Module io.inverno.mod.security.jose

Package io.inverno.mod.security.jose.internal.jwk

Class AbstractX509JWKBuilder<A extends PublicKey,B extends PrivateKey,C extends X509JWK<A,B>,D extends AbstractX509JWKBuilder<A,B,C,D>>

java.lang.Object

io.inverno.mod.security.jose.internal.jwk.AbstractJWKBuilder<C,D>

io.inverno.mod.security.jose.internal.jwk.AbstractX509JWKBuilder<A,B,C,D>

Type Parameters:

A - the public key type

B - the private key type

C - the X.509 JWK type

D - the X.509 JWK builder type

All Implemented Interfaces:

JWKBuilder<C,D>, X509JWKBuilder<A,B,C,D>, Cloneable

Direct Known Subclasses:

AbstractOKPJWKBuilder, GenericECJWKBuilder, GenericRSAJWKBuilder

public abstract class AbstractX509JWKBuilder<A extends PublicKey,B extends PrivateKey,C extends X509JWK<A,B>,D extends AbstractX509JWKBuilder<A,B,C,D>>
extends AbstractJWKBuilder<C,D>
implements X509JWKBuilder<A,B,C,D>

Base X.509 JSON Web Key builder implementation.

Since:

1.5

Author:

Jeremy Kuhn

Field Summary

Fields

Modifier and Type	Field	Description
protected X509Certificate	certificate	The underlying certificate.
protected final X509JWKCertPathValidator	certPathValidator	The X.509 Certificate path validator
protected boolean	keyTrusted	Indicates whether the built JWK can be trusted.
protected final JWKURLResolver	urlResolver	The JWK URL resolver.
protected String[]	x5c	The X.509 Certificate Chain parameter as defined by RFC7517 Section 4.7.
protected String	x5t	The X.509 Certificate SHA-1 Thumbprint parameter as defined by RFC7517 Section 4.8.
protected String	x5t_S256	The X.509 Certificate SHA-256 Thumbprint parameter as defined by RFC7517 Section 4.9.
protected URI	x5u	The X.509 URL parameter as defined by RFC7517 Section 4.6.

Fields inherited from class io.inverno.mod.security.jose.internal.jwk.AbstractJWKBuilder

alg, configuration, jwkStore, key, key_ops, keyResolver, kid, use

Constructor Summary

Constructors

Constructor	Description
AbstractX509JWKBuilder(JOSEConfiguration configuration, JWKStore jwkStore, JWKKeyResolver keyResolver, JWKURLResolver urlResolver, X509JWKCertPathValidator certPathValidator)	Creates an X.509 JWK builder.
AbstractX509JWKBuilder(JOSEConfiguration configuration, JWKStore jwkStore, JWKKeyResolver keyResolver, JWKURLResolver urlResolver, X509JWKCertPathValidator certPathValidator, Map<String,Object> parameters)	Creates an X.509 JWK builder initialized with the specified parameters map.

Method Summary

Modifier and Type	Method	Description
protected reactor.core.publisher.Mono<Void>	resolve()	Resolves the JWK to build.
protected reactor.core.publisher.Mono<Void>	resolveCertificate(X509Certificate certificate)	Resolves the specified certificate into the builder.
protected reactor.core.publisher.Mono<JWK>	resolveFromJWKStore()	Tries to resolve the JWK from the JWK store.
protected void	set(String name, Object value)	Sets the specified parameter into the builder.
D	x509CertificateChain(String[] x5c)	specifies the X.509 certificates chain.
D	x509CertificateSHA1Thumbprint(String x5t)	Specifies the X.509 certificate SHA1 thumbprint.
D	x509CertificateSHA256Thumbprint(String x5t_S256)	Specifies the X.509 certificate SHA256 thumbprint.
D	x509CertificateURL(URI x5u)	Specifies the X.509 certificate or certificates chain URL.

Methods inherited from class io.inverno.mod.security.jose.internal.jwk.AbstractJWKBuilder

algorithm, build, doBuild, keyId, keyOperations, publicKeyUse, resolveKey

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.inverno.mod.security.jose.jwk.JWKBuilder

algorithm, build, keyId, keyOperations, publicKeyUse

Field Details

urlResolver

protected final JWKURLResolver urlResolver

The JWK URL resolver.

certPathValidator

protected final X509JWKCertPathValidator certPathValidator

The X.509 Certificate path validator

x5u

protected URI x5u

The X.509 URL parameter as defined by RFC7517 Section 4.6.

x5c

protected String[] x5c

The X.509 Certificate Chain parameter as defined by RFC7517 Section 4.7.

x5t

protected String x5t

The X.509 Certificate SHA-1 Thumbprint parameter as defined by RFC7517 Section 4.8.

x5t_S256

protected String x5t_S256

The X.509 Certificate SHA-256 Thumbprint parameter as defined by RFC7517 Section 4.9.

keyTrusted

protected volatile boolean keyTrusted

Indicates whether the built JWK can be trusted.

certificate

protected volatile X509Certificate certificate

The underlying certificate.

Constructor Details

AbstractX509JWKBuilder

public AbstractX509JWKBuilder(JOSEConfiguration configuration,
 JWKStore jwkStore,
 JWKKeyResolver keyResolver,
 JWKURLResolver urlResolver,
 X509JWKCertPathValidator certPathValidator)

Creates an X.509 JWK builder.

Parameters:

configuration - the JOSE module configuration

jwkStore - a JWK store

keyResolver - a JWK key resolver

urlResolver - a JWK URL resolver

certPathValidator - an X.509 certificate path validator

AbstractX509JWKBuilder

public AbstractX509JWKBuilder(JOSEConfiguration configuration,
 JWKStore jwkStore,
 JWKKeyResolver keyResolver,
 JWKURLResolver urlResolver,
 X509JWKCertPathValidator certPathValidator,
 Map<String,Object> parameters)
                       throws JWKReadException

Creates an X.509 JWK builder initialized with the specified parameters map.

Parameters:

configuration - the JOSE module configuration

jwkStore - a JWK store

keyResolver - a JWK key resolver

urlResolver - a JWK URL resolver

certPathValidator - an X.509 certificate path validator

parameters - a parameters map used to initialize the builder

Throws:

JWKReadException - if there was an error reading the parameters map

Method Details

set

protected void set(String name,
 Object value)
            throws JWKReadException

Sets the specified parameter into the builder.

Unsupported parameters are ignored.

Overrides:

set in class AbstractJWKBuilder<C extends X509JWK<A,B>,D extends AbstractX509JWKBuilder<A,B,C,D>>

Parameters:

name - the parameter name

value - the parameter value

Throws:

JWKReadException - if there was an error reading the value

x509CertificateURL

public D x509CertificateURL(URI x5u)

Description copied from interface: X509JWKBuilder

Specifies the X.509 certificate or certificates chain URL.

Specified by:

x509CertificateURL in interface X509JWKBuilder<A extends PublicKey,B extends PrivateKey,C extends X509JWK<A,B>,D extends AbstractX509JWKBuilder<A,B,C,D>>

Parameters:

x5u - the X.509 certificate or certificate chain URL

Returns:

this builder

x509CertificateChain

public D x509CertificateChain(String[] x5c)

Description copied from interface: X509JWKBuilder

specifies the X.509 certificates chain.

Specified by:

x509CertificateChain in interface X509JWKBuilder<A extends PublicKey,B extends PrivateKey,C extends X509JWK<A,B>,D extends AbstractX509JWKBuilder<A,B,C,D>>

Parameters:

x5c - the X.509 certificates chain

Returns:

this builder

x509CertificateSHA1Thumbprint

public D x509CertificateSHA1Thumbprint(String x5t)

Description copied from interface: X509JWKBuilder

Specifies the X.509 certificate SHA1 thumbprint.

Specified by:

x509CertificateSHA1Thumbprint in interface X509JWKBuilder<A extends PublicKey,B extends PrivateKey,C extends X509JWK<A,B>,D extends AbstractX509JWKBuilder<A,B,C,D>>

Parameters:

x5t - the X.509 certificate SHA1 thumbprint

Returns:

this builder

x509CertificateSHA256Thumbprint

public D x509CertificateSHA256Thumbprint(String x5t_S256)

Description copied from interface: X509JWKBuilder

Specifies the X.509 certificate SHA256 thumbprint.

Specified by:

x509CertificateSHA256Thumbprint in interface X509JWKBuilder<A extends PublicKey,B extends PrivateKey,C extends X509JWK<A,B>,D extends AbstractX509JWKBuilder<A,B,C,D>>

Parameters:

x5t_S256 - the X.509 certificate SHA256 thumbprint

Returns:

this builder

resolve

protected reactor.core.publisher.Mono<Void> resolve()
                                             throws JWKBuildException,
JWKResolveException,
JWKProcessingException

Description copied from class: AbstractJWKBuilder

Resolves the JWK to build.

This method basically resolves resources such as keys or certificates and verifies that the builder's parameters are consistent.

Overrides:

resolve in class AbstractJWKBuilder<C extends X509JWK<A,B>,D extends AbstractX509JWKBuilder<A,B,C,D>>

Returns:

an empty single publisher which completes in error if the key is not consistent with the builder's parameters

Throws:

JWKBuildException - if there was an error building the JWK

JWKResolveException - if there was an error resolving the JWK

JWKProcessingException - if there was a JWK processing error

resolveFromJWKStore

protected reactor.core.publisher.Mono<JWK> resolveFromJWKStore()
                                                        throws JWKResolveException

Description copied from class: AbstractJWKBuilder

Tries to resolve the JWK from the JWK store.

Overrides:

resolveFromJWKStore in class AbstractJWKBuilder<C extends X509JWK<A,B>,D extends AbstractX509JWKBuilder<A,B,C,D>>

Returns:

a single JWK publisher or an empty publisher if there's no JWK corresponding to the builder's parameters in the JWK store

Throws:

JWKResolveException - if there was an error accessing the JWK store

resolveCertificate

protected reactor.core.publisher.Mono<Void> resolveCertificate(X509Certificate certificate)
                                                        throws JWKBuildException,
JWKResolveException,
JWKProcessingException

Resolves the specified certificate into the builder.

This method basically verifies that the certificate is valid and consistent with the builder's parameters and eventually populates the builder with the certificate key.

Parameters:

certificate - a certificate

Returns:

an empty single publisher which completes in error if the resolved key is invalid or inconsistent with the builder's parameters

Throws:

JWKBuildException - if there was an error building the JWK

JWKResolveException - if there was an error resolving the certificate

JWKProcessingException - if there was a JWK processing error