Package com.nimbusds.jose.proc

Class DefaultJOSEProcessor<C extends SecurityContext>

java.lang.Object

com.nimbusds.jose.proc.DefaultJOSEProcessor<C>

All Implemented Interfaces:

ConfigurableJOSEProcessor<C>, JOSEProcessor<C>, JOSEProcessorConfiguration<C>

@ThreadSafe
public class DefaultJOSEProcessor<C extends SecurityContext>
extends Object
implements ConfigurableJOSEProcessor<C>

Default processor of unsecured (plain), JWS and JWE objects.

Must be configured with the following:

• To verify JWS objects: A JWS key selector using the header to suggest key candidate(s) for the signature verification. The key selection procedure is application-specific and may involve key ID lookup, a certificate check and / or some context.
• To decrypt JWE objects: A JWE key selector using the header to suggest key candidate(s) for decryption. The key selection procedure is application-specific and may involve key ID lookup, a certificate check and / or some context.

An optional context parameter is available to facilitate passing of additional data between the caller and the underlying selector of key candidates (in both directions).

See sections 6 of RFC 7515 (JWS) and RFC 7516 (JWE) for guidelines on key selection.

This processor is configured with a standard header "typ" (type) parameter verifier which expects the JWS, JWE and plain (unsecured) objects to have the type header omitted or set to JOSE. To accept other "typ" values pass an appropriately configured JWS and / or JWE type verifier.

This processor comes with the default JWS verifier factory and the default JWE decrypter factory; they can construct verifiers / decrypters for all standard JOSE algorithms implemented by the library.

Note that for security reasons this processor is hardwired to reject unsecured (plain) JOSE objects. Override the process(PlainObject, SecurityContext) method if you need to handle unsecured JOSE objects.

To process JSON Web Tokens (JWTs) use the DefaultJWTProcessor class.

Version:

2019-10-15

Author:

Vladimir Dzhuvinov

Constructor Summary

Constructors

Constructor	Description
DefaultJOSEProcessor()

Method Summary

Modifier and Type	Method	Description
JWEDecrypterFactory	getJWEDecrypterFactory()	Gets the factory for creating JWE decrypter instances.
JWEKeySelector<C>	getJWEKeySelector()	Gets the JWE key selector.
JOSEObjectTypeVerifier<C>	getJWETypeVerifier()	Gets the JWE header "typ" (type) parameter verifier.
JWSKeySelector<C>	getJWSKeySelector()	Gets the JWS key selector.
JOSEObjectTypeVerifier<C>	getJWSTypeVerifier()	Gets the JWS header "typ" (type) parameter verifier.
JWSVerifierFactory	getJWSVerifierFactory()	Gets the factory for creating JWS verifier instances.
Payload	process(JOSEObject joseObject, C context)	Processes the specified JOSE object (unsecured, JWS or JWE).
Payload	process(JWEObject jweObject, C context)	Processes the specified JWE object by decrypting it.
Payload	process(JWSObject jwsObject, C context)	Processes the specified JWS object by verifying its signature.
Payload	process(PlainObject plainObject, C context)	Processes the specified unsecured (plain) JOSE object, typically by checking its context.
Payload	process(String compactJOSE, C context)	Parses and processes the specified JOSE object (unsecured, JWS or JWE).
void	setJWEDecrypterFactory(JWEDecrypterFactory factory)	Sets the factory for creating JWE decrypter instances.
void	setJWEKeySelector(JWEKeySelector<C> jweKeySelector)	Sets the JWE key selector.
void	setJWETypeVerifier(JOSEObjectTypeVerifier<C> jweTypeVerifier)	Sets the JWE header "typ" (type) parameter verifier.
void	setJWSKeySelector(JWSKeySelector<C> jwsKeySelector)	Sets the JWS key selector.
void	setJWSTypeVerifier(JOSEObjectTypeVerifier<C> jwsTypeVerifier)	Sets the JWS header "typ" (type) parameter verifier.
void	setJWSVerifierFactory(JWSVerifierFactory factory)	Sets the factory for creating JWS verifier instances.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

DefaultJOSEProcessor

public DefaultJOSEProcessor()

Method Details

getJWSTypeVerifier

public JOSEObjectTypeVerifier<C> getJWSTypeVerifier()

Description copied from interface: JOSEProcessorConfiguration

Gets the JWS header "typ" (type) parameter verifier. This verifier is also applied to plain (unsecured) JOSE objects. If none JWS and plain objects will be rejected.

Specified by:

getJWSTypeVerifier in interface JOSEProcessorConfiguration<C extends SecurityContext>

Returns:

The JWS type verifier, null if not specified.

setJWSTypeVerifier

public void setJWSTypeVerifier(JOSEObjectTypeVerifier<C> jwsTypeVerifier)

Description copied from interface: JOSEProcessorConfiguration

Sets the JWS header "typ" (type) parameter verifier. This verifier is also applied to plain (unsecured) JOSE objects. If none JWS and plain objects will be rejected.

Specified by:

setJWSTypeVerifier in interface JOSEProcessorConfiguration<C extends SecurityContext>

Parameters:

jwsTypeVerifier - The JWS type verifier, null if not specified.

getJWSKeySelector

public JWSKeySelector<C> getJWSKeySelector()

Description copied from interface: JOSEProcessorConfiguration

Gets the JWS key selector. If none JWS objects will be rejected.

Specified by:

getJWSKeySelector in interface JOSEProcessorConfiguration<C extends SecurityContext>

Returns:

The JWS key selector, null if not specified.

setJWSKeySelector

public void setJWSKeySelector(JWSKeySelector<C> jwsKeySelector)

Description copied from interface: JOSEProcessorConfiguration

Sets the JWS key selector. If none JWS objects will be rejected.

Specified by:

setJWSKeySelector in interface JOSEProcessorConfiguration<C extends SecurityContext>

Parameters:

jwsKeySelector - The JWS key selector, null if not specified.

getJWETypeVerifier

public JOSEObjectTypeVerifier<C> getJWETypeVerifier()

Description copied from interface: JOSEProcessorConfiguration

Gets the JWE header "typ" (type) parameter verifier. If none JWE objects will be rejected.

Specified by:

getJWETypeVerifier in interface JOSEProcessorConfiguration<C extends SecurityContext>

Returns:

The JWE verifier, null if not specified.

setJWETypeVerifier

public void setJWETypeVerifier(JOSEObjectTypeVerifier<C> jweTypeVerifier)

Description copied from interface: JOSEProcessorConfiguration

Sets the JWE header "typ" (type) parameter verifier. If none JWE objects will be rejected.

Specified by:

setJWETypeVerifier in interface JOSEProcessorConfiguration<C extends SecurityContext>

Parameters:

jweTypeVerifier - The JWE type verifier, null if not specified.

getJWEKeySelector

public JWEKeySelector<C> getJWEKeySelector()

Description copied from interface: JOSEProcessorConfiguration

Gets the JWE key selector. If none JWE objects will be rejected.

Specified by:

getJWEKeySelector in interface JOSEProcessorConfiguration<C extends SecurityContext>

Returns:

The JWE key selector, null if not specified.

setJWEKeySelector

public void setJWEKeySelector(JWEKeySelector<C> jweKeySelector)

Description copied from interface: JOSEProcessorConfiguration

Sets the JWE key selector. If none JWE objects will be rejected.

Specified by:

setJWEKeySelector in interface JOSEProcessorConfiguration<C extends SecurityContext>

Parameters:

jweKeySelector - The JWE key selector, null if not specified.

getJWSVerifierFactory

public JWSVerifierFactory getJWSVerifierFactory()

Description copied from interface: JOSEProcessorConfiguration

Gets the factory for creating JWS verifier instances. If none JWS objects will be rejected.

Specified by:

getJWSVerifierFactory in interface JOSEProcessorConfiguration<C extends SecurityContext>

Returns:

The JWS verifier factory, null if not specified.

setJWSVerifierFactory

public void setJWSVerifierFactory(JWSVerifierFactory factory)

Description copied from interface: JOSEProcessorConfiguration

Sets the factory for creating JWS verifier instances. If none JWS objects will be rejected.

Specified by:

setJWSVerifierFactory in interface JOSEProcessorConfiguration<C extends SecurityContext>

Parameters:

factory - The JWS verifier factory, null if not specified.

getJWEDecrypterFactory

public JWEDecrypterFactory getJWEDecrypterFactory()

Description copied from interface: JOSEProcessorConfiguration

Gets the factory for creating JWE decrypter instances. If none JWE objects will be rejected.

Specified by:

getJWEDecrypterFactory in interface JOSEProcessorConfiguration<C extends SecurityContext>

Returns:

The JWE decrypter factory, null if not specified.

setJWEDecrypterFactory

public void setJWEDecrypterFactory(JWEDecrypterFactory factory)

Description copied from interface: JOSEProcessorConfiguration

Sets the factory for creating JWE decrypter instances. If none JWE objects will be rejected.

Specified by:

setJWEDecrypterFactory in interface JOSEProcessorConfiguration<C extends SecurityContext>

Parameters:

factory - The JWE decrypter factory, null if not specified.

process

public Payload process(String compactJOSE,
 C context)
                throws ParseException,
BadJOSEException,
JOSEException

Description copied from interface: JOSEProcessor

Parses and processes the specified JOSE object (unsecured, JWS or JWE).

Specified by:

process in interface JOSEProcessor<C extends SecurityContext>

Parameters:

compactJOSE - The JOSE object, compact-encoded to a URL-safe string. Must not be null.

context - Optional context, null if not required.

Returns:

The payload on success.

Throws:

ParseException - If the string couldn't be parsed to a valid JOSE object.

BadJOSEException - If the JOSE object is rejected.

JOSEException - If an internal processing exception is encountered.

process

public Payload process(JOSEObject joseObject,
 C context)
                throws BadJOSEException,
JOSEException

Description copied from interface: JOSEProcessor

Processes the specified JOSE object (unsecured, JWS or JWE).

Specified by:

process in interface JOSEProcessor<C extends SecurityContext>

Parameters:

joseObject - The JOSE object. Must not be null.

context - Optional context, null if not required.

Returns:

The payload on success.

Throws:

BadJOSEException - If the JOSE object is rejected.

JOSEException - If an internal processing exception is encountered.

process

public Payload process(PlainObject plainObject,
 C context)
                throws BadJOSEException

Description copied from interface: JOSEProcessor

Processes the specified unsecured (plain) JOSE object, typically by checking its context.

Specified by:

process in interface JOSEProcessor<C extends SecurityContext>

Parameters:

plainObject - The unsecured (plain) JOSE object. Not null.

context - Optional context, null if not required.

Returns:

The payload on success.

Throws:

BadJOSEException - If the unsecured (plain) JOSE object is rejected.

process

public Payload process(JWSObject jwsObject,
 C context)
                throws BadJOSEException,
JOSEException

Description copied from interface: JOSEProcessor

Processes the specified JWS object by verifying its signature. The key candidate(s) are selected by examining the JWS header and / or the message context.

Specified by:

process in interface JOSEProcessor<C extends SecurityContext>

Parameters:

jwsObject - The JWS object. Not null.

context - Optional context, null if not required.

Returns:

The payload on success.

Throws:

BadJOSEException - If the JWS object is rejected, typically due to a bad signature.

JOSEException - If an internal processing exception is encountered.

process

public Payload process(JWEObject jweObject,
 C context)
                throws BadJOSEException,
JOSEException

Description copied from interface: JOSEProcessor

Processes the specified JWE object by decrypting it. The key candidate(s) are selected by examining the JWS header and / or the message context.

Specified by:

process in interface JOSEProcessor<C extends SecurityContext>

Parameters:

jweObject - The JWE object. Not null.

context - Optional context of the JWE object, null if not required.

Returns:

The payload on success.

Throws:

BadJOSEException - If the JWE object is rejected, typically due to failed decryption.

JOSEException - If an internal processing exception is encountered.