Package io.dialob.security.aws.elb

Class ElbJWKSource<C extends com.nimbusds.jose.proc.SecurityContext>

java.lang.Object

io.dialob.security.aws.elb.ElbJWKSource<C>

All Implemented Interfaces:

com.nimbusds.jose.jwk.source.JWKSource<C>

@ThreadSafe
public class ElbJWKSource<C extends com.nimbusds.jose.proc.SecurityContext>
extends Object
implements com.nimbusds.jose.jwk.source.JWKSource<C>

Remote JSON Web Key (JWK) source specified by a JWK set URL. The retrieved JWK set is cached to minimise network calls. The cache is updated whenever the key selector tries to get a key with an unknown ID.

Version:

2018-10-28

Author:

Vladimir Dzhuvinov

Field Summary

Fields

Modifier and Type	Field	Description
static int	DEFAULT_HTTP_CONNECT_TIMEOUT	The default HTTP connect timeout for JWK set retrieval, in milliseconds.
static int	DEFAULT_HTTP_READ_TIMEOUT	The default HTTP read timeout for JWK set retrieval, in milliseconds.
static int	DEFAULT_HTTP_SIZE_LIMIT	The default HTTP entity size limit for JWK set retrieval, in bytes.

Constructor Summary

Constructors

Constructor	Description
ElbJWKSource(String jwkSetUriTemplate)	Creates a new remote JWK set using the default HTTP resource retriever, with a HTTP connect timeout set to 250 ms, HTTP read timeout set to 250 ms and a 50 KByte size limit.
ElbJWKSource(String jwkSetUriTemplate, com.nimbusds.jose.util.ResourceRetriever resourceRetriever)	Creates a new remote JWK set.
ElbJWKSource(String jwkSetUriTemplate, com.nimbusds.jose.util.ResourceRetriever resourceRetriever, com.nimbusds.jose.jwk.source.JWKSetCache jwkSetCache)	Creates a new remote JWK set.

Method Summary

Modifier and Type	Method	Description
List<com.nimbusds.jose.jwk.JWK>	get(com.nimbusds.jose.jwk.JWKSelector jwkSelector, C context)	The security context is ignored.
com.nimbusds.jose.jwk.JWKSet	getCachedJWKSet()	Returns the cached JWK set.
protected static String	getFirstSpecifiedKeyID(com.nimbusds.jose.jwk.JWKMatcher jwkMatcher)	Returns the first specified key ID (kid) for a JWK matcher.
com.nimbusds.jose.jwk.source.JWKSetCache	getJWKSetCache()	Returns the configured JWK set cache.
org.springframework.web.util.UriTemplate	getJWKSetUriTemplate()	Returns the JWK set URL.
com.nimbusds.jose.util.ResourceRetriever	getResourceRetriever()	Returns the HTTP resource retriever.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_HTTP_CONNECT_TIMEOUT

public static final int DEFAULT_HTTP_CONNECT_TIMEOUT

The default HTTP connect timeout for JWK set retrieval, in milliseconds. Set to 500 milliseconds.

See Also:

Constant Field Values

DEFAULT_HTTP_READ_TIMEOUT

public static final int DEFAULT_HTTP_READ_TIMEOUT

The default HTTP read timeout for JWK set retrieval, in milliseconds. Set to 500 milliseconds.

See Also:

Constant Field Values

DEFAULT_HTTP_SIZE_LIMIT

public static final int DEFAULT_HTTP_SIZE_LIMIT

The default HTTP entity size limit for JWK set retrieval, in bytes. Set to 50 KBytes.

See Also:

Constant Field Values

Constructor Detail

ElbJWKSource

public ElbJWKSource(String jwkSetUriTemplate)

Creates a new remote JWK set using the default HTTP resource retriever, with a HTTP connect timeout set to 250 ms, HTTP read timeout set to 250 ms and a 50 KByte size limit.

Parameters:

jwkSetUriTemplate - The JWK set URL. Must not be null.

ElbJWKSource

public ElbJWKSource(String jwkSetUriTemplate,
                    com.nimbusds.jose.util.ResourceRetriever resourceRetriever)

Creates a new remote JWK set.

Parameters:

jwkSetUriTemplate - The JWK set URL. Must not be null.

resourceRetriever - The HTTP resource retriever to use, null to use the default one.

ElbJWKSource

public ElbJWKSource(String jwkSetUriTemplate,
                    com.nimbusds.jose.util.ResourceRetriever resourceRetriever,
                    com.nimbusds.jose.jwk.source.JWKSetCache jwkSetCache)

Creates a new remote JWK set.

Parameters:

jwkSetUriTemplate - The JWK set URL. Must not be null.

resourceRetriever - The HTTP resource retriever to use, null to use the default one.

jwkSetCache - The JWK set cache to use, null to use the default one.

Method Detail

getJWKSetUriTemplate

public org.springframework.web.util.UriTemplate getJWKSetUriTemplate()

Returns the JWK set URL.

Returns:

The JWK set URL.

getResourceRetriever

public com.nimbusds.jose.util.ResourceRetriever getResourceRetriever()

Returns the HTTP resource retriever.

Returns:

The HTTP resource retriever.

getJWKSetCache

public com.nimbusds.jose.jwk.source.JWKSetCache getJWKSetCache()

Returns the configured JWK set cache.

Returns:

The JWK set cache.

getCachedJWKSet

public com.nimbusds.jose.jwk.JWKSet getCachedJWKSet()

Returns the cached JWK set.

Returns:

The cached JWK set, null if none or expired.

getFirstSpecifiedKeyID

protected static String getFirstSpecifiedKeyID(com.nimbusds.jose.jwk.JWKMatcher jwkMatcher)

Returns the first specified key ID (kid) for a JWK matcher.

Parameters:

jwkMatcher - The JWK matcher. Must not be null.

Returns:

The first key ID, null if none.

get

public List<com.nimbusds.jose.jwk.JWK> get(com.nimbusds.jose.jwk.JWKSelector jwkSelector,
                                           C context)
                                    throws com.nimbusds.jose.KeySourceException

The security context is ignored.

Specified by:

get in interface com.nimbusds.jose.jwk.source.JWKSource<C extends com.nimbusds.jose.proc.SecurityContext>

Throws:

com.nimbusds.jose.KeySourceException