Module iu.util.crypt
Package edu.iu.crypt

Interface WebToken

All Known Implementing Classes:
Jwt, SessionJwt
public interface WebToken
Represents a JSON Web Token (JWT).

  • Method Details

    • builder

      static WebTokenBuilder builder()
      Gets a mutable WebTokenBuilder instance.
      Returns:
      WebTokenBuilder

    • isEncrypted

      static boolean isEncrypted(String jwt)
      Convenience method to determine if a JWT is encrypted.
      Parameters:
      jwt - JWT
      Returns:
      true if the JWT is encrypted; else false

    • verify

      static WebToken verify(String jwt, WebKey issuerKey)
      Verifies a signed JSON Web Token (JWT).
      Parameters:
      jwt - Signed JWT
      issuerKey - Public key of the token issuer
      Returns:
      WebToken

    • decryptAndVerify

      static WebToken decryptAndVerify(String jwt, WebKey issuerKey, WebKey audienceKey)
      Decrypts and verifies a signed JSON Web Token (JWT).
      Parameters:
      jwt - Signed JWT
      issuerKey - Public key of the token issuer
      audienceKey - Public key of the token audience
      Returns:
      WebToken

    • getTokenId

      String getTokenId()
      Gets the token identifier.
      Returns:
      token identifier (jti claim);

    • getIssuer

      URI getIssuer()
      Gets the token issuer URI.
      Returns:
      URI

    • getAudience

      Iterable<URI> getAudience()
      Gets the token audience URIs.
      Returns:
      at least one URI

    • getSubject

      String getSubject()
      Gets the subject of the JWT.
      Returns:
      subject (sub claim)

    • getIssuedAt

      Instant getIssuedAt()
      Gets the time the JWT was issued.
      Returns:
      issued time (iat claim)

    • getNotBefore

      Instant getNotBefore()
      Gets the time before which the JWT should not be accepted.
      Returns:
      not before time (nbf claim)

    • getExpires

      Instant getExpires()
      Gets the time after which the JWT should not be accepted.
      Returns:
      token expiration time (exp claim)

    • getNonce

      String getNonce()
      Gets the nonce claim.
      Returns:
      nonce claim value
      See Also:

    • isExpired

      boolean isExpired()
      Determines if the token has expired.
      Returns:
      true if getExpires() is in the past

    • validateClaims

      void validateClaims(URI audience, Duration ttl)
      Verify JWT registered claims are well-formed and within the allowed time window.

      In addition to the rules outlined in RFC-7519 JWT Section 4.1, REQUIRES the following claim values to be present and not empty:

      Parameters:
      audience - Expected audience URI
      ttl - Maximum assertion time to live allowed by configuration

    • sign

      String sign(String type, WebKey.Algorithm algorithm, WebKey issuerKey)
      Encodes all claims as a signed JSON Web Token
      Parameters:
      type - token type; e.g., "JWT"
      algorithm - signature algorithm
      issuerKey - issuer key
      Returns:
      Signed JWT

    • signAndEncrypt

      String signAndEncrypt(String type, WebKey.Algorithm signAlgorithm, WebKey issuerKey, WebKey.Algorithm encryptAlgorithm, WebEncryption.Encryption encryption, WebKey audienceKey)
      Encodes all claims as a signed and encrypted JSON Web Token.
      Parameters:
      type - token type; e.g., "JWT"
      signAlgorithm - signature algorithm
      issuerKey - issuer key
      encryptAlgorithm - key protection algorithm
      encryption - content encryption algorithm
      audienceKey - audience key
      Returns:
      Signed and encrypted JWT