Package uk.co.spudsoft.jwtvalidatorvertx.impl

Class JWKSOpenIdDiscoveryHandlerImpl

java.lang.Object
uk.co.spudsoft.jwtvalidatorvertx.impl.JWKSOpenIdDiscoveryHandlerImpl
All Implemented Interfaces:
JsonWebKeySetHandler, JsonWebKeySetOpenIdDiscoveryHandler, OpenIdDiscoveryHandler
public class JWKSOpenIdDiscoveryHandlerImpl extends Object implements JsonWebKeySetOpenIdDiscoveryHandler
Default implementation of JsonWebKeySetHandler.
Author:
jtalbut

  • Constructor Details

    • JWKSOpenIdDiscoveryHandlerImpl

      public JWKSOpenIdDiscoveryHandlerImpl(io.vertx.ext.web.client.WebClient webClient, Collection<String> acceptableIssuerRegexes, long defaultJwkCacheDurationS)
      Constructor.
      Parameters:
      webClient - Vertx WebClient, for the discovery handler to make asynchronous web requests.
      acceptableIssuerRegexes - Collection of regular expressions that any issues will be checked against.
      defaultJwkCacheDurationS - Time (in seconds) to keep JWKs in cache if no cache-control: max-age header is found. It is vital for the security of any system using OpenID Connect Discovery that it is only used with trusted issuers.

  • Method Details

    • validateIssuer

      public void validateIssuer(String issuer) throws IllegalArgumentException
      Description copied from interface: JsonWebKeySetHandler
      Confirm that the issuer matches at least one of the configured acceptable issuer regular expressions.
      Specified by:
      validateIssuer in interface JsonWebKeySetHandler
      Parameters:
      issuer - the issuer to confirm.
      Throws:
      IllegalArgumentException - if the issuer is not in the list of acceptable issuers.

    • performOpenIdDiscovery

      public io.vertx.core.Future<DiscoveryData> performOpenIdDiscovery(String issuer)
      Description copied from interface: OpenIdDiscoveryHandler
      Obtain the discovery data for an issuer as per openid-connect-discovery-1_0. If discovery data has not already been cached this will result in a call to 
       issuer + (issuer.endsWith("/") ? "" : "/") + ".well-known/openid-configuration"
      The resulting Discovery Data will be cached against the issuer.
      Specified by:
      performOpenIdDiscovery in interface OpenIdDiscoveryHandler
      Parameters:
      issuer - The issuer to obtain the discovery data for.
      Returns:
      A Future that will be completed with the Discovery Data.

    • findJwk

      public io.vertx.core.Future<JWK> findJwk(DiscoveryData discoveryData, String kid)
      Description copied from interface: JsonWebKeySetOpenIdDiscoveryHandler
      Find a JWK using the jwks_uri value from the Discovery Data. The resulting JWK will be cached against the jwks_uri.
      Specified by:
      findJwk in interface JsonWebKeySetOpenIdDiscoveryHandler
      Parameters:
      discoveryData - The Discovery Data that contains the jwks_uri.
      kid - The key ID being sought.
      Returns:
      A Future that will be completed with the JWK.

    • findJwk

      public io.vertx.core.Future<JWK> findJwk(String issuer, String kid)
      Description copied from interface: JsonWebKeySetHandler
      Find a JWK for the given issuer and kid.
      Specified by:
      findJwk in interface JsonWebKeySetHandler
      Parameters:
      issuer - the issuer of the JWT (and JWK).
      kid - The key ID being sought.
      Returns:
      A Future that will be completed with a JWK.