Examples with VerificationKeyResolver org.jose4j.keys.resolvers.VerificationKeyResolver used on opensource projects

Example 1 with VerificationKeyResolver

use of org.jose4j.keys.resolvers.VerificationKeyResolver in project light-4j by networknt.

the class JwtHelper method getKeyResolver.

/**
 * Get VerificationKeyResolver based on the configuration settings
 * @param kid
 * @param isToken
 * @return
 */
private static VerificationKeyResolver getKeyResolver(String kid, boolean isToken) {
    VerificationKeyResolver verificationKeyResolver = null;
    String keyResolver = (String) securityJwtConfig.getOrDefault(JWT_KEY_RESOLVER, JWT_KEY_RESOLVER_X509CERT);
    switch(keyResolver) {
        default:
        case JWT_KEY_RESOLVER_X509CERT:
            // get the public key certificate from the cache that is loaded from security.yml if it is not there,
            // go to OAuth2 server /oauth2/key endpoint to get the public key certificate with kid as parameter.
            X509Certificate certificate = certMap == null ? null : certMap.get(kid);
            if (certificate == null) {
                certificate = isToken ? getCertForToken(kid) : getCertForSign(kid);
                // null if bootstrapFromKeyService is true
                if (certMap == null)
                    certMap = new HashMap<>();
                certMap.put(kid, certificate);
            } else {
                logger.debug("Got raw certificate for kid: {} from local cache", kid);
            }
            X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(certificate);
            x509VerificationKeyResolver.setTryAllOnNoThumbHeader(true);
            verificationKeyResolver = x509VerificationKeyResolver;
            break;
        case JWT_KEY_RESOLVER_JWKS:
            List<JsonWebKey> jwkList = jwksMap == null ? null : jwksMap.get(kid);
            if (jwkList == null) {
                jwkList = getJsonWebKeySetForToken(kid);
                if (jwkList != null) {
                    // null if bootstrapFromKeyService is true
                    if (jwksMap == null)
                        jwksMap = new HashMap<>();
                    jwksMap.put(kid, jwkList);
                }
            } else {
                logger.debug("Got Json web key set for kid: {} from local cache", kid);
            }
            if (jwkList != null) {
                verificationKeyResolver = new JwksVerificationKeyResolver(jwkList);
            }
            break;
    }
    return verificationKeyResolver;
}