java.lang.Object
iu.crypt.Jwt
- All Implemented Interfaces:
WebToken
- Direct Known Subclasses:
SessionJwt
Immutable
WebToken with JWT signing, signature verification, and
encryption methods.-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected final JsonObjectParsed JWT claimsprotected static final IuJsonAdapter<Instant> TranslatesInstantvalues as seconds since epoch -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic JsonObjectdecryptAndVerify(String jwt, WebKey issuerKey, WebKey audienceKey) Parses, decrypts, and verifies a JWT encoded withJWS compact serialization.booleanGets the token audience URIs.Gets the time after which the JWT should not be accepted.Gets the time the JWT was issued.Gets the token issuer URI.getNonce()Gets the nonce claim.Gets the time before which the JWT should not be accepted.Gets the subject of the JWT.Gets the token identifier.inthashCode()booleanDetermines if the token has expired.sign(String type, WebKey.Algorithm algorithm, WebKey issuerKey) Signs thisJwtsignAndEncrypt(String type, WebKey.Algorithm signAlgorithm, WebKey issuerKey, WebKey.Algorithm encryptAlgorithm, WebEncryption.Encryption encryption, WebKey audienceKey) Signs and encrypts thisJwttoString()protected voidvalidate()Performs basic JWT validation logic.voidvalidateClaims(URI expectedAudience, Duration ttl) Verify JWT registered claims are well-formed and within the allowed time window.static JsonObjectParses and verifies a JWT encoded withJWS compact serialization.
-
Field Details
-
NUMERIC_DATE
TranslatesInstantvalues as seconds since epoch -
claims
Parsed JWT claims
-
-
Constructor Details
-
Jwt
JSON claims constructor- Parameters:
claims-JsonObjectof token claims
-
-
Method Details
-
verify
Parses and verifies a JWT encoded withJWS compact serialization.- Parameters:
jwt-JWS compact serializationissuerKey- Issuer publicWebKey- Returns:
JsonObjectof token claims
-
decryptAndVerify
Parses, decrypts, and verifies a JWT encoded withJWS compact serialization.- Parameters:
jwt-JWSorJWEcompact serializationissuerKey- Issuer publicWebKeyaudienceKey- Audience privateWebKey, ignored if the JWT is not encrypted- Returns:
JsonObjectof token claims
-
validate
protected void validate()Performs basic JWT validation logic.- See Also:
-
validateClaims
Description copied from interface:WebTokenVerify JWT registered claims are well-formed and within the allowed time window.In addition to the rules outlined in RFC-7519 JWT Section 4.1, REQUIRES the following claim values to be present and not empty:
- Specified by:
validateClaimsin interfaceWebToken- Parameters:
expectedAudience- Expected audienceURIttl- Maximum assertion time to live allowed by configuration
-
getTokenId
Description copied from interface:WebTokenGets the token identifier.- Specified by:
getTokenIdin interfaceWebToken- Returns:
- token identifier (jti claim);
-
getIssuer
Description copied from interface:WebTokenGets the token issuer URI. -
getAudience
Description copied from interface:WebTokenGets the token audience URIs.- Specified by:
getAudiencein interfaceWebToken- Returns:
- at least one
URI
-
getSubject
Description copied from interface:WebTokenGets the subject of the JWT.- Specified by:
getSubjectin interfaceWebToken- Returns:
- subject (sub claim)
-
getIssuedAt
Description copied from interface:WebTokenGets the time the JWT was issued.- Specified by:
getIssuedAtin interfaceWebToken- Returns:
- issued time (iat claim)
-
getNotBefore
Description copied from interface:WebTokenGets the time before which the JWT should not be accepted.- Specified by:
getNotBeforein interfaceWebToken- Returns:
- not before time (nbf claim)
-
getExpires
Description copied from interface:WebTokenGets the time after which the JWT should not be accepted.- Specified by:
getExpiresin interfaceWebToken- Returns:
- token expiration time (exp claim)
-
getNonce
Description copied from interface:WebTokenGets the nonce claim. -
isExpired
public boolean isExpired()Description copied from interface:WebTokenDetermines if the token has expired.- Specified by:
isExpiredin interfaceWebToken- Returns:
- true if
WebToken.getExpires()is in the past
-
sign
Signs thisJwt- Specified by:
signin interfaceWebToken- Parameters:
type- Token typealgorithm-WebKey.AlgorithmissuerKey- Issuer privateWebKey- Returns:
JWS compact serialization
-
signAndEncrypt
public String signAndEncrypt(String type, WebKey.Algorithm signAlgorithm, WebKey issuerKey, WebKey.Algorithm encryptAlgorithm, WebEncryption.Encryption encryption, WebKey audienceKey) Signs and encrypts thisJwt- Specified by:
signAndEncryptin interfaceWebToken- Parameters:
type- Token typesignAlgorithm-WebKey.AlgorithmissuerKey- Issuer privateWebKeyencryptAlgorithm-WebKey.Algorithmencryption-WebEncryption.EncryptionaudienceKey- Audience publicWebKey- Returns:
JWE compact serialization
-
hashCode
public int hashCode() -
equals
-
toString
-