use of org.jose4j.keys.resolvers.VerificationKeyResolver in project light-4j by networknt.
the class JwtHelper method getKeyResolver.
/**
* Get VerificationKeyResolver based on the configuration settings
* @param kid
* @param isToken
* @return
*/
private static VerificationKeyResolver getKeyResolver(String kid, boolean isToken) {
VerificationKeyResolver verificationKeyResolver = null;
String keyResolver = (String) securityJwtConfig.getOrDefault(JWT_KEY_RESOLVER, JWT_KEY_RESOLVER_X509CERT);
switch(keyResolver) {
default:
case JWT_KEY_RESOLVER_X509CERT:
// get the public key certificate from the cache that is loaded from security.yml if it is not there,
// go to OAuth2 server /oauth2/key endpoint to get the public key certificate with kid as parameter.
X509Certificate certificate = certMap == null ? null : certMap.get(kid);
if (certificate == null) {
certificate = isToken ? getCertForToken(kid) : getCertForSign(kid);
// null if bootstrapFromKeyService is true
if (certMap == null)
certMap = new HashMap<>();
certMap.put(kid, certificate);
} else {
logger.debug("Got raw certificate for kid: {} from local cache", kid);
}
X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(certificate);
x509VerificationKeyResolver.setTryAllOnNoThumbHeader(true);
verificationKeyResolver = x509VerificationKeyResolver;
break;
case JWT_KEY_RESOLVER_JWKS:
List<JsonWebKey> jwkList = jwksMap == null ? null : jwksMap.get(kid);
if (jwkList == null) {
jwkList = getJsonWebKeySetForToken(kid);
if (jwkList != null) {
// null if bootstrapFromKeyService is true
if (jwksMap == null)
jwksMap = new HashMap<>();
jwksMap.put(kid, jwkList);
}
} else {
logger.debug("Got Json web key set for kid: {} from local cache", kid);
}
if (jwkList != null) {
verificationKeyResolver = new JwksVerificationKeyResolver(jwkList);
}
break;
}
return verificationKeyResolver;
}
Aggregations