Package com.nimbusds.jose.proc

Class JWSVerificationKeySelector<C extends SecurityContext>

java.lang.Object

com.nimbusds.jose.proc.JWSVerificationKeySelector<C>

All Implemented Interfaces:

JWSKeySelector<C>

@ThreadSafe
public class JWSVerificationKeySelector<C extends SecurityContext>
extends Object
implements JWSKeySelector<C>

Key selector for verifying JWS objects, where the key candidates are retrieved from a JSON Web Key (JWK) source.

Version:

2024-04-20

Author:

Vladimir Dzhuvinov, Marco Vermeulen

Constructor Summary

Constructors

Constructor	Description
JWSVerificationKeySelector(JWSAlgorithm jwsAlg, JWKSource<C> jwkSource)	Creates a new JWS verification key selector.
JWSVerificationKeySelector(Set<JWSAlgorithm> jwsAlgs, JWKSource<C> jwkSource)	Creates a new JWS verification key selector.

Method Summary

Modifier and Type	Method	Description
protected JWKMatcher	createJWKMatcher(JWSHeader jwsHeader)	Creates a JWK matcher for the expected JWS algorithm and the specified JWS header.
JWSAlgorithm	getExpectedJWSAlgorithm()	Deprecated. Use isAllowed(JWSAlgorithm) instead
JWKSource<C>	getJWKSource()	Returns the JWK source.
boolean	isAllowed(JWSAlgorithm jwsAlg)	Checks if a JWS algorithm is allowed for key selection.
List<Key>	selectJWSKeys(JWSHeader jwsHeader, C context)	Selects key candidates for verifying a JWS object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

JWSVerificationKeySelector

public JWSVerificationKeySelector(JWSAlgorithm jwsAlg,
 JWKSource<C> jwkSource)

Creates a new JWS verification key selector.

Parameters:

jwsAlg - The allowed JWS algorithm for the objects to be verified. Must not be null.

jwkSource - The JWK source. Must not be null.

JWSVerificationKeySelector

public JWSVerificationKeySelector(Set<JWSAlgorithm> jwsAlgs,
 JWKSource<C> jwkSource)

Creates a new JWS verification key selector.

Parameters:

jwsAlgs - The allowed JWS algorithms for the objects to be verified. Must not be empty or null.

jwkSource - The JWK source. Must not be null.

Method Details

isAllowed

public boolean isAllowed(JWSAlgorithm jwsAlg)

Checks if a JWS algorithm is allowed for key selection.

Parameters:

jwsAlg - The JWS algorithm to check.

Returns:

true if allowed, else false.

getExpectedJWSAlgorithm

@Deprecated
public JWSAlgorithm getExpectedJWSAlgorithm()

Deprecated.

Use isAllowed(JWSAlgorithm) instead

Returns the expected JWS algorithm.

Returns:

The expected JWS algorithm.

createJWKMatcher

protected JWKMatcher createJWKMatcher(JWSHeader jwsHeader)

Creates a JWK matcher for the expected JWS algorithm and the specified JWS header.

Parameters:

jwsHeader - The JWS header. Must not be null.

Returns:

The JWK matcher, null if none could be created.

selectJWSKeys

public List<Key> selectJWSKeys(JWSHeader jwsHeader,
 C context)
                        throws KeySourceException

Description copied from interface: JWSKeySelector

Selects key candidates for verifying a JWS object.

Specified by:

selectJWSKeys in interface JWSKeySelector<C extends SecurityContext>

Parameters:

jwsHeader - The header of the JWS object. Must not be null.

context - Optional context, null if not required.

Returns:

The key candidates in trial order, empty list if none.

Throws:

KeySourceException - If a key sourcing exception is encountered, e.g. on remote JWK retrieval.

getJWKSource

public JWKSource<C> getJWKSource()

Returns the JWK source.

Returns:

The JWK source.