public class DefaultJWSMinter<C extends SecurityContext> extends Object implements ConfigurableJWSMinter<C>
JSON Web Signature (JWS) objects and
signed JSON Web Tokens (JWTs).
Must be configured with the following:
setJWKSource(com.nimbusds.jose.jwk.source.JWKSource<C>) JSON Web Key (JWK) source} to select a
signing key. The default key selection procedure is based on the
JWSHeader. To customise it pass a suitable
context.An optional context parameter is available to
facilitate passing of additional data between the caller and the underlying
selector of key candidates (in both directions).
See sections 6 of RFC 7515 (JWS) for guidelines on key selection.
This minter adds any key-identifying header based on the JWK that it selects.
| Constructor and Description |
|---|
DefaultJWSMinter() |
| Modifier and Type | Method and Description |
|---|---|
JWKSource<C> |
getJWKSource()
Gets the source for looking up JWKs.
|
JWSSignerFactory |
getJWSSignerFactory()
Gets the factory for generating
JWSSigners. |
JWSObject |
mint(JWSHeader header,
Payload payload,
C context)
|
void |
setJWKSource(JWKSource<C> jwkSource)
Sets the source for to look up JWKs from.
|
void |
setJWSSignerFactory(JWSSignerFactory jwsSignerFactory)
Sets the factory for generating
JWSSigners. |
public DefaultJWSMinter()
public JWSObject mint(JWSHeader header, Payload payload, C context) throws JOSEException
JWSHeader and Payload. To create a signed JSON Web
Token (JWT) use the JWTClaimsSet.toPayload() method to
obtain a Payload representation of the JWT claims.
Derives the signing key from the JWSHeader as well as any
application-specific context.
If multiple keys are matched against the header's criteria, the
first will be used to sign the object. To customise the key
selection you can set a custom JWKSource like so:
public static class MyJWKSource implements JWKSource<SecurityContext> {
private final JWKSource<SecurityContext> delegate;
public List<JWK> get(final JWKSelector jwkSelector, final SecurityContext context)
throws KeySourceException {
List<JWK> jwks = this.delegate.get(jwkSelector, context);
return jwks.get(jwks.size() - 1); // get last one instead
}
}
minter.setJWKSource(new MyJWKSource(jwkSource));
or you can select your own JWK and do:
JWK jwk = findJWK(); minter.mint(header, claims, new JWKSecurityContext(jwks));
Once the key is discovered, adds any headers related to the
discovered signing key, including kid, x5u,
x5c, and x5t#256.
All other headers and claims remain as-is. This method expects
the caller to add the typ, alg, and any other needed
headers.
mint in interface JWSMinter<C extends SecurityContext>header - The JWSHeader to use, less any
key-identifying headers, which this method will
derive.payload - The Payload.context - A SecurityContext, null if not
specified.JOSEException - If the instance is improperly configured, if
no appropriate JWK could be found, or if signing failed.public JWKSource<C> getJWKSource()
JWSMinterConfigurationgetJWKSource in interface JWSMinterConfiguration<C extends SecurityContext>JWKSource in use.public void setJWKSource(JWKSource<C> jwkSource)
JWSMinterConfigurationsetJWKSource in interface JWSMinterConfiguration<C extends SecurityContext>jwkSource - The JWK source to use.public JWSSignerFactory getJWSSignerFactory()
JWSMinterConfigurationJWSSigners.getJWSSignerFactory in interface JWSMinterConfiguration<C extends SecurityContext>JWSSignerFactory in use.public void setJWSSignerFactory(JWSSignerFactory jwsSignerFactory)
JWSMinterConfigurationJWSSigners.setJWSSignerFactory in interface JWSMinterConfiguration<C extends SecurityContext>jwsSignerFactory - The JWS signer factory to use.Copyright © 2021 Connect2id Ltd.. All rights reserved.