Module io.helidon.security.providers.httpsign

Package io.helidon.security.providers.httpsign

Class InboundClientDefinition

java.lang.Object

io.helidon.security.providers.httpsign.InboundClientDefinition

public class InboundClientDefinition
extends Object

Configuration of inbound client. This information is used to validate incoming signatures and to create a principal.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	InboundClientDefinition.Builder	Fluent API builder to create a new instance of InboundClientDefinition.

Method Summary

Modifier and Type	Method	Description
String	algorithm()	Algorithm of signature used by this client.
static InboundClientDefinition.Builder	builder(Config config)	Create a new builder from configuration.
static InboundClientDefinition.Builder	builder(String keyId)	Create a new builder for the keyId.
static InboundClientDefinition	create(Config config)	Create a new instance from configuration.
Optional<byte[]>	hmacSharedSecret()	For hmac-sha256 algorithm, this provides access to a secret shared with the client.
Optional<Keys>	keyConfig()	For rsa-sha256 algorithm, this provides access to the public key of the client.
String	keyId()	The key id of this client.
String	principalName()	The principal name of the client.
SubjectType	subjectType()	The type of principal we have authenticated (either user or service, defaults to service).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

builder

public static InboundClientDefinition.Builder builder(String keyId)

Create a new builder for the keyId.

Parameters:

keyId - Key id as is received in inbound signature (mandatory part of the signature header) to map to configured RSA or HMAC key.

Returns:

builder instance

builder

public static InboundClientDefinition.Builder builder(Config config)

Create a new builder from configuration.

Parameters:

config - configuration instance located at a single client definition (expect key-id as a child)

Returns:

builder configured based on config

create

public static InboundClientDefinition create(Config config)

Create a new instance from configuration.

Parameters:

config - configuration instance located at a single client definition (expect key-id as a child)

Returns:

instance configured based on config

keyId

public String keyId()

The key id of this client.

Returns:

key id to map this configuration to inbound signature

principalName

public String principalName()

The principal name of the client.

Returns:

name to use when creating security principal for this client

subjectType

public SubjectType subjectType()

The type of principal we have authenticated (either user or service, defaults to service).

Returns:

principal type to use when creating security principal for this client

algorithm

public String algorithm()

Algorithm of signature used by this client.

Returns:

algorithm of signature expected in request

keyConfig

public Optional<Keys> keyConfig()

For rsa-sha256 algorithm, this provides access to the public key of the client.

Returns:

Public key configuration to validate signature or empty optional if none configured

hmacSharedSecret

public Optional<byte[]> hmacSharedSecret()

For hmac-sha256 algorithm, this provides access to a secret shared with the client.

Returns:

shared secret to validate signature or empty optional if none configured