Module io.inverno.mod.security.jose

Package io.inverno.mod.security.jose.internal.jws

Class JsonJWSHeader

java.lang.Object

io.inverno.mod.security.jose.internal.AbstractJOSEHeader<GenericJWSHeader>

io.inverno.mod.security.jose.internal.jws.GenericJWSHeader

io.inverno.mod.security.jose.internal.jws.JsonJWSHeader

All Implemented Interfaces:

JOSEHeader, JOSEHeaderConfigurator<GenericJWSHeader>, JWSHeader, JWSHeaderConfigurator<GenericJWSHeader>

public class JsonJWSHeader
extends GenericJWSHeader

A generic JWS header implementation used when building or reading JSON JWS objects.

This implementation has the ability to track overlapping parameters

Since:

1.5

Author:

Jeremy Kuhn

Field Summary

Fields inherited from class io.inverno.mod.security.jose.internal.jws.GenericJWSHeader

b64, PROCESSED_PARAMETERS

Fields inherited from class io.inverno.mod.security.jose.internal.AbstractJOSEHeader

alg, crit, cty, customParameters, encoded, jku, jwk, key, kid, typ, x5c, x5t, x5t_S256, x5u

Constructor Summary

Constructors

Constructor	Description
JsonJWSHeader()	Creates a JSON JWS header.
JsonJWSHeader(String alg)	Creates a JSON JWS header.

Method Summary

Modifier and Type	Method	Description
JsonJWSHeader	addCustomParameter(String key, Object value)	Specifies a custom parameter to add to the header.
JsonJWSHeader	algorithm(String alg)	specifies the cryptographic algorithm to use to secure the JOSE object.
JsonJWSHeader	base64EncodePayload(Boolean b64)	Specifies whether the payload should be encoded as Base64URL or processed unencoded.
JsonJWSHeader	contentType(String cty)	Specifies the media type of the JOSE object payload.
JsonJWSHeader	critical(String... crit)	Specifies the set of custom parameters that must be understood and processed.
JsonJWSHeader	jwk(Map<String,Object> jwk)	Specifies the JWK to use to secure the JOSE object.
JsonJWSHeader	jwkSetURL(URI jku)	Specifies the JWK Set URL that contains the key to use to secure the JOSE object.
JsonJWSHeader	keyId(String kid)	Specifies the id of the key to use to secure the JOSE object.
void	startRecordOverlap()	Starts the parameter overlap recording.
Set<String>	stopRecordOverlap()	Stops the parameter overlap recording and returns the overlapped parameters.
JsonJWSHeader	type(String typ)	Specifies the media type of the complete JOSE object.
JsonJWSHeader	x509CertificateChain(String[] x5c)	Specifies the X.509 certificates chain that corresponds to the key to use to secure the JOSE object.
JsonJWSHeader	x509CertificateSHA1Thumbprint(String x5t)	Specifies the X.509 SHA1 thumbprint of the certificate that corresponds to the key to use to secure the JOSE object.
JsonJWSHeader	x509CertificateSHA256Thumbprint(String x5t_S256)	Specifies the X.509 SHA256 thumbprint of the certificate that corresponds to the key to use to secure the JOSE object.
JsonJWSHeader	x509CertificateURL(URI x5u)	Specifies the URL of the X.509 certificate or certificates chain that corresponds to the key to use to secure the JOSE object.

Methods inherited from class io.inverno.mod.security.jose.internal.jws.GenericJWSHeader

equals, getProcessedParameters, hashCode, isBase64EncodePayload

Methods inherited from class io.inverno.mod.security.jose.internal.AbstractJOSEHeader

getAlgorithm, getContentType, getCritical, getCustomParameters, getEncoded, getJWK, getJWKSetURL, getKey, getKeyId, getType, getX509CertificateChain, getX509CertificateSHA1Thumbprint, getX509CertificateSHA256Thumbprint, getX509CertificateURL, setEncoded, setKey

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.inverno.mod.security.jose.JOSEHeader

getAlgorithm, getContentType, getCritical, getCustomParameters, getEncoded, getJWK, getJWKSetURL, getKey, getKeyId, getType, getX509CertificateChain, getX509CertificateSHA1Thumbprint, getX509CertificateSHA256Thumbprint, getX509CertificateURL

Constructor Details

JsonJWSHeader

public JsonJWSHeader()

Creates a JSON JWS header.

JsonJWSHeader

public JsonJWSHeader(String alg)

Creates a JSON JWS header.

Parameters:

alg - a signature JWA algorithm

Method Details

startRecordOverlap

public void startRecordOverlap()

Starts the parameter overlap recording.

stopRecordOverlap

public Set<String> stopRecordOverlap()

Stops the parameter overlap recording and returns the overlapped parameters.

Returns:

the set of overlapped parameters

algorithm

public JsonJWSHeader algorithm(String alg)

Description copied from interface: JOSEHeaderConfigurator

specifies the cryptographic algorithm to use to secure the JOSE object.

Depending on the type of JOSE object to build, it might designate a signature or a key management algorithm.

Specified by:

algorithm in interface JOSEHeaderConfigurator<GenericJWSHeader>

Overrides:

algorithm in class AbstractJOSEHeader<GenericJWSHeader>

Parameters:

alg - a JWA algorithm

Returns:

this builder

jwkSetURL

public JsonJWSHeader jwkSetURL(URI jku)

Description copied from interface: JOSEHeaderConfigurator

Specifies the JWK Set URL that contains the key to use to secure the JOSE object.

The URL must points to a set of JSON-encoded public keys.

Specified by:

jwkSetURL in interface JOSEHeaderConfigurator<GenericJWSHeader>

Overrides:

jwkSetURL in class AbstractJOSEHeader<GenericJWSHeader>

Parameters:

jku - the JWK Set URL

Returns:

this builder

jwk

public JsonJWSHeader jwk(Map<String,Object> jwk)

Description copied from interface: JOSEHeaderConfigurator

Specifies the JWK to use to secure the JOSE object.

It is represented as a map to comply with the JOSE object definition, the builder eventually tries to resolve an actual JWK based on these parameters.

Specified by:

jwk in interface JOSEHeaderConfigurator<GenericJWSHeader>

Overrides:

jwk in class AbstractJOSEHeader<GenericJWSHeader>

Parameters:

jwk - a JWK as a map

Returns:

this builder

keyId

public JsonJWSHeader keyId(String kid)

Description copied from interface: JOSEHeaderConfigurator

Specifies the id of the key to use to secure the JOSE object.

Specified by:

keyId in interface JOSEHeaderConfigurator<GenericJWSHeader>

Overrides:

keyId in class AbstractJOSEHeader<GenericJWSHeader>

Parameters:

kid - a key id

Returns:

this builder

x509CertificateURL

public JsonJWSHeader x509CertificateURL(URI x5u)

Description copied from interface: JOSEHeaderConfigurator

Specifies the URL of the X.509 certificate or certificates chain that corresponds to the key to use to secure the JOSE object.

The certificates chain located at the URL must be in PEM format. The first certificate in the chain must correspond to the key to use to secure the JOSE object.

Specified by:

x509CertificateURL in interface JOSEHeaderConfigurator<GenericJWSHeader>

Overrides:

x509CertificateURL in class AbstractJOSEHeader<GenericJWSHeader>

Parameters:

x5u - a URL

Returns:

this builder

x509CertificateChain

public JsonJWSHeader x509CertificateChain(String[] x5c)

Description copied from interface: JOSEHeaderConfigurator

Specifies the X.509 certificates chain that corresponds to the key to use to secure the JOSE object.

The certificates chain must be represented as an array of Base64URL encoded DER PKIX certificates. The first certificate in the chain must correspond to the key to use to secure the JOSE object.

Specified by:

x509CertificateChain in interface JOSEHeaderConfigurator<GenericJWSHeader>

Overrides:

x509CertificateChain in class AbstractJOSEHeader<GenericJWSHeader>

Parameters:

x5c - a certificates chain

Returns:

this builder

x509CertificateSHA1Thumbprint

public JsonJWSHeader x509CertificateSHA1Thumbprint(String x5t)

Description copied from interface: JOSEHeaderConfigurator

Specifies the X.509 SHA1 thumbprint of the certificate that corresponds to the key to use to secure the JOSE object.

Specified by:

x509CertificateSHA1Thumbprint in interface JOSEHeaderConfigurator<GenericJWSHeader>

Overrides:

x509CertificateSHA1Thumbprint in class AbstractJOSEHeader<GenericJWSHeader>

Parameters:

x5t - an X.509 SHA1 thumbprint

Returns:

this builder

x509CertificateSHA256Thumbprint

public JsonJWSHeader x509CertificateSHA256Thumbprint(String x5t_S256)

Description copied from interface: JOSEHeaderConfigurator

Specifies the X.509 SHA256 thumbprint of the certificate that corresponds to the key to use to secure the JOSE object.

Specified by:

x509CertificateSHA256Thumbprint in interface JOSEHeaderConfigurator<GenericJWSHeader>

Overrides:

x509CertificateSHA256Thumbprint in class AbstractJOSEHeader<GenericJWSHeader>

Parameters:

x5t_S256 - an X.509 SHA256 thumbprint

Returns:

this builder

type

public JsonJWSHeader type(String typ)

Description copied from interface: JOSEHeaderConfigurator

Specifies the media type of the complete JOSE object.

To keep messages compact in common situations, the application/ prefix of a media type can be omitted when no other / appears in the value.

Specified by:

type in interface JOSEHeaderConfigurator<GenericJWSHeader>

Overrides:

type in class AbstractJOSEHeader<GenericJWSHeader>

Parameters:

typ - a media type

Returns:

this builder

contentType

public JsonJWSHeader contentType(String cty)

Description copied from interface: JOSEHeaderConfigurator

Specifies the media type of the JOSE object payload.

To keep messages compact in common situations, the application/ prefix of a media type can be omitted when no other / appears in the value.

The builder might use this media type to determine how to serialize/deserialize a JOSE object payload.

Specified by:

contentType in interface JOSEHeaderConfigurator<GenericJWSHeader>

Overrides:

contentType in class AbstractJOSEHeader<GenericJWSHeader>

Parameters:

cty - a media type

Returns:

this builder

critical

public JsonJWSHeader critical(String... crit)

Description copied from interface: JOSEHeaderConfigurator

Specifies the set of custom parameters that must be understood and processed.

Critical parameters can not be registered JOSE header parameters and they must be present in header's custom parameters.

Specified by:

critical in interface JOSEHeaderConfigurator<GenericJWSHeader>

Overrides:

critical in class AbstractJOSEHeader<GenericJWSHeader>

Parameters:

crit - a set of custom parameters

Returns:

this builder

addCustomParameter

public JsonJWSHeader addCustomParameter(String key,
 Object value)

Description copied from interface: JOSEHeaderConfigurator

Specifies a custom parameter to add to the header.

Specified by:

addCustomParameter in interface JOSEHeaderConfigurator<GenericJWSHeader>

Overrides:

addCustomParameter in class AbstractJOSEHeader<GenericJWSHeader>

Parameters:

key - the custom parameter name

value - the custom parameter value

Returns:

this builder

base64EncodePayload

public JsonJWSHeader base64EncodePayload(Boolean b64)

Description copied from interface: JWSHeaderConfigurator

Specifies whether the payload should be encoded as Base64URL or processed unencoded.

Specified by:

base64EncodePayload in interface JWSHeaderConfigurator<GenericJWSHeader>

Overrides:

base64EncodePayload in class GenericJWSHeader

Parameters:

b64 - true or null to encode the payload as Base64URL, false otherwise

Returns:

this builder