Package io.helidon.security.jwt

Class SignedJwt

java.lang.Object

io.helidon.security.jwt.SignedJwt

public class SignedJwt
extends java.lang.Object

The JWT used to transfer content across network - e.g. the base64 parts concatenated with a dot.

Method Summary

Modifier and Type	Method and Description
Jwt	getJwt() Return a Jwt instance from this signed JWT.
byte[]	getSignature()
byte[]	getSignedBytes()
java.lang.String	getTokenContent()
static SignedJwt	parseToken(java.lang.String tokenContent) Parse a token received over network.
static SignedJwt	sign(Jwt jwt, Jwk jwk) Sign a jwt using an explicit jwk.
static SignedJwt	sign(Jwt jwt, JwkKeys jwks) Sign a jwt using a key obtained based on kid from JwkKeys.
Errors	verifySignature(JwkKeys keys) Verify signature against the provided keys (the kid of this JWT should be present in the JwkKeys provided).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

sign

public static SignedJwt sign(Jwt jwt,
                             JwkKeys jwks)
                      throws JwtException

Sign a jwt using a key obtained based on kid from JwkKeys. In case the kid is not provided and alg is none, Jwk.ALG_NONE is used - e.g. no signature is generated.

Parameters:

jwt - jwt to sign

jwks - keys to find the correct key to sign

Returns:

a new instance of this class with signature

Throws:

JwtException - in case the algorithm is missing, the algorithms of JWK and JWT do not match, or in case of other mis-matches

sign

public static SignedJwt sign(Jwt jwt,
                             Jwk jwk)
                      throws JwtException

Sign a jwt using an explicit jwk.

Parameters:

jwt - jwt to sign

jwk - key used to sign the JWT

Returns:

a new instance of this class with signature

Throws:

JwtException - in case the algorithm is missing, the algorithms of JWK and JWT do not match, or in case of other mis-matches

parseToken

public static SignedJwt parseToken(java.lang.String tokenContent)

Parse a token received over network. The expected content is header_base64.payload_base64.signature_base64 where base64 is base64 URL encoding. This method does NO validation of content at all, only validates that the content is correctly formatted:

• correct format of string (e.g. base64.base64.base64)
• each base64 part is actually base64 URL encoded
• header and payload are JSON objects

Parameters:

tokenContent - String with the token

Returns:

a signed JWT instance that can be used to obtain the instance and to verifySignature(JwkKeys) verify} the signature

Throws:

java.lang.RuntimeException - in case of invalid content, see Errors.ErrorMessagesException

getTokenContent

public java.lang.String getTokenContent()

getSignedBytes

public byte[] getSignedBytes()

getSignature

public byte[] getSignature()

getJwt

public Jwt getJwt()

Return a Jwt instance from this signed JWT.

Returns:

Jwt instance

Throws:

java.lang.RuntimeException - in case one of the fields has invalid content (e.g. timestamp is invalid)

verifySignature

public Errors verifySignature(JwkKeys keys)

Verify signature against the provided keys (the kid of this JWT should be present in the JwkKeys provided).

Parameters:

keys - JwkKeys to obtain a key to verify signature

Returns:

Errors with collected messages, see Errors.isValid() and Errors.checkValid()