- The JWS key selector,null
if not specified.
-
getJWETypeVerifier
Description copied from interface:JOSEProcessorConfiguration
Gets the JWE header "typ" (type) parameter verifier. If none JWE objects will be rejected.- Specified by:
getJWETypeVerifier
in interfaceJOSEProcessorConfiguration<C extends SecurityContext>
- Returns:
- The JWE verifier,
null
if not specified.
-
setJWETypeVerifier
Description copied from interface:JOSEProcessorConfiguration
Sets the JWE header "typ" (type) parameter verifier. If none JWE objects will be rejected.- Specified by:
setJWETypeVerifier
in interfaceJOSEProcessorConfiguration<C extends SecurityContext>
- Parameters:
jweTypeVerifier
- The JWE type verifier,null
if not specified.
-
getJWEKeySelector
Description copied from interface:JOSEProcessorConfiguration
Gets the JWE key selector. If none JWE objects will be rejected.- Specified by:
getJWEKeySelector
in interfaceJOSEProcessorConfiguration<C extends SecurityContext>
- Returns:
- The JWE key selector,
null
if not specified.
-
setJWEKeySelector
Description copied from interface:JOSEProcessorConfiguration
Sets the JWE key selector. If none JWE objects will be rejected.- Specified by:
setJWEKeySelector
in interfaceJOSEProcessorConfiguration<C extends SecurityContext>
- Parameters:
jweKeySelector
- The JWE key selector,null
if not specified.
-
getJWSVerifierFactory
Description copied from interface:JOSEProcessorConfiguration
Gets the factory for creating JWS verifier instances. If none JWS objects will be rejected.- Specified by:
getJWSVerifierFactory
in interfaceJOSEProcessorConfiguration<C extends SecurityContext>
- Returns:
- The JWS verifier factory,
null
if not specified.
-
setJWSVerifierFactory
Description copied from interface:JOSEProcessorConfiguration
Sets the factory for creating JWS verifier instances. If none JWS objects will be rejected.- Specified by:
setJWSVerifierFactory
in interfaceJOSEProcessorConfiguration<C extends SecurityContext>
- Parameters:
factory
- The JWS verifier factory,null
if not specified.
-
getJWEDecrypterFactory
Description copied from interface:JOSEProcessorConfiguration
Gets the factory for creating JWE decrypter instances. If none JWE objects will be rejected.- Specified by:
getJWEDecrypterFactory
in interfaceJOSEProcessorConfiguration<C extends SecurityContext>
- Returns:
- The JWE decrypter factory,
null
if not specified.
-
setJWEDecrypterFactory
Description copied from interface:JOSEProcessorConfiguration
Sets the factory for creating JWE decrypter instances. If none JWE objects will be rejected.- Specified by:
setJWEDecrypterFactory
in interfaceJOSEProcessorConfiguration<C extends SecurityContext>
- Parameters:
factory
- The JWE decrypter factory,null
if not specified.
-
process
public Payload process(String compactJOSE, C context) throws ParseException, BadJOSEException, JOSEException Description copied from interface:JOSEProcessor
Parses and processes the specified JOSE object (unsecured, JWS or JWE).- Specified by:
process
in interfaceJOSEProcessor<C extends SecurityContext>
- Parameters:
compactJOSE
- The JOSE object, compact-encoded to a URL-safe string. Must not benull
.context
- Optional context,null
if not required.- Returns:
- The payload on success.
- Throws:
ParseException
- If the string couldn't be parsed to a valid JOSE object.BadJOSEException
- If the JOSE object is rejected.JOSEException
- If an internal processing exception is encountered.
-
process
Description copied from interface:JOSEProcessor
Processes the specified JOSE object (unsecured, JWS or JWE).- Specified by:
process
in interfaceJOSEProcessor<C extends SecurityContext>
- Parameters:
joseObject
- The JOSE object. Must not benull
.context
- Optional context,null
if not required.- Returns:
- The payload on success.
- Throws:
BadJOSEException
- If the JOSE object is rejected.JOSEException
- If an internal processing exception is encountered.
-
process
Description copied from interface:JOSEProcessor
Processes the specified unsecured (plain) JOSE object, typically by checking its context.- Specified by:
process
in interfaceJOSEProcessor<C extends SecurityContext>
- Parameters:
plainObject
- The unsecured (plain) JOSE object. Notnull
.context
- Optional context,null
if not required.- Returns:
- The payload on success.
- Throws:
BadJOSEException
- If the unsecured (plain) JOSE object is rejected.
-
process
Description copied from interface:JOSEProcessor
Processes the specified JWS object by verifying its signature. The key candidate(s) are selected by examining the JWS header and / or the message context.- Specified by:
process
in interfaceJOSEProcessor<C extends SecurityContext>
- Parameters:
jwsObject
- The JWS object. Notnull
.context
- Optional context,null
if not required.- Returns:
- The payload on success.
- Throws:
BadJOSEException
- If the JWS object is rejected, typically due to a bad signature.JOSEException
- If an internal processing exception is encountered.
-
process
Description copied from interface:JOSEProcessor
Processes the specified JWE object by decrypting it. The key candidate(s) are selected by examining the JWS header and / or the message context.- Specified by:
process
in interfaceJOSEProcessor<C extends SecurityContext>
- Parameters:
jweObject
- The JWE object. Notnull
.context
- Optional context,null
if not required.- Returns:
- The payload on success.
- Throws:
BadJOSEException
- If the JWE object is rejected, typically due to failed decryption.JOSEException
- If an internal processing exception is encountered.
-