001package com.nimbusds.jose; 002 003 004import java.util.Collections; 005import java.util.Set; 006 007import net.jcip.annotations.ThreadSafe; 008 009 010/** 011 * JSON Web Signature (JWS) header filter implementation. Intended to be 012 * incorporated by {@link JWSVerifier} implementations. This class is 013 * thread-safe. 014 * 015 * @author Vladimir Dzhuvinov 016 * @version $version$ (2013-03-27) 017 */ 018@ThreadSafe 019public class DefaultJWSHeaderFilter extends DefaultHeaderFilter implements JWSHeaderFilter { 020 021 022 /** 023 * The supported algorithms. Used to bound the subset of the accepted 024 * ones. 025 */ 026 private final Set<JWSAlgorithm> algs; 027 028 029 /** 030 * The accepted algorithms. 031 */ 032 private Set<JWSAlgorithm> acceptedAlgs; 033 034 035 /** 036 * Validates the specified accepted parameters. 037 * 038 * @param acceptedParams The accepted JWS header parameters. Must 039 * contain at least the {@code alg} parameter and 040 * must not be {@code null}. 041 * 042 * @throws IllegalArgumentException If the parameters didn't meet the 043 * validation criteria. 044 */ 045 private static void validateAcceptedParameters(final Set<String> acceptedParams) { 046 047 if (! acceptedParams.contains("alg")) { 048 049 throw new IllegalArgumentException("The accepted JWS header parameters set must include at least the \"alg\" parameter"); 050 } 051 } 052 053 054 /** 055 * Creates a new JWS header filter. The accepted algorithms are set to 056 * equal the specified supported ones. The accepted header parameters 057 * are set to match {@link JWSHeader#getReservedParameterNames}. 058 * 059 * @param algs The supported JWS algorithms. Used to bound the 060 * {@link #setAcceptedAlgorithms accepted algorithms}. Must 061 * not be {@code null}. 062 */ 063 public DefaultJWSHeaderFilter(final Set<JWSAlgorithm> algs) { 064 065 this(algs, JWSHeader.getReservedParameterNames()); 066 } 067 068 069 /** 070 * Creates a new JWS header filter. The accepted algorithms are set to 071 * equal the specified supported ones. 072 * 073 * @param algs The supported JWS algorithms. Used to bound 074 * the {@link #setAcceptedAlgorithms accepted 075 * algorithms}. Must not be {@code null}. 076 * @param acceptedParams The accepted JWS header parameters. Must 077 * contain at least the {@code alg} parameter and 078 * must not be {@code null}. 079 */ 080 public DefaultJWSHeaderFilter(final Set<JWSAlgorithm> algs, 081 final Set<String> acceptedParams) { 082 083 super(acceptedParams); 084 085 validateAcceptedParameters(acceptedParams); 086 087 if (algs == null) { 088 089 throw new IllegalArgumentException("The supported JWS algorithms set must not be null"); 090 } 091 092 this.algs = Collections.unmodifiableSet(algs); 093 094 // Initially the accepted set equals the supported set 095 acceptedAlgs = this.algs; 096 } 097 098 099 /** 100 * Returns the names of the supported JWS algorithms. Used to bound the 101 * {@link #setAcceptedAlgorithms accepted algorithms}. 102 * 103 * @return The supported JWS algorithms as a read-only set, empty set 104 * if none. 105 */ 106 public Set<JWSAlgorithm> supportedAlgorithms() { 107 108 return algs; 109 } 110 111 112 @Override 113 public Set<JWSAlgorithm> getAcceptedAlgorithms() { 114 115 return acceptedAlgs; 116 } 117 118 119 @Override 120 public void setAcceptedAlgorithms(final Set<JWSAlgorithm> acceptedAlgs) { 121 122 if (acceptedAlgs == null) { 123 124 throw new IllegalArgumentException("The accepted JWS algorithms set must not be null"); 125 } 126 127 if (! supportedAlgorithms().containsAll(acceptedAlgs)) { 128 129 throw new IllegalArgumentException("One or more of the JWE algorithms is not in the supported set"); 130 } 131 132 this.acceptedAlgs = Collections.unmodifiableSet(acceptedAlgs); 133 } 134 135 136 @Override 137 public void setAcceptedParameters(final Set<String> acceptedParams) { 138 139 validateAcceptedParameters(acceptedParams); 140 141 super.setAcceptedParameters(acceptedParams); 142 } 143}