Module io.inverno.mod.security.jose
Package io.inverno.mod.security.jose.internal

Class AbstractJOSEObjectReader<A,B extends JOSEHeader,C extends JOSEObject<A,B>,D extends AbstractJOSEObjectReader<A,B,C,D>>

java.lang.Object
io.inverno.mod.security.jose.internal.AbstractJOSEObjectReader<A,B,C,D>
Type Parameters:
A - the payload type
B - the JOSE header type
C - the JOSE object type
D - the JOSE object reader type
All Implemented Interfaces:
JOSEObjectReader<A,B,C,D>
Direct Known Subclasses:
GenericJWEReader, GenericJWSReader
public abstract class AbstractJOSEObjectReader<A,B extends JOSEHeader,C extends JOSEObject<A,B>,D extends AbstractJOSEObjectReader<A,B,C,D>> extends Object implements JOSEObjectReader<A,B,C,D>

Base JOSE object reader implementation.

Since:
1.5
Author:
Jeremy Kuhn

  • Field Details

    • mapper

      protected final com.fasterxml.jackson.databind.ObjectMapper mapper
      The object mapper.

    • dataConversionService

      protected final io.inverno.mod.security.jose.internal.converter.DataConversionService dataConversionService
      The data conversion service.

    • jwkService

      protected final JWKService jwkService
      The JWK service.

    • type

      protected final Type type
      The payload type.

    • keys

      protected final org.reactivestreams.Publisher<? extends JWK> keys
      The keys to consider to verify or decrypt JOSE objects

    • applicationProcessedParameters

      protected Set<String> applicationProcessedParameters
      The set of custom parameters processed by the application.

  • Constructor Details

    • AbstractJOSEObjectReader

      public AbstractJOSEObjectReader(com.fasterxml.jackson.databind.ObjectMapper mapper, io.inverno.mod.security.jose.internal.converter.DataConversionService dataConversionService, JWKService jwkService, Type type, org.reactivestreams.Publisher<? extends JWK> keys)

      Creates a JOSE object reader.

      Parameters:
      mapper - an object mapper
      dataConversionService - a data conversion service
      jwkService - a JWK service
      type - the expected payload type
      keys - the keys to consider to verify or decrypt JOSE objects

  • Method Details

    • processedParameters

      public D processedParameters(String... parameters)
      Description copied from interface: JOSEObjectReader

      Specifies the JOSE header custom parameters processed by the application.

      These parameters are expected to be present in the JOSE header, they are not processed by the reader but by the application reading the JOSE object. This enables the reader to check that the critical parameters set defined in the JOSE header actually contains parameters that are understood and processed by either the reader or the application.

      Specified by:
      processedParameters in interface JOSEObjectReader<A,B extends JOSEHeader,C extends JOSEObject<A,B>,D extends AbstractJOSEObjectReader<A,B,C,D>>
      Parameters:
      parameters - a list of parameters
      Returns:
      this reader

    • getProcessedParameters

      protected Set<String> getProcessedParameters()

      Returns the set of parameters processed by the reader.

      These basically corresponds to the registered parameters processed and understood by the expected JOSE header.

      Returns:
      a set of parameters

    • getKeys

      protected reactor.core.publisher.Flux<? extends JWK> getKeys(JOSEHeader header) throws JOSEObjectReadException

      Returns the keys to consider to verify or decrypt JOSE objects.

      Keys can be provided explicitly to the reader, in which case, only the keys that supports the algorithm specified in the parsed JOSE header will be retained to verify or decrypt JOSE objects otherwise the reader will try to resolve keys based on the parsed JOSE header and only retain the trusted keys, typically those resolved from the JWKStore, from a trusted KeyStore or from a valid certificate chain.

      The resulting publisher will fail if no key could be found.

      Parameters:
      header - the JOSE header
      Returns:
      a publisher of keys
      Throws:
      JOSEObjectReadException - if no suitable key could be found

    • checkHeader

      protected void checkHeader(B header) throws JOSEObjectReadException, JOSEProcessingException

      Verifies that the JOSE header is valid.

      This basically checks that:

      • the algorithm is not blank
      • Critical parameters set does not include registered parameters (see getProcessedParameters())
      • Critical parameters set does not include parameters not present in the custom parameters
      Parameters:
      header - the JOSE header
      Throws:
      JOSEObjectReadException - if the header is invalid
      JOSEProcessingException - if there was a JOSE processing error

    • checkCriticalParameters

      protected void checkCriticalParameters(Set<String> crit, JWA... jwas) throws JOSEObjectReadException, JOSEProcessingException

      Verifies that all parameters in the critical parameters set are understood and processed either by the reader (see getProcessedParameters()) or the application (see processedParameters(java.lang.String...)).

      The set of processed parameters is composed of the parameters processed by the reader (see getProcessedParameters(), the parameters processed by the JSON Web Algorithms used to verify or decrypt JOSE objects and the parameters processed by the application (see processedParameters(java.lang.String...)).

      Parameters:
      crit - the critical parameters set
      jwas - the list of JSON Web Algorithms used to verify or decrypt the JOSE object
      Throws:
      JOSEObjectReadException - if critical parameters set is invalid (i.e. it contains ununderstood and unprocessed parameters)
      JOSEProcessingException - if there was a JOSE processing error

    • getPayloadDecoder

      protected Function<String,reactor.core.publisher.Mono<A>> getPayloadDecoder(Function<String,reactor.core.publisher.Mono<A>> overridingPayloadDecoder, String overridingContentType, JOSEHeader header) throws JOSEObjectReadException, JOSEProcessingException

      Returns the payload decoder to use to deserialize the payload.

      This method first considers the overriding payload decoder which is returned if present. Then the overriding content type is used if present to resolve the media type converter to use. Finally the payload content type in the parsed JOSE header is considered to resolve the media type converter to use.

      Parameters:
      overridingPayloadDecoder - the overriding payload decoder
      overridingContentType - the overriding payload media type
      header - the JOSE header
      Returns:
      a payload decoder
      Throws:
      JOSEObjectReadException - if no payload encoder could have been resolved
      JOSEProcessingException - if there was a JOSE processing error