com.nimbusds.jose.proc

Interface JWSKeySelector<C extends SecurityContext>

All Known Implementing Classes:

JWSAlgorithmFamilyJWSKeySelector, JWSVerificationKeySelector, SingleKeyJWSKeySelector

public interface JWSKeySelector<C extends SecurityContext>

Interface for selecting key candidates for verifying a JSON Web Signature (JWS) object. Applications should utilise this interface or a similar framework to determine whether a received JWS object (or signed JWT) is eligible for verification and further processing.

The interface supports keys selection based on:

• Recognised header parameters referencing the key (e.g. kid, x5t).
• Additional SecurityContext, if required and set by the application (e.g. endpoint where the JWS object was received).

See JSON Web Signature (JWS), Appendix D. Notes on Key Selection for suggestions.

For a key selector for signed JWTs that also uses the claims set (e.g. issuer (iss) claim) see JWTClaimsSetAwareJWSKeySelector.

Possible key types:

• SecretKey for HMAC keys.
• RSAPublicKey public RSA keys.
• ECPublicKey public EC keys.

Version:

2016-06-21

Author:

Vladimir Dzhuvinov

Method Summary

Modifier and Type	Method and Description
List<? extends Key>	selectJWSKeys(JWSHeader header, C context) Selects key candidates for verifying a JWS object.

Method Detail

selectJWSKeys

List<? extends Key> selectJWSKeys(JWSHeader header,
                                  C context)
                           throws KeySourceException

Selects key candidates for verifying a JWS object.

Parameters:

header - The header of the JWS object. Must not be null.

context - Optional context of the JWS object, null if not required.

Returns:

The key candidates in trial order, empty list if none.

Throws:

KeySourceException - If a key sourcing exception is encountered, e.g. on remote JWK retrieval.