Package io.dialob.security.aws.elb

Class ElbJWKSource<C extends com.nimbusds.jose.proc.SecurityContext>

java.lang.Object
io.dialob.security.aws.elb.ElbJWKSource<C>
All Implemented Interfaces:
com.nimbusds.jose.jwk.source.JWKSource<C>
@ThreadSafe public class ElbJWKSource<C extends com.nimbusds.jose.proc.SecurityContext> extends Object implements com.nimbusds.jose.jwk.source.JWKSource<C>
Remote JSON Web Key (JWK) source specified by a JWK set URL. The retrieved JWK set is cached to minimise network calls. The cache is updated whenever the key selector tries to get a key with an unknown ID.
Version:
2018-10-28
Author:
Vladimir Dzhuvinov

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final int
    DEFAULT_HTTP_CONNECT_TIMEOUT
    The default HTTP connect timeout for JWK set retrieval, in milliseconds.
    static final int
    DEFAULT_HTTP_READ_TIMEOUT
    The default HTTP read timeout for JWK set retrieval, in milliseconds.
    static final int
    DEFAULT_HTTP_SIZE_LIMIT
    The default HTTP entity size limit for JWK set retrieval, in bytes.

  • Constructor Summary

    Constructors
    Constructor
    Description
    ElbJWKSource(String jwkSetUriTemplate)
    Creates a new remote JWK set using the default HTTP resource retriever, with a HTTP connect timeout set to 250 ms, HTTP read timeout set to 250 ms and a 50 KByte size limit.
    ElbJWKSource(String jwkSetUriTemplate, com.nimbusds.jose.util.ResourceRetriever resourceRetriever)
    Creates a new remote JWK set.
    ElbJWKSource(String jwkSetUriTemplate, com.nimbusds.jose.util.ResourceRetriever resourceRetriever, com.nimbusds.jose.jwk.source.JWKSetCache jwkSetCache)
    Creates a new remote JWK set.

  • Method Summary

    Modifier and Type
    Method
    Description
    List<com.nimbusds.jose.jwk.JWK>
    get(com.nimbusds.jose.jwk.JWKSelector jwkSelector, C context)
    The security context is ignored.
    com.nimbusds.jose.jwk.JWKSet
    getCachedJWKSet()
    Returns the cached JWK set.
    protected static String
    getFirstSpecifiedKeyID(com.nimbusds.jose.jwk.JWKMatcher jwkMatcher)
    Returns the first specified key ID (kid) for a JWK matcher.
    com.nimbusds.jose.jwk.source.JWKSetCache
    getJWKSetCache()
    Returns the configured JWK set cache.
    org.springframework.web.util.UriTemplate
    getJWKSetUriTemplate()
    Returns the JWK set URL.
    com.nimbusds.jose.util.ResourceRetriever
    getResourceRetriever()
    Returns the HTTP resource retriever.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • DEFAULT_HTTP_CONNECT_TIMEOUT

      public static final int DEFAULT_HTTP_CONNECT_TIMEOUT
      The default HTTP connect timeout for JWK set retrieval, in milliseconds. Set to 500 milliseconds.
      See Also:

    • DEFAULT_HTTP_READ_TIMEOUT

      public static final int DEFAULT_HTTP_READ_TIMEOUT
      The default HTTP read timeout for JWK set retrieval, in milliseconds. Set to 500 milliseconds.
      See Also:

    • DEFAULT_HTTP_SIZE_LIMIT

      public static final int DEFAULT_HTTP_SIZE_LIMIT
      The default HTTP entity size limit for JWK set retrieval, in bytes. Set to 50 KBytes.
      See Also:

  • Constructor Details

    • ElbJWKSource

      public ElbJWKSource(String jwkSetUriTemplate)
      Creates a new remote JWK set using the default HTTP resource retriever, with a HTTP connect timeout set to 250 ms, HTTP read timeout set to 250 ms and a 50 KByte size limit.
      Parameters:
      jwkSetUriTemplate - The JWK set URL. Must not be null.

    • ElbJWKSource

      public ElbJWKSource(String jwkSetUriTemplate, com.nimbusds.jose.util.ResourceRetriever resourceRetriever)
      Creates a new remote JWK set.
      Parameters:
      jwkSetUriTemplate - The JWK set URL. Must not be null.
      resourceRetriever - The HTTP resource retriever to use, null to use the default one.

    • ElbJWKSource

      public ElbJWKSource(String jwkSetUriTemplate, com.nimbusds.jose.util.ResourceRetriever resourceRetriever, com.nimbusds.jose.jwk.source.JWKSetCache jwkSetCache)
      Creates a new remote JWK set.
      Parameters:
      jwkSetUriTemplate - The JWK set URL. Must not be null.
      resourceRetriever - The HTTP resource retriever to use, null to use the default one.
      jwkSetCache - The JWK set cache to use, null to use the default one.

  • Method Details

    • getJWKSetUriTemplate

      public org.springframework.web.util.UriTemplate getJWKSetUriTemplate()
      Returns the JWK set URL.
      Returns:
      The JWK set URL.

    • getResourceRetriever

      public com.nimbusds.jose.util.ResourceRetriever getResourceRetriever()
      Returns the HTTP resource retriever.
      Returns:
      The HTTP resource retriever.

    • getJWKSetCache

      public com.nimbusds.jose.jwk.source.JWKSetCache getJWKSetCache()
      Returns the configured JWK set cache.
      Returns:
      The JWK set cache.

    • getCachedJWKSet

      public com.nimbusds.jose.jwk.JWKSet getCachedJWKSet()
      Returns the cached JWK set.
      Returns:
      The cached JWK set, null if none or expired.

    • getFirstSpecifiedKeyID

      protected static String getFirstSpecifiedKeyID(com.nimbusds.jose.jwk.JWKMatcher jwkMatcher)
      Returns the first specified key ID (kid) for a JWK matcher.
      Parameters:
      jwkMatcher - The JWK matcher. Must not be null.
      Returns:
      The first key ID, null if none.

    • get

      public List<com.nimbusds.jose.jwk.JWK> get(com.nimbusds.jose.jwk.JWKSelector jwkSelector, C context) throws com.nimbusds.jose.KeySourceException
      The security context is ignored.
      Specified by:
      get in interface com.nimbusds.jose.jwk.source.JWKSource<C extends com.nimbusds.jose.proc.SecurityContext>
      Throws:
      com.nimbusds.jose.KeySourceException