java.lang.Object
io.helidon.security.providers.httpsign.InboundClientDefinition

public class InboundClientDefinition extends Object
Configuration of inbound client. This information is used to validate incoming signatures and to create a principal.
  • Method Details

    • builder

      public static InboundClientDefinition.Builder builder(String keyId)
      Create a new builder for the keyId.
      Parameters:
      keyId - Key id as is received in inbound signature (mandatory part of the signature header) to map to configured RSA or HMAC key.
      Returns:
      builder instance
    • builder

      public static InboundClientDefinition.Builder builder(Config config)
      Create a new builder from configuration.
      Parameters:
      config - configuration instance located at a single client definition (expect key-id as a child)
      Returns:
      builder configured based on config
    • create

      public static InboundClientDefinition create(Config config)
      Create a new instance from configuration.
      Parameters:
      config - configuration instance located at a single client definition (expect key-id as a child)
      Returns:
      instance configured based on config
    • keyId

      public String keyId()
      The key id of this client.
      Returns:
      key id to map this configuration to inbound signature
    • principalName

      public String principalName()
      The principal name of the client.
      Returns:
      name to use when creating security principal for this client
    • subjectType

      public SubjectType subjectType()
      The type of principal we have authenticated (either user or service, defaults to service).
      Returns:
      principal type to use when creating security principal for this client
    • algorithm

      public String algorithm()
      Algorithm of signature used by this client.
      Returns:
      algorithm of signature expected in request
    • keyConfig

      public Optional<KeyConfig> keyConfig()
      For rsa-sha256 algorithm, this provides access to the public key of the client.
      Returns:
      Public key configuration to validate signature or empty optional if none configured
    • hmacSharedSecret

      public Optional<byte[]> hmacSharedSecret()
      For hmac-sha256 algorithm, this provides access to a secret shared with the client.
      Returns:
      shared secret to validate signature or empty optional if none configured