Package dev.paseto.jpaseto

Interface PasetoParserBuilder

  • public interface PasetoParserBuilder
    A builder for constructing a PasetoParser. The constructed parser will work for multiple versions/purpose token when configured.

    Typical usage: 

    
 Pasetos.parserBuilder()
   .setSharedSecret(...)
   // ...
   .requireIssuer("https://example.com/issuer)
   .build()
    Since:
    0.1.0

    • Method Detail

      • setKeyResolver

        PasetoParserBuilder setKeyResolver​(KeyResolver keyResolver)
        Sets the KeyResolver used to acquire the signing key that should be used to verify a paseto tokens's signature.

        Specifying a SigningKeyResolver is necessary when the signing key is not already known before parsing the token and the footer must be inspected first to determine how to look up the signing key. Once returned by the resolver, the PasetoParser will then verify the paseto token's signature with the returned key. For example: 

         Paseto token = Pasetos.parserBuilder().setSigningKeyResolver(new KeyResolverAdapter() {
         @Override
         public byte[] resolvePublicKeyBytes(Paseto paseto) {
             //inspect the header or claims, lookup and return the signing key
             return getPublicKeyBytes(paseto); //implement me
         }})
     .build()
     .parse(tokenString);

        A SigningKeyResolver is invoked once during parsing before the signature is verified.

        This method should only be used if a signing key is not provided by the other setSigningKey* builder methods.

        To construct a PasetoParser use the corresponding builder via Pasetos.parserBuilder(). This will construct an immutable PasetoParser.
        Parameters:
        keyResolver - the signing key resolver used to retrieve the signing key.
        Returns:
        the parser builder for method chaining.

      • setSharedSecret

        PasetoParserBuilder setSharedSecret​(javax.crypto.SecretKey sharedSecret)

      • requireIssuer

        default PasetoParserBuilder requireIssuer​(java.lang.String iss)
        Ensures that the specified iss exists in the parsed Paseto. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the Paseto is invalid and may not be used.
        Parameters:
        iss - expected claim value
        Returns:
        the parser builder for method chaining.
        See Also:
        MissingClaimException, IncorrectClaimException

      • requireSubject

        default PasetoParserBuilder requireSubject​(java.lang.String sub)
        Ensures that the specified sub exists in the parsed Paseto. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the Paseto is invalid and may not be used.
        Parameters:
        sub - expected claim value
        Returns:
        the parser builder for method chaining.
        See Also:
        MissingClaimException, IncorrectClaimException

      • requireAudience

        default PasetoParserBuilder requireAudience​(java.lang.String aud)
        Ensures that the specified aud exists in the parsed Paseto. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the Paseto is invalid and may not be used.
        Parameters:
        aud - expected claim value
        Returns:
        the parser builder for method chaining.
        See Also:
        MissingClaimException, IncorrectClaimException

      • requireExpiration

        default PasetoParserBuilder requireExpiration​(java.time.Instant exp)
        Ensures that the specified exp exists in the parsed Paseto. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the Paseto is invalid and may not be used.
        Parameters:
        exp - expected claim value
        Returns:
        the parser builder for method chaining.
        See Also:
        MissingClaimException, IncorrectClaimException

      • requireNotBefore

        default PasetoParserBuilder requireNotBefore​(java.time.Instant nbf)
        Ensures that the specified nbf exists in the parsed Paseto. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the Paseto is invalid and may not be used.
        Parameters:
        nbf - expected claim value
        Returns:
        the parser builder for method chaining
        See Also:
        MissingClaimException, IncorrectClaimException

      • requireIssuedAt

        default PasetoParserBuilder requireIssuedAt​(java.time.Instant iat)
        Ensures that the specified iat exists in the parsed Paseto. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the Paseto is invalid and may not be used.
        Parameters:
        iat - expected claim value
        Returns:
        the parser builder for method chaining.
        See Also:
        MissingClaimException, IncorrectClaimException

      • requireTokenId

        default PasetoParserBuilder requireTokenId​(java.lang.String jti)
        Ensures that the specified jti exists in the parsed Paseto. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the Paseto is invalid and may not be used.
        Parameters:
        jti - expected claim value
        Returns:
        the parser builder for method chaining.
        See Also:
        MissingClaimException, IncorrectClaimException

      • requireKeyId

        default PasetoParserBuilder requireKeyId​(java.lang.String kid)
        Ensures that the specified kid exists in the parsed Paseto footer. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the Paseto is invalid and may not be used.
        Parameters:
        kid - expected claim value
        Returns:
        the parser builder for method chaining.
        See Also:
        MissingClaimException, IncorrectClaimException

      • require

        default PasetoParserBuilder require​(java.lang.String claimName,
                                    java.lang.Object value)
        Ensures that the specified claimName exists in the parsed Paseto. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the Paseto is invalid and may not be used.
        Parameters:
        claimName -
        value -
        Returns:
        the parser builder for method chaining.
        See Also:
        MissingClaimException, IncorrectClaimException

      • require

        PasetoParserBuilder require​(java.lang.String claimName,
                            java.util.function.Predicate<java.lang.Object> value)

      • requireFooter

        PasetoParserBuilder requireFooter​(java.lang.String claimName,
                                  java.util.function.Predicate<java.lang.Object> value)

      • setClock

        PasetoParserBuilder setClock​(java.time.Clock clock)
        Sets the Clock that determines the timestamp to use when validating the parsed Paseto. The parser uses a default Clock implementation that simply returns new Date() when called.
        Parameters:
        clock - a Clock object to return the timestamp to use when validating the parsed Paseto.
        Returns:
        the parser builder for method chaining.

      • setAllowedClockSkew

        PasetoParserBuilder setAllowedClockSkew​(java.time.Duration allowedClockSkew)
        Sets the amount of clock skew tolerate when verifying the local time against the exp and nbf claims.
        Parameters:
        allowedClockSkew - the duration to tolerate for clock skew when verifying exp or nbf claims.
        Returns:
        the parser builder for method chaining.