PublicKeyOpenIdResolverImpl (org.openidentityplatform.commons.parent 2.2.3 Documentation)

Skip navigation links

org.openidentityplatform.commons.parent 2.2.3 Documentation

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- org.forgerock.jaspi.modules.openid.resolvers.BaseOpenIdResolver
- - org.forgerock.jaspi.modules.openid.resolvers.PublicKeyOpenIdResolverImpl

All Implemented Interfaces:

OpenIdResolver
```
public class PublicKeyOpenIdResolverImpl
extends BaseOpenIdResolver
```
This class exists to allow functionality for those Open ID Connect providers which supply their signatures through asymmetric key algorithms (e.g. RSA). In these cases we want to use a public key (usually retrieved from a Trust Store) to verify the signature.

Field Summary
- Fields inherited from interface org.forgerock.jaspi.modules.openid.resolvers.OpenIdResolver
  CLIENT_SECRET_KEY, ISSUER_KEY, JWK, KEY_ALIAS_KEY, KEYSTORE_LOCATION_KEY, KEYSTORE_PASS_KEY, KEYSTORE_TYPE_KEY, WELL_KNOWN_CONFIGURATION

Constructor Summary

Constructors
Constructor and Description

PublicKeyOpenIdResolverImpl(String issuer, PublicKey key)
Constructor for PublicKeyOpenIdResolverImpl.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`validateIdentity(SignedJwt idClaim)` Validates the supplied Jwt against this OpenId Connect Idp.
`void`	`verifySignature(SignedJwt idClaim)` Verifies that the JWS was signed by the corresponding private key to this public key.

Methods inherited from class org.forgerock.jaspi.modules.openid.resolvers.BaseOpenIdResolver
createSigningHandlerForKey, getIssuer

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - PublicKeyOpenIdResolverImpl
```
public PublicKeyOpenIdResolverImpl(String issuer,
                                   PublicKey key)
```
    Constructor for PublicKeyOpenIdResolverImpl.
    
    Parameters:
    
    issuer - The issuer (provider) of the Open Id Connect id token
    
    key - The public key, used to verify a private-key signed signature
- Method Detail
  - validateIdentity
```
public void validateIdentity(SignedJwt idClaim)
                      throws OpenIdConnectVerificationException
```
    Validates the supplied Jwt against this OpenId Connect Idp.
    
    Specified by:
    
    validateIdentity in interface OpenIdResolver
    
    Overrides:
    
    validateIdentity in class BaseOpenIdResolver
    
    Parameters:
    
    idClaim - The Jwt to test is authenticated from this issuer
    
    Throws:
    
    OpenIdConnectVerificationException - If the Jwt is unable to be verified
  - verifySignature
```
public void verifySignature(SignedJwt idClaim)
                     throws InvalidSignatureException
```
    Verifies that the JWS was signed by the corresponding private key to this public key.
    
    Parameters:
    
    idClaim - The JWS to verify
    
    Throws:
    
    InvalidSignatureException - If the JWS supplied does not match the key for this resolver

Skip navigation links

org.openidentityplatform.commons.parent 2.2.3 Documentation

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

Copyright © 2025 Open Identity Platform Community. All rights reserved.