JWKOpenIdResolverImpl (org.openidentityplatform.commons.parent 2.2.3 Documentation)

java.lang.Object
- org.forgerock.jaspi.modules.openid.resolvers.BaseOpenIdResolver
- - org.forgerock.jaspi.modules.openid.resolvers.JWKOpenIdResolverImpl

All Implemented Interfaces:

OpenIdResolver
```
public class JWKOpenIdResolverImpl
extends BaseOpenIdResolver
```
This class exists to allow Open Id Providers to supply or promote a JWK exposure point for their public keys. We convert the exposed keys they provide according to the algorithm defined by their JWK and offer their keys in a map key'd on their keyId. The map of keys is loaded on construction, and reloaded each time an Open Id token is passed in to this resolver whose keyId does not exist within the list that we currently have. This means that we will cache the keys for as long as they are valid, and as soon as we receive a request to verify using a key which we don't have we discard our current keys and re-fill our map.

Field Summary
- Fields inherited from interface org.forgerock.jaspi.modules.openid.resolvers.OpenIdResolver
  CLIENT_SECRET_KEY, ISSUER_KEY, JWK, KEY_ALIAS_KEY, KEYSTORE_LOCATION_KEY, KEYSTORE_PASS_KEY, KEYSTORE_TYPE_KEY, WELL_KNOWN_CONFIGURATION

Constructor Summary

Constructors
Constructor and Description
`JWKOpenIdResolverImpl(String issuer, URL jwkUrl, int readTimeout, int connTimeout)` Constructor using provided timeout values to generate the `SimpleHTTPClient` used for communicating over HTTP.
`JWKOpenIdResolverImpl(String issuer, URL jwkUrl, SimpleHTTPClient httpClient)` Constructor using an already-created `SimpleHTTPClient`.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`validateIdentity(SignedJwt idClaim)` Validates the supplied Jwt against this OpenId Connect Idp.
`void`	`verifySignature(SignedJwt idClaim)` Verifies that the JWS was signed by the supplied key.

Methods inherited from class org.forgerock.jaspi.modules.openid.resolvers.BaseOpenIdResolver
createSigningHandlerForKey, getIssuer

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - JWKOpenIdResolverImpl
```
public JWKOpenIdResolverImpl(String issuer,
                             URL jwkUrl,
                             int readTimeout,
                             int connTimeout)
                      throws FailedToLoadJWKException
```
    Constructor using provided timeout values to generate the SimpleHTTPClient used for communicating over HTTP.
    
    Parameters:
    
    issuer - The issuer (provider) of the Open Id Connect id token
    
    jwkUrl - the URL from which we will attempt to read and parse our JWKSet
    
    readTimeout - the read timeout associated with HTTP requests
    
    connTimeout - the connection timeout associated with HTTP requests
    
    Throws:
    
    FailedToLoadJWKException - if there were issues resolving or parsing the JWK
  - JWKOpenIdResolverImpl
```
public JWKOpenIdResolverImpl(String issuer,
                             URL jwkUrl,
                             SimpleHTTPClient httpClient)
                      throws FailedToLoadJWKException
```
    Constructor using an already-created SimpleHTTPClient.
    
    Parameters:
    
    issuer - The issuer (provider) of the Open Id Connect id token
    
    jwkUrl - The URL from which we will attempt to read and parse our JWKSet
    
    httpClient - The http client through which we will attempt to read the jwkUrl
    
    Throws:
    
    FailedToLoadJWKException - if there were issues resolving or parsing the JWK.
- Method Detail
  - validateIdentity
```
public void validateIdentity(SignedJwt idClaim)
                      throws OpenIdConnectVerificationException
```
    Validates the supplied Jwt against this OpenId Connect Idp.
    
    Specified by:
    
    validateIdentity in interface OpenIdResolver
    
    Overrides:
    
    validateIdentity in class BaseOpenIdResolver
    
    Parameters:
    
    idClaim - The Jwt to test is authenticated from this issuer
    
    Throws:
    
    OpenIdConnectVerificationException - If the Jwt is unable to be verified
  - verifySignature
```
public void verifySignature(SignedJwt idClaim)
                     throws InvalidSignatureException,
                            FailedToLoadJWKException
```
    Verifies that the JWS was signed by the supplied key. Throws an exception otherwise.
    
    Parameters:
    
    idClaim - The JWS to verify
    
    Throws:
    
    InvalidSignatureException - If the JWS supplied does not match the key for this resolver
    
    FailedToLoadJWKException - If the JWK supplied cannot be loaded from its remote location

Class JWKOpenIdResolverImpl

Field Summary

Fields inherited from interface org.forgerock.jaspi.modules.openid.resolvers.OpenIdResolver

Constructor Summary

Method Summary

Methods inherited from class org.forgerock.jaspi.modules.openid.resolvers.BaseOpenIdResolver

Methods inherited from class java.lang.Object

Constructor Detail

JWKOpenIdResolverImpl

JWKOpenIdResolverImpl

Method Detail

validateIdentity

verifySignature