Package uk.co.spudsoft.jwtvalidatorvertx

Class JWT

java.lang.Object
uk.co.spudsoft.jwtvalidatorvertx.JWT
public class JWT extends Object
A JWT as defined by RFC7519. The internal representation is two JSON objects, the signature (as string) and the original string that was used to generate the signature (concatenated base 64 header and payload). Values are not extracted or cached, they are simply retrieved on demand.
Author:
jtalbut

  • Constructor Details

    • JWT

      public JWT(io.vertx.core.json.JsonObject header, io.vertx.core.json.JsonObject payload, String signatureBase, String signature)
      Constructor.
      Parameters:
      header - The header from the JWT.
      payload - The payload from the JWT.
      signatureBase - The value used to calculate the signature - base64(header) + "." + base64(payload).
      signature - The signature from the JWT.

  • Method Details

    • parseJws

      public static JWT parseJws(String token)
      Parse a JWT in delimited string form.
      Parameters:
      token - The JWT in delimited string form.
      Returns:
      A newly created JWT object.

    • getPayloadSize

      public int getPayloadSize()
      Get the number of claims in the payload.
      Returns:
      the number of claims in the payload.

    • getClaim

      public Object getClaim(String claim)
      Get a single payload claim by name.
      Parameters:
      claim - The name of the claim to return.
      Returns:
      the claim with the given name.

    • getClaimAsList

      public List<String> getClaimAsList(String claim)
      Get a payload claim by name returning a List or Strings.
      Parameters:
      claim - The name of the claim to return.
      Returns:
      the claim with the given name, as a List of Strings.

    • has

      public boolean has(String claim, String requiredValue)
      Checks whether the JWT has the given claim with the given value. If the claim has multiple values this check returns true if any of the values matches value. The comparison with value is case sensitive. Note that this method cannot be used for scope claims because they are a single space-delimited string.
      Parameters:
      claim - The name of the claim to check.
      requiredValue - The value to check it against.
      Returns:
      True if any value of the claim in the JWT matches the value.

    • getSignatureBase

      public String getSignatureBase()
      Get the value used to calculate the signature - base64(header) + "." + base64(payload).
      Returns:
      the value used to calculate the signature - base64(header) + "." + base64(payload).

    • getSignature

      public String getSignature()
      Get the signature from the JWT.
      Returns:
      the signature from the JWT.

    • getAlgorithm

      public String getAlgorithm()
      Get the algorithm specified in the JWT header.
      Returns:
      the algorithm specified in the JWT header.

    • getJsonWebAlgorithm

      public JsonWebAlgorithm getJsonWebAlgorithm()
      Get the algorithm specified in the JWT header as a JsonWebAlgorithm.
      Returns:
      the algorithm specified in the JWT header as a JsonWebAlgorithm.

    • getKid

      public String getKid()
      Get the key ID specified in the JWT header.
      Returns:
      the key ID specified in the JWT header.

    • getSubject

      public String getSubject()
      Get the token subject specified in the JWT payload.
      Returns:
      the token subject specified in the JWT payload.

    • getIssuer

      public String getIssuer()
      Get the token issuer specified in the JWT payload.
      Returns:
      the token issuer specified in the JWT payload.

    • getAudience

      public List<String> getAudience()
      Get the token audience specified in the JWT payload. The audience can be specified as either a single value or a JSON array, this method normalizes the result to an array of strings.
      Returns:
      the token audience specified in the JWT payload.

    • hasAudience

      public boolean hasAudience(String requiredValue)
      Return true if the aud claim contains the requiredValue.
      Parameters:
      requiredValue - The value being sought in the aud claim.
      Returns:
      true if the aud claim contains the requiredValue.

    • getScope

      public List<String> getScope()
      Get the scopes specified in the JWT payload. Note that this method parses the scope string into separate scopes.
      Returns:
      the scopes specified in the JWT payload.

    • hasScope

      public boolean hasScope(String requiredValue)
      Return true if the requiredValue is found in the scope. The scope claim in JWTs is space delimited, which means that:
      • Either the requiredValue is found at the beginning of the claim or the code point before the requiredValue is s space.
      • Either the requiredValue is found at the end of the claim or the code point after the requiredValue is s space.
      Parameters:
      requiredValue - The value being sought in the scope.
      Returns:
      True if the requiredValue is found in the scope.

    • getGroups

      public List<String> getGroups()
      Get the groups specified in the JWT payload.
      Returns:
      the groups specified in the JWT payload.

    • hasGroup

      public boolean hasGroup(String requiredValue)
      Return true if the groups claim contains the requiredValue.
      Parameters:
      requiredValue - The value being sought in the groups claim.
      Returns:
      true if the groups claim contains the requiredValue.

    • getRoles

      public List<String> getRoles()
      Get the roles specified in the JWT payload.
      Returns:
      the roles specified in the JWT payload.

    • hasRole

      public boolean hasRole(String requiredValue)
      Return true if the roles claim contains the requiredValue.
      Parameters:
      requiredValue - The value being sought in the roles claim.
      Returns:
      true if the roles claim contains the requiredValue.

    • getExpiration

      public Long getExpiration()
      Get the expiration timestamp specified in the JWT payload. The expiration timestamp is defined as seconds since epoch (1970-01-01T00:00:00Z UTC), see RFC 7519 Section 4.1.4 and Section 2.
      Returns:
      the expiration timestamp specified in the JWT payload.

    • getExpirationLocalDateTime

      public LocalDateTime getExpirationLocalDateTime()
      Get the expiration timestamp specified in the JWT payload as a LocalDateTime.
      Returns:
      the expiration timestamp specified in the JWT payload as a LocalDateTime.

    • getNotBefore

      public Long getNotBefore()
      Get the not-valid-before timestamp specified in the JWT payload. The not-valid-before timestamp is defined as seconds since epoch (1970-01-01T00:00:00Z UTC), see RFC 7519 Section 4.1.5 and Section 2.
      Returns:
      the not-valid-before timestamp specified in the JWT payload.

    • getNotBeforeLocalDateTime

      public LocalDateTime getNotBeforeLocalDateTime()
      Get the not-valid-before timestamp specified in the JWT payload as a LocalDateTime.
      Returns:
      the not-valid-before timestamp specified in the JWT payload as a LocalDateTime.

    • getJwk

      public io.vertx.core.Future<JWK> getJwk(JsonWebKeySetHandler handler)
      Use the provided OpenIdDiscoveryHandler to call the jwks_uri from the discovery data to obtain the correct JWK for this JWT. The JWK will be cached in this JWT after it has been retrieved (and this method will return immediately if called again).
      Parameters:
      handler - the OpenIdDiscoveryHandler that will perform the request for the JWK Set.
      Returns:
      A Future that will be completed with a JWK object when the discovery completes.

    • getJwk

      public JWK getJwk()
      Get the jwk cached by a successful call to getJwk(uk.co.spudsoft.jwtvalidatorvertx.JsonWebKeySetHandler). This method should only be called in a handler chain following a successful called to getJwk(uk.co.spudsoft.jwtvalidatorvertx.JsonWebKeySetHandler).
      Returns:
      the jwk cached by a successful called to getJwk(uk.co.spudsoft.jwtvalidatorvertx.JsonWebKeySetHandler).