Module io.inverno.mod.security.jose
Package io.inverno.mod.security.jose.internal.jwk

Class GenericJWKService

java.lang.Object
io.inverno.mod.security.jose.internal.jwk.GenericJWKService
All Implemented Interfaces:
JWKService
public final class GenericJWKService extends Object implements JWKService

Generic JSON Web Key service.

This implementation relies on standard JWK factories to create, read and generate JSON Web keys. Custom JWK factories can also be injected when building the JOSE module.

Since:
1.5
Author:
Jeremy Kuhn

  • Constructor Details

    • GenericJWKService

      public GenericJWKService(JOSEConfiguration configuration, GenericECJWKFactory ecJWKFactory, GenericRSAJWKFactory rsaJWKFactory, GenericOCTJWKFactory octJWKFactory, GenericEdECJWKFactory edecJWKFactory, GenericXECJWKFactory xecJWKFactory, GenericPBES2JWKFactory pbes2JWKFactory, JWKStore jwkStore, JWKURLResolver urlResolver, SwitchableJWKURLResolver switchableUrlResolver, com.fasterxml.jackson.databind.ObjectMapper mapper)

      Creates a generic JWK service.

      Parameters:
      configuration - the JOSE module configuration
      ecJWKFactory - the Elliptic Curve JWK factory
      rsaJWKFactory - the RSA JWK factory
      octJWKFactory - the Octet JWK factory
      edecJWKFactory - the Edwards-curve JWK factory
      xecJWKFactory - the extended Elliptic Curve JWK factory
      pbes2JWKFactory - the password-based JWK factory
      jwkStore - a JWK store
      urlResolver - a JWK URL resolver
      switchableUrlResolver - a switchable JWK URL resolver
      mapper - an object mapper

  • Method Details

    • setJWKFactories

      public void setJWKFactories(List<JWKFactory<?,?,?>> jwkFactories)

      Sets custom JWK factories.

      Standard JWK factories should be already injected into the constructor, they will be ignored if they are present in the specified list of JWK factories.

      Custom JWK factories are prioritized over the standard JWK factories to allow override.

      Parameters:
      jwkFactories - a list of custom JWK factories

    • ec

      public ECJWKFactory<? extends ECJWK,?,?> ec()
      Description copied from interface: JWKService

      Returns the Elliptic Curve JWK factory.

      Specified by:
      ec in interface JWKService
      Returns:
      the Elliptic Curve JWK factory

    • rsa

      public RSAJWKFactory<? extends RSAJWK,?,?> rsa()
      Description copied from interface: JWKService

      Returns the RSA JWK factory.

      Specified by:
      rsa in interface JWKService
      Returns:
      the RSA JWK factory

    • oct

      public OCTJWKFactory<? extends OCTJWK,?,?> oct()
      Description copied from interface: JWKService

      Returns the Octet JWK factory.

      Specified by:
      oct in interface JWKService
      Returns:
      the Octet JWK factory

    • edec

      public EdECJWKFactory<? extends EdECJWK,?,?> edec()
      Description copied from interface: JWKService

      Returns the Edward-Curve JWK factory.

      Specified by:
      edec in interface JWKService
      Returns:
      the Edward-Curve JWK factory

    • xec

      public XECJWKFactory<? extends XECJWK,?,?> xec()
      Description copied from interface: JWKService

      Returns the extended Elliptic Curve JWK factory.

      Specified by:
      xec in interface JWKService
      Returns:
      the extended Elliptic Curve JWK factory

    • pbes2

      public PBES2JWKFactory<? extends PBES2JWK,?,?> pbes2()
      Description copied from interface: JWKService

      Returns the Password-Based JWK factory.

      Specified by:
      pbes2 in interface JWKService
      Returns:
      the Password-Based JWK factory

    • read

      public org.reactivestreams.Publisher<? extends JWK> read(String jwk) throws JWKReadException, JWKBuildException, JWKProcessingException
      Description copied from interface: JWKService

      Reads the specified JWK or JWK set JSON serialized string and resolves and returns corresponding keys.

      This method basically iterates over all JWK factories and tries to resolve the key when the factory supports the specified key type and algorithm. The resulting publisher will fail when no key could have been resolved in which case a single JWKReadException will be emitted with suppressed errors corresponding to each factories.

      Note that this method should also fail when a key is missing the key type. If the key type is known it is preferable to use the corresponding JWKFactory to avoid unnecessary processing.

      Specified by:
      read in interface JWKService
      Parameters:
      jwk - a JSON serialized JWK or JWK set
      Returns:
      a publisher of keys
      Throws:
      JWKReadException - if there was an error reading the JSON string or a particular key
      JWKBuildException - if there was an error building a key
      JWKProcessingException - if there was a processing error

    • read

      public org.reactivestreams.Publisher<? extends JWK> read(Map<String,Object> jwk) throws JWKReadException, JWKBuildException, JWKProcessingException
      Description copied from interface: JWKService

      Reads the JWK or JWK set represented in the specified map.

      This method basically iterates over all JWK factories and tries to resolve the key when the factory supports the specified key type and algorithm. The resulting publisher will fail when no key could have been resolved in which case a single JWKReadException will be emitted with suppressed errors corresponding to each factories.

      Note that this method should also fail when a key is missing the key type. If the key type is known it is preferable to use the corresponding JWKFactory to avoid unnecessary processing.

      Specified by:
      read in interface JWKService
      Parameters:
      jwk - a map representing a JWK or a JWK set
      Returns:
      a publisher of keys
      Throws:
      JWKReadException - if there was an error reading the JSON string or a particular key
      JWKBuildException - if there was an error building a key
      JWKProcessingException - if there was a processing error

    • read

      public org.reactivestreams.Publisher<? extends JWK> read(URI uri) throws JWKReadException, JWKResolveException, JWKBuildException, JWKProcessingException
      Description copied from interface: JWKService

      Reads the JWK or JWK set JSON serialized string at the specified URI.

      This method basically iterates over all JWK factories and tries to resolve the key when the factory supports the specified key type and algorithm. The resulting publisher will fail when no key could have been resolved in which case a single JWKReadException will be emitted with suppressed errors corresponding to each factories.

      Note that this method should also fail when a key is missing the key type. If the key type is known it is preferable to use the corresponding JWKFactory to avoid unnecessary processing.

      Note that this method will also fail if JWK URL resolution is disabled, either in the module's configuration or if no ResourceService has been specified.

      Specified by:
      read in interface JWKService
      Parameters:
      uri - the URI where to find the JWK or JWK set JSON string
      Returns:
      a publisher of keys
      Throws:
      JWKReadException - if there was an error reading the JSON string or a particular key
      JWKResolveException - if there was an error resolving the resource from the specified URI
      JWKBuildException - if there was an error building a key
      JWKProcessingException - if there was a processing error

    • read

      public org.reactivestreams.Publisher<? extends JWK> read(JOSEHeader header) throws JWKReadException, JWKResolveException, JWKBuildException, JWKProcessingException
      Description copied from interface: JWKService

      Tries to resolve the JWK from a JOSE header.

      As for other read methods, this method will iterates over all JWK factories and tries to resolve the key that matches the JOSE header when the factory supports the algorithm specified in the header. The resulting publisher will fail when no key could have been resolved in which case a single JWKReadException will be emitted with suppressed errors corresponding to each factories.

      Unlike other read methods, this method does not fail when the key type is missing since a JOSE header does not contain the key type.

      Specified by:
      read in interface JWKService
      Parameters:
      header - a JOSE header
      Returns:
      a publisher of keys
      Throws:
      JWKReadException - if there was an error reading the JOSE header
      JWKResolveException - if there was an error resolving the key using a JWKStore or a JWKURLResolver
      JWKBuildException - if there was an error building the key
      JWKProcessingException - if there was a processing error

    • generate

      public org.reactivestreams.Publisher<? extends JWK> generate(String alg, Map<String,Object> parameters) throws JWKGenerateException, JWKProcessingException
      Description copied from interface: JWKService

      Generates a new key using the specified parameters.

      This is a convenience method that can be used to generate a key using a custom JWK factory, you should prefer using a JWKGenerator obtained from a specific JWKFactory to avoid unnecessary processing.

      Specified by:
      generate in interface JWKService
      Parameters:
      alg - a JWA algorithm
      parameters - a map of key parameters
      Returns:
      a publisher of keys
      Throws:
      JWKGenerateException - if there was an error generating a key
      JWKProcessingException - if there was a processing error

    • store

      public JWKStore store()
      Description copied from interface: JWKService

      Returns the JWK store.

      The JWK store can be used to store frequently used keys so they can be easily resolved when reading a JOSE object.

      It is recommended to only store trusted keys inside a JWK store to prevent them from being evicted when resolving a JOSE object key.

      Specified by:
      store in interface JWKService
      Returns:
      the JWK store