Package com.nimbusds.jose.proc

Class JWSVerificationKeySelector<C extends SecurityContext>

  • All Implemented Interfaces:
    JWSKeySelector<C>
    @ThreadSafe
public class JWSVerificationKeySelector<C extends SecurityContext>
extends java.lang.Object
implements JWSKeySelector<C>
    Key selector for verifying JWS objects, where the key candidates are retrieved from a JSON Web Key (JWK) source.
    Version:
    2020-06-02
    Author:
    Vladimir Dzhuvinov, Marco Vermeulen

    • Constructor Detail

      • JWSVerificationKeySelector

        public JWSVerificationKeySelector​(JWSAlgorithm jwsAlg,
                                  JWKSource<C> jwkSource)
        Creates a new JWS verification key selector.
        Parameters:
        jwsAlg - The allowed JWS algorithm for the objects to be verified. Must not be null.
        jwkSource - The JWK source. Must not be null.

      • JWSVerificationKeySelector

        public JWSVerificationKeySelector​(java.util.Set<JWSAlgorithm> jwsAlgs,
                                  JWKSource<C> jwkSource)
        Creates a new JWS verification key selector.
        Parameters:
        jwsAlgs - The allowed JWS algorithms for the objects to be verified. Must not be empty or null.
        jwkSource - The JWK source. Must not be null.

    • Method Detail

      • isAllowed

        public boolean isAllowed​(JWSAlgorithm jwsAlg)
        Checks if a JWS algorithm is allowed for key selection.
        Parameters:
        jwsAlg - The JWS algorithm to check.
        Returns:
        true if allowed, else false.

      • getExpectedJWSAlgorithm

        @Deprecated
public JWSAlgorithm getExpectedJWSAlgorithm()
        Deprecated.
        Use isAllowed(JWSAlgorithm) instead
        Returns the expected JWS algorithm.
        Returns:
        The expected JWS algorithm.

      • createJWKMatcher

        protected JWKMatcher createJWKMatcher​(JWSHeader jwsHeader)
        Creates a JWK matcher for the expected JWS algorithm and the specified JWS header.
        Parameters:
        jwsHeader - The JWS header. Must not be null.
        Returns:
        The JWK matcher, null if none could be created.

      • selectJWSKeys

        public java.util.List<java.security.Key> selectJWSKeys​(JWSHeader jwsHeader,
                                                       C context)
                                                throws KeySourceException
        Description copied from interface: JWSKeySelector
        Selects key candidates for verifying a JWS object.
        Specified by:
        selectJWSKeys in interface JWSKeySelector<C extends SecurityContext>
        Parameters:
        jwsHeader - The header of the JWS object. Must not be null.
        context - Optional context of the JWS object, null if not required.
        Returns:
        The key candidates in trial order, empty list if none.
        Throws:
        KeySourceException - If a key sourcing exception is encountered, e.g. on remote JWK retrieval.

      • getJWKSource

        public JWKSource<C> getJWKSource()
        Returns the JWK source.
        Returns:
        The JWK source.