Package uk.co.spudsoft.jwtvalidatorvertx

Class JWK

java.lang.Object

uk.co.spudsoft.jwtvalidatorvertx.JWK

public class JWK
extends Object

Represent a single Json Web Key as defined in RFC 7517. https://datatracker.ietf.org/doc/html/rfc7517

Author:

jtalbut

Constructor Summary

Constructors

Constructor	Description
JWK(long expiryMs, io.vertx.core.json.JsonObject jo)	Constructor.

Method Summary

Modifier and Type	Method	Description
long	getExpiryMs()	Get the expiry time in ms from the epoch.
Key	getKey()	Get the key represented by this JWK.
String	getKid()	Get the key identifier.
String	getUse()	Get the key use string.
boolean	verify(JsonWebAlgorithm algorithm, byte[] signature, byte[] data)	Verify a signature using the key in this JWK.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

JWK

public JWK(long expiryMs,
 io.vertx.core.json.JsonObject jo)
    throws NoSuchAlgorithmException,
InvalidKeySpecException,
InvalidParameterSpecException

Constructor.

Parameters:

expiryMs - The time in ms from the epoch (i.e. to be compared with System.currentTimeMillis) at which this data should be discarded. Should be found by parsing cache-control headers.

jo - The JsonObject that contains the JWK as defined in RFC7517.

Throws:

NoSuchAlgorithmException - if the algorithm in the JWK is not known.

InvalidKeySpecException - if the key specification in the JWK is inappropriate for the key factory to produce a key.

InvalidParameterSpecException - if there is a bug in the JWK code.

Method Details

getExpiryMs

public long getExpiryMs()

Get the expiry time in ms from the epoch.

Returns:

the expiry time in ms from the epoch.

getKid

public String getKid()

Get the key identifier. https://datatracker.ietf.org/doc/html/rfc7517#section-4.5

Returns:

the key identifier.

getUse

public String getUse()

Get the key use string. https://datatracker.ietf.org/doc/html/rfc7517#section-4.2 This should be "sig" for all known uses, but its presence is optional, so it's ignored.

Returns:

the key use string.

getKey

public Key getKey()

Get the key represented by this JWK.

Returns:

the key represented by this JWK.

verify

public boolean verify(JsonWebAlgorithm algorithm,
 byte[] signature,
 byte[] data)
               throws InvalidKeyException,
NoSuchAlgorithmException,
SignatureException,
InvalidAlgorithmParameterException

Verify a signature using the key in this JWK.

Parameters:

algorithm - The algorithm specified in the token, which may not be the same as the JWK algorithm (RSA-PSS).

signature - The signature that has been provided for the JWT.

data - The data to be verified.

Returns:

True if the signature can only have been created using this key and the data provided.

Throws:

InvalidKeyException - if the key is not appropriate for the signer.

NoSuchAlgorithmException - if the algorithm is not known to the JDK security subsystem,.

SignatureException - if the signature is invalid

InvalidAlgorithmParameterException - if the algorithm is configured with incorrect parameters.