Module io.inverno.mod.security.jose
Package io.inverno.mod.security.jose.internal

Class AbstractJOSEHeader<A extends AbstractJOSEHeader<A>>

java.lang.Object
io.inverno.mod.security.jose.internal.AbstractJOSEHeader<A>
Type Parameters:
A - the JOSE header type
All Implemented Interfaces:
JOSEHeader, JOSEHeaderConfigurator<A>
Direct Known Subclasses:
GenericJWEHeader, GenericJWSHeader
public abstract class AbstractJOSEHeader<A extends AbstractJOSEHeader<A>> extends Object implements JOSEHeader, JOSEHeaderConfigurator<A>

Base JOSE Header implementation.

It processes the following parameters: alg, jku, jwk, kid, x5u, x5c, x5t, x5t#S256, typ, cty, crit

Since:
1.5
Author:
Jeremy Kuhn
See Also:

  • Field Details

  • Constructor Details

    • AbstractJOSEHeader

      public AbstractJOSEHeader()

      Creates a JOSE header.

    • AbstractJOSEHeader

      public AbstractJOSEHeader(String alg)

      Creates a JOSE header with the specified algorithm.

      Parameters:
      alg - a JWA algorithm

  • Method Details

    • setEncoded

      public void setEncoded(String encoded)

      Sets the encoded header as Base64URL.

      Parameters:
      encoded - the Base64URL encoded header

    • getEncoded

      public String getEncoded()
      Description copied from interface: JOSEHeader

      Returns the header encoded as Base64URL.

      Specified by:
      getEncoded in interface JOSEHeader
      Returns:
      the Base64URL encoded header without padding

    • getProcessedParameters

      public Set<String> getProcessedParameters()

      Returns the parameters processed by the JOSE header.

      Returns:
      a set of processed parameters

    • getAlgorithm

      public String getAlgorithm()
      Description copied from interface: JOSEHeader

      Returns the cryptographic algorithm used to secure the JOSE object.

      Depending on the type of JOSE object considered, it might designate a signature or a key management algorithm.

      Specified by:
      getAlgorithm in interface JOSEHeader
      Returns:
      a JWA algorithm

    • getJWKSetURL

      public URI getJWKSetURL()
      Description copied from interface: JOSEHeader

      Returns the JWK Set URL.

      This URL points to a set of JSON-encoded public keys, one of which corresponds to the key used to secure the JOSE object.

      Specified by:
      getJWKSetURL in interface JOSEHeader
      Returns:
      a URL or null

    • getJWK

      public Map<String,Object> getJWK()
      Description copied from interface: JOSEHeader

      Returns the public JWK that corresponds to the key used to secure the JOSE object.

      Specified by:
      getJWK in interface JOSEHeader
      Returns:
      a JWK or null

    • getKeyId

      public String getKeyId()
      Description copied from interface: JOSEHeader

      Returns the id of the key that was used to secure the JOSE object.

      Specified by:
      getKeyId in interface JOSEHeader
      Returns:
      a key id or null

    • getX509CertificateURL

      public URI getX509CertificateURL()
      Description copied from interface: JOSEHeader

      Returns the URL of the X.509 certificate or certificates chain that corresponds to the key that was used to secure the JOSE object.

      The certificates chain located at the URL must be in PEM format. The certificate containing the public key corresponding to the key that was used to secure the JOSE object must be the first certificate in the chain.

      Specified by:
      getX509CertificateURL in interface JOSEHeader
      Returns:
      a URL or null

    • getX509CertificateChain

      public String[] getX509CertificateChain()
      Description copied from interface: JOSEHeader

      Returns the X.509 certificates chain that corresponds to the key that was used to secure the JOSE object.

      The certificates chain is represented as an array of Base64URL encoded DER PKIX certificates. The certificate containing the public key corresponding to the key that was used to secure the JOSE object must be the first certificate in the chain.

      Specified by:
      getX509CertificateChain in interface JOSEHeader
      Returns:
      a certificates chain or null

    • getX509CertificateSHA1Thumbprint

      public String getX509CertificateSHA1Thumbprint()
      Description copied from interface: JOSEHeader

      Returns the X.509 SHA1 thumbprint of the certificate that corresponds to the key that was used to secure the JOSE object.

      Specified by:
      getX509CertificateSHA1Thumbprint in interface JOSEHeader
      Returns:
      an X.509 SHA1 thumbprint or null

    • getX509CertificateSHA256Thumbprint

      public String getX509CertificateSHA256Thumbprint()
      Description copied from interface: JOSEHeader

      Returns the X.509 SHA256 thumbprint of the certificate that corresponds to the key that was used to secure the JOSE object.

      Specified by:
      getX509CertificateSHA256Thumbprint in interface JOSEHeader
      Returns:
      an X.509 SHA256 thumbprint or null

    • getType

      public String getType()
      Description copied from interface: JOSEHeader

      Returns the media type of the complete JOSE object.

      To keep messages compact in common situations, the application/ prefix of a media type can be omitted when no other / appears in the value.

      Specified by:
      getType in interface JOSEHeader
      Returns:
      a media type or null

    • getContentType

      public String getContentType()
      Description copied from interface: JOSEHeader

      Returns the media type of the JOSE object payload.

      To keep messages compact in common situations, the application/ prefix of a media type can be omitted when no other / appears in the value.

      Specified by:
      getContentType in interface JOSEHeader
      Returns:
      a media type or null

    • getCritical

      public Set<String> getCritical()
      Description copied from interface: JOSEHeader

      Returns the set of custom parameters that must be understood and processed.

      Critical parameters are not registered JOSE header parameters and they are present in header's custom parameters.

      Specified by:
      getCritical in interface JOSEHeader
      Returns:
      a set of custom parameters or null

    • getCustomParameters

      public Map<String,Object> getCustomParameters()
      Description copied from interface: JOSEHeader

      Returns the map of custom parameters.

      Specified by:
      getCustomParameters in interface JOSEHeader
      Returns:
      a map of custom parameters

    • setKey

      public void setKey(JWK key)

      Sets the actual key that was used to secure the JOSE object.

      Parameters:
      key - a JWK

    • getKey

      public JWK getKey()
      Description copied from interface: JOSEHeader

      Returns the actual key that was used to secure the JOSE object.

      Depending on the context it may refer to the private key that was used to sign/encrypt the JOSE object or to the public key that was used to verify/decrypt the JOSE object.

      Specified by:
      getKey in interface JOSEHeader
      Returns:
      a JWK

    • algorithm

      public A algorithm(String alg)
      Description copied from interface: JOSEHeaderConfigurator

      specifies the cryptographic algorithm to use to secure the JOSE object.

      Depending on the type of JOSE object to build, it might designate a signature or a key management algorithm.

      Specified by:
      algorithm in interface JOSEHeaderConfigurator<A extends AbstractJOSEHeader<A>>
      Parameters:
      alg - a JWA algorithm
      Returns:
      this builder

    • jwkSetURL

      public A jwkSetURL(URI jku)
      Description copied from interface: JOSEHeaderConfigurator

      Specifies the JWK Set URL that contains the key to use to secure the JOSE object.

      The URL must points to a set of JSON-encoded public keys.

      Specified by:
      jwkSetURL in interface JOSEHeaderConfigurator<A extends AbstractJOSEHeader<A>>
      Parameters:
      jku - the JWK Set URL
      Returns:
      this builder

    • jwk

      public A jwk(Map<String,Object> jwk)
      Description copied from interface: JOSEHeaderConfigurator

      Specifies the JWK to use to secure the JOSE object.

      It is represented as a map to comply with the JOSE object definition, the builder eventually tries to resolve an actual JWK based on these parameters.

      Specified by:
      jwk in interface JOSEHeaderConfigurator<A extends AbstractJOSEHeader<A>>
      Parameters:
      jwk - a JWK as a map
      Returns:
      this builder

    • keyId

      public A keyId(String kid)
      Description copied from interface: JOSEHeaderConfigurator

      Specifies the id of the key to use to secure the JOSE object.

      Specified by:
      keyId in interface JOSEHeaderConfigurator<A extends AbstractJOSEHeader<A>>
      Parameters:
      kid - a key id
      Returns:
      this builder

    • x509CertificateURL

      public A x509CertificateURL(URI x5u)
      Description copied from interface: JOSEHeaderConfigurator

      Specifies the URL of the X.509 certificate or certificates chain that corresponds to the key to use to secure the JOSE object.

      The certificates chain located at the URL must be in PEM format. The first certificate in the chain must correspond to the key to use to secure the JOSE object.

      Specified by:
      x509CertificateURL in interface JOSEHeaderConfigurator<A extends AbstractJOSEHeader<A>>
      Parameters:
      x5u - a URL
      Returns:
      this builder

    • x509CertificateChain

      public A x509CertificateChain(String[] x5c)
      Description copied from interface: JOSEHeaderConfigurator

      Specifies the X.509 certificates chain that corresponds to the key to use to secure the JOSE object.

      The certificates chain must be represented as an array of Base64URL encoded DER PKIX certificates. The first certificate in the chain must correspond to the key to use to secure the JOSE object.

      Specified by:
      x509CertificateChain in interface JOSEHeaderConfigurator<A extends AbstractJOSEHeader<A>>
      Parameters:
      x5c - a certificates chain
      Returns:
      this builder

    • x509CertificateSHA1Thumbprint

      public A x509CertificateSHA1Thumbprint(String x5t)
      Description copied from interface: JOSEHeaderConfigurator

      Specifies the X.509 SHA1 thumbprint of the certificate that corresponds to the key to use to secure the JOSE object.

      Specified by:
      x509CertificateSHA1Thumbprint in interface JOSEHeaderConfigurator<A extends AbstractJOSEHeader<A>>
      Parameters:
      x5t - an X.509 SHA1 thumbprint
      Returns:
      this builder

    • x509CertificateSHA256Thumbprint

      public A x509CertificateSHA256Thumbprint(String x5t_S256)
      Description copied from interface: JOSEHeaderConfigurator

      Specifies the X.509 SHA256 thumbprint of the certificate that corresponds to the key to use to secure the JOSE object.

      Specified by:
      x509CertificateSHA256Thumbprint in interface JOSEHeaderConfigurator<A extends AbstractJOSEHeader<A>>
      Parameters:
      x5t_S256 - an X.509 SHA256 thumbprint
      Returns:
      this builder

    • type

      public A type(String typ)
      Description copied from interface: JOSEHeaderConfigurator

      Specifies the media type of the complete JOSE object.

      To keep messages compact in common situations, the application/ prefix of a media type can be omitted when no other / appears in the value.

      Specified by:
      type in interface JOSEHeaderConfigurator<A extends AbstractJOSEHeader<A>>
      Parameters:
      typ - a media type
      Returns:
      this builder

    • contentType

      public A contentType(String cty)
      Description copied from interface: JOSEHeaderConfigurator

      Specifies the media type of the JOSE object payload.

      To keep messages compact in common situations, the application/ prefix of a media type can be omitted when no other / appears in the value.

      The builder might use this media type to determine how to serialize/deserialize a JOSE object payload.

      Specified by:
      contentType in interface JOSEHeaderConfigurator<A extends AbstractJOSEHeader<A>>
      Parameters:
      cty - a media type
      Returns:
      this builder

    • critical

      public A critical(String... crit)
      Description copied from interface: JOSEHeaderConfigurator

      Specifies the set of custom parameters that must be understood and processed.

      Critical parameters can not be registered JOSE header parameters and they must be present in header's custom parameters.

      Specified by:
      critical in interface JOSEHeaderConfigurator<A extends AbstractJOSEHeader<A>>
      Parameters:
      crit - a set of custom parameters
      Returns:
      this builder

    • addCustomParameter

      public A addCustomParameter(String key, Object value)
      Description copied from interface: JOSEHeaderConfigurator

      Specifies a custom parameter to add to the header.

      Specified by:
      addCustomParameter in interface JOSEHeaderConfigurator<A extends AbstractJOSEHeader<A>>
      Parameters:
      key - the custom parameter name
      value - the custom parameter value
      Returns:
      this builder

    • hashCode

      public int hashCode()
      Specified by:
      hashCode in interface JOSEHeader
      Overrides:
      hashCode in class Object

    • equals

      public boolean equals(Object obj)
      Specified by:
      equals in interface JOSEHeader
      Overrides:
      equals in class Object