Class GenericJWKKeyResolver
- All Implemented Interfaces:
JWKKeyResolver
Generic JWK key resolver implementation.
This is an overridable bean which can be overriden by injecting a custom JWKKeyResolver instance when building the JOSE module.
This implementation relies on a KeyStore to securely load keys and certificates identified by key id, X.509 SHA1 certificate thumbprint or X.509 SHA256 certificate thumbprint.
The key store to use can be specified explicitly or it can loaded from the configuration (see JOSEConfiguration.key_store(), JOSEConfiguration.key_store_password() and
JOSEConfiguration.key_store_type()).
Key resolution will be disabled if the key store is missing which happens when no explicit key store has been specified, no key store could be loaded from configuration because of missing parameters or when the optional resource service used to load the configuraiton key store is missing.
- Since:
- 1.5
- Author:
- Jeremy Kuhn
-
Constructor Summary
ConstructorsConstructorDescriptionGenericJWKKeyResolver(JOSEConfiguration configuration) Creates a generic JWK key resolver. -
Method Summary
Modifier and TypeMethodDescriptionvoidinit()Loads the key store from the configuration if it has not already been set explicitly.reactor.core.publisher.Mono<X509Certificate>Resolves a certificate (public key) from a key id.reactor.core.publisher.Mono<X509Certificate>Resolves a certificate (public key) from an X.509 SHA1 thumbprint.reactor.core.publisher.Mono<X509Certificate>Resolves a certificate (public key) from an X.509 SHA256 thumbprint.reactor.core.publisher.Mono<? extends Key>Resolves a key (symmetric or private) from a key id.reactor.core.publisher.Mono<? extends Key>Resolves a key (symmetric or private) from an X.509 SHA1 thumbprint.reactor.core.publisher.Mono<? extends Key>Resolves a key (symmetric or private) from an X.509 SHA256 thumbprint.voidsetKeyStore(KeyStore keyStore, char[] password) Sets the key store.voidsetResourceService(ResourceService resourceService) Sets the resource service used to load the key store from the configuration.
-
Constructor Details
-
GenericJWKKeyResolver
Creates a generic JWK key resolver.
- Parameters:
configuration- the JOSE module configuration
-
-
Method Details
-
init
Loads the key store from the configuration if it has not already been set explicitly.
- Throws:
JWKProcessingException- if a key store is specified in the configuration and there was an error loading it
-
setResourceService
Sets the resource service used to load the key store from the configuration.
- Parameters:
resourceService- a resource service
-
setKeyStore
Sets the key store.
- Parameters:
keyStore- the key storepassword- the key store password
-
resolveKeyFromX509CertificateSHA1Thumbprint
public reactor.core.publisher.Mono<? extends Key> resolveKeyFromX509CertificateSHA1Thumbprint(String x5t) throws JWKResolveException Description copied from interface:JWKKeyResolverResolves a key (symmetric or private) from an X.509 SHA1 thumbprint.
- Specified by:
resolveKeyFromX509CertificateSHA1Thumbprintin interfaceJWKKeyResolver- Parameters:
x5t- an X.509 SHA1 thumbprint- Returns:
- a single key publisher or an empty publisher
- Throws:
JWKResolveException- if there was an error resolving the key
-
resolveKeyFromX509CertificateSHA256Thumbprint
public reactor.core.publisher.Mono<? extends Key> resolveKeyFromX509CertificateSHA256Thumbprint(String x5t_S256) throws JWKResolveException Description copied from interface:JWKKeyResolverResolves a key (symmetric or private) from an X.509 SHA256 thumbprint.
- Specified by:
resolveKeyFromX509CertificateSHA256Thumbprintin interfaceJWKKeyResolver- Parameters:
x5t_S256- an X.509 SHA256 thumbprint- Returns:
- a single key publisher or an empty publisher
- Throws:
JWKResolveException- if there was an error resolving the key
-
resolveKeyFromKeyId
public reactor.core.publisher.Mono<? extends Key> resolveKeyFromKeyId(String kid) throws JWKResolveException Description copied from interface:JWKKeyResolverResolves a key (symmetric or private) from a key id.
- Specified by:
resolveKeyFromKeyIdin interfaceJWKKeyResolver- Parameters:
kid- a key id- Returns:
- a single key publisher or an empty publisher
- Throws:
JWKResolveException- if there was an error resolving the key
-
resolveCertificateFromX509CertificateSHA1Thumbprint
public reactor.core.publisher.Mono<X509Certificate> resolveCertificateFromX509CertificateSHA1Thumbprint(String x5t) throws JWKResolveException Description copied from interface:JWKKeyResolverResolves a certificate (public key) from an X.509 SHA1 thumbprint.
- Specified by:
resolveCertificateFromX509CertificateSHA1Thumbprintin interfaceJWKKeyResolver- Parameters:
x5t- an X.509 SHA1 thumbprint- Returns:
- a single X.509 certificate publisher or an empty publisher
- Throws:
JWKResolveException- if there was an error resolving the certificate
-
resolveCertificateFromX509CertificateSHA256Thumbprint
public reactor.core.publisher.Mono<X509Certificate> resolveCertificateFromX509CertificateSHA256Thumbprint(String x5t_S256) throws JWKResolveException Description copied from interface:JWKKeyResolverResolves a certificate (public key) from an X.509 SHA256 thumbprint.
- Specified by:
resolveCertificateFromX509CertificateSHA256Thumbprintin interfaceJWKKeyResolver- Parameters:
x5t_S256- an X.509 SHA256 thumbprint- Returns:
- a single X.509 certificate publisher or an empty publisher
- Throws:
JWKResolveException- if there was an error resolving the certificate
-
resolveCertificateFromKeyId
public reactor.core.publisher.Mono<X509Certificate> resolveCertificateFromKeyId(String kid) throws JWKResolveException Description copied from interface:JWKKeyResolverResolves a certificate (public key) from a key id.
- Specified by:
resolveCertificateFromKeyIdin interfaceJWKKeyResolver- Parameters:
kid- a key id- Returns:
- a single X.509 certificate publisher or an empty publisher
- Throws:
JWKResolveException- if there was an error resolving the certificate
-