Package io.helidon.security.jwt
Class SignedJwt
- java.lang.Object
-
- io.helidon.security.jwt.SignedJwt
-
public final class SignedJwt extends Object
The JWT used to transfer content across network - e.g. the base64 parts concatenated with a dot.
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description Jwt
getJwt()
Return a Jwt instance from this signed JWT.byte[]
getSignature()
Signature bytes.byte[]
getSignedBytes()
The bytes that were signed (payload bytes).static SignedJwt
parseToken(String tokenContent)
Parse a token received over network.static SignedJwt
sign(Jwt jwt, Jwk jwk)
Sign a jwt using an explicit jwk.static SignedJwt
sign(Jwt jwt, JwkKeys jwks)
Sign a jwt using a key obtained based on kid fromJwkKeys
.String
tokenContent()
The full token (header, payload, signature).Errors
verifySignature(JwkKeys keys)
Verify signature against the provided keys (the kid of this JWT should be present in theJwkKeys
provided).Errors
verifySignature(JwkKeys keys, Jwk defaultJwk)
Verify signature against the provided keys (the kid of thisPrincipal JWT should be present in theJwkKeys
provided).
-
-
-
Method Detail
-
sign
public static SignedJwt sign(Jwt jwt, JwkKeys jwks) throws JwtException
Sign a jwt using a key obtained based on kid fromJwkKeys
. In case the kid is not provided and alg is none,Jwk.ALG_NONE
is used - e.g. no signature is generated.- Parameters:
jwt
- jwt to signjwks
- keys to find the correct key to sign- Returns:
- a new instance of this class with signature
- Throws:
JwtException
- in case the algorithm is missing, the algorithms of JWK and JWT do not match, or in case of other mis-matches
-
sign
public static SignedJwt sign(Jwt jwt, Jwk jwk) throws JwtException
Sign a jwt using an explicit jwk.- Parameters:
jwt
- jwt to signjwk
- key used to sign the JWT- Returns:
- a new instance of this class with signature
- Throws:
JwtException
- in case the algorithm is missing, the algorithms of JWK and JWT do not match, or in case of other mis-matches
-
parseToken
public static SignedJwt parseToken(String tokenContent)
Parse a token received over network. The expected content isheader_base64.payload_base64.signature_base64
where base64 is base64 URL encoding. This method does NO validation of content at all, only validates that the content is correctly formatted:- correct format of string (e.g. base64.base64.base64)
- each base64 part is actually base64 URL encoded
- header and payload are JSON objects
- Parameters:
tokenContent
- String with the token- Returns:
- a signed JWT instance that can be used to obtain the
instance
and toverifySignature(JwkKeys)
verify} the signature - Throws:
RuntimeException
- in case of invalid content, seeErrors.ErrorMessagesException
-
tokenContent
public String tokenContent()
The full token (header, payload, signature).- Returns:
- token content
-
getSignedBytes
public byte[] getSignedBytes()
The bytes that were signed (payload bytes).- Returns:
- signed bytes
-
getSignature
public byte[] getSignature()
Signature bytes.- Returns:
- bytes of the signature
-
getJwt
public Jwt getJwt()
Return a Jwt instance from this signed JWT.- Returns:
- Jwt instance
- Throws:
RuntimeException
- in case one of the fields has invalid content (e.g. timestamp is invalid)
-
verifySignature
public Errors verifySignature(JwkKeys keys)
Verify signature against the provided keys (the kid of this JWT should be present in theJwkKeys
provided).- Parameters:
keys
- JwkKeys to obtain a key to verify signature- Returns:
- Errors with collected messages, see
Errors.isValid()
andErrors.checkValid()
-
verifySignature
public Errors verifySignature(JwkKeys keys, Jwk defaultJwk)
Verify signature against the provided keys (the kid of thisPrincipal JWT should be present in theJwkKeys
provided).- Parameters:
keys
- JwkKeys to obtain a key to verify signaturedefaultJwk
- Default value of JWK- Returns:
- Errors with collected messages, see
Errors.isValid()
andErrors.checkValid()
-
-