Module io.helidon.security.jwt
Package io.helidon.security.jwt

Class SignedJwt

java.lang.Object
io.helidon.security.jwt.SignedJwt
public final class SignedJwt extends Object
The JWT used to transfer content across network - e.g. the base64 parts concatenated with a dot.

  • Method Details

    • sign

      public static SignedJwt sign(Jwt jwt, JwkKeys jwks) throws JwtException
      Sign a jwt using a key obtained based on kid from JwkKeys. In case the kid is not provided and alg is none, Jwk.ALG_NONE is used - e.g. no signature is generated.
      Parameters:
      jwt - jwt to sign
      jwks - keys to find the correct key to sign
      Returns:
      a new instance of this class with signature
      Throws:
      JwtException - in case the algorithm is missing, the algorithms of JWK and JWT do not match, or in case of other mis-matches

    • sign

      public static SignedJwt sign(Jwt jwt, Jwk jwk) throws JwtException
      Sign a jwt using an explicit jwk.
      Parameters:
      jwt - jwt to sign
      jwk - key used to sign the JWT
      Returns:
      a new instance of this class with signature
      Throws:
      JwtException - in case the algorithm is missing, the algorithms of JWK and JWT do not match, or in case of other mis-matches

    • parseToken

      public static SignedJwt parseToken(String tokenContent)
      Parse a token received over network. The expected content is header_base64.payload_base64.signature_base64 where base64 is base64 URL encoding. Use this method if you have previous knowledge that this is a signed JWT, otherwise use parseToken(JwtHeaders, String). This method does NO validation of content at all, only validates that the content is correctly formatted:
      • correct format of string (e.g. base64.base64.base64)
      • each base64 part is actually base64 URL encoded
      • header and payload are JSON objects
      Parameters:
      tokenContent - String with the token
      Returns:
      a signed JWT instance that can be used to obtain the instance and to verifySignature(JwkKeys) verify} the signature
      Throws:
      RuntimeException - in case of invalid content, see Errors.ErrorMessagesException

    • parseToken

      public static SignedJwt parseToken(JwtHeaders headers, String tokenContent)
      Parse a token received over network. The expected content is header_base64.payload_base64.signature_base64 where base64 is base64 URL encoding. This method does NO validation of content at all, only validates that the content is correctly formatted:
      • correct format of string (e.g. base64.base64.base64)
      • each base64 part is actually base64 URL encoded
      • header and payload are JSON objects
      Parameters:
      headers - headers parsed previously (probably to decide whether to use this or EncryptedJwt)
      tokenContent - String with the token
      Returns:
      a signed JWT instance that can be used to obtain the instance and to verifySignature(JwkKeys) verify} the signature
      Throws:
      RuntimeException - in case of invalid content, see Errors.ErrorMessagesException

    • tokenContent

      public String tokenContent()
      The full token (header, payload, signature).
      Returns:
      token content

    • getSignedBytes

      public byte[] getSignedBytes()
      The bytes that were signed (payload bytes).
      Returns:
      signed bytes

    • getSignature

      public byte[] getSignature()
      Signature bytes.
      Returns:
      bytes of the signature

    • getJwt

      public Jwt getJwt()
      Return a Jwt instance from this signed JWT.
      Returns:
      Jwt instance
      Throws:
      RuntimeException - in case one of the fields has invalid content (e.g. timestamp is invalid)

    • verifySignature

      public Errors verifySignature(JwkKeys keys)
      Verify signature against the provided keys (the kid of this JWT should be present in the JwkKeys provided).
      Parameters:
      keys - JwkKeys to obtain a key to verify signature
      Returns:
      Errors with collected messages, see Errors.isValid() and Errors.checkValid()

    • verifySignature

      public Errors verifySignature(JwkKeys keys, Jwk defaultJwk)
      Verify signature against the provided keys (the kid of thisPrincipal JWT should be present in the JwkKeys provided).
      Parameters:
      keys - JwkKeys to obtain a key to verify signature
      defaultJwk - Default value of JWK
      Returns:
      Errors with collected messages, see Errors.isValid() and Errors.checkValid()