Search in sources :

Example 1 with VerificationKeyResolver

use of org.jose4j.keys.resolvers.VerificationKeyResolver in project light-4j by networknt.

the class JwtHelper method getKeyResolver.

/**
 * Get VerificationKeyResolver based on the configuration settings
 * @param kid
 * @param isToken
 * @return
 */
private static VerificationKeyResolver getKeyResolver(String kid, boolean isToken) {
    VerificationKeyResolver verificationKeyResolver = null;
    String keyResolver = (String) securityJwtConfig.getOrDefault(JWT_KEY_RESOLVER, JWT_KEY_RESOLVER_X509CERT);
    switch(keyResolver) {
        default:
        case JWT_KEY_RESOLVER_X509CERT:
            // get the public key certificate from the cache that is loaded from security.yml if it is not there,
            // go to OAuth2 server /oauth2/key endpoint to get the public key certificate with kid as parameter.
            X509Certificate certificate = certMap == null ? null : certMap.get(kid);
            if (certificate == null) {
                certificate = isToken ? getCertForToken(kid) : getCertForSign(kid);
                // null if bootstrapFromKeyService is true
                if (certMap == null)
                    certMap = new HashMap<>();
                certMap.put(kid, certificate);
            } else {
                logger.debug("Got raw certificate for kid: {} from local cache", kid);
            }
            X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(certificate);
            x509VerificationKeyResolver.setTryAllOnNoThumbHeader(true);
            verificationKeyResolver = x509VerificationKeyResolver;
            break;
        case JWT_KEY_RESOLVER_JWKS:
            List<JsonWebKey> jwkList = jwksMap == null ? null : jwksMap.get(kid);
            if (jwkList == null) {
                jwkList = getJsonWebKeySetForToken(kid);
                if (jwkList != null) {
                    // null if bootstrapFromKeyService is true
                    if (jwksMap == null)
                        jwksMap = new HashMap<>();
                    jwksMap.put(kid, jwkList);
                }
            } else {
                logger.debug("Got Json web key set for kid: {} from local cache", kid);
            }
            if (jwkList != null) {
                verificationKeyResolver = new JwksVerificationKeyResolver(jwkList);
            }
            break;
    }
    return verificationKeyResolver;
}
Also used : HashMap(java.util.HashMap) JsonWebKey(org.jose4j.jwk.JsonWebKey) JwksVerificationKeyResolver(org.jose4j.keys.resolvers.JwksVerificationKeyResolver) VerificationKeyResolver(org.jose4j.keys.resolvers.VerificationKeyResolver) X509VerificationKeyResolver(org.jose4j.keys.resolvers.X509VerificationKeyResolver) JwksVerificationKeyResolver(org.jose4j.keys.resolvers.JwksVerificationKeyResolver) X509VerificationKeyResolver(org.jose4j.keys.resolvers.X509VerificationKeyResolver) X509Certificate(java.security.cert.X509Certificate)

Aggregations

X509Certificate (java.security.cert.X509Certificate)1 HashMap (java.util.HashMap)1 JsonWebKey (org.jose4j.jwk.JsonWebKey)1 JwksVerificationKeyResolver (org.jose4j.keys.resolvers.JwksVerificationKeyResolver)1 VerificationKeyResolver (org.jose4j.keys.resolvers.VerificationKeyResolver)1 X509VerificationKeyResolver (org.jose4j.keys.resolvers.X509VerificationKeyResolver)1