Package com.nimbusds.jose.jwk.source

Class RemoteJWKSet<C extends SecurityContext>

java.lang.Object
com.nimbusds.jose.jwk.source.RemoteJWKSet<C>
All Implemented Interfaces:
JWKSource<C>
@ThreadSafe @Deprecated public class RemoteJWKSet<C extends SecurityContext> extends Object implements JWKSource<C>
Deprecated.
Construct a JWKSource using JWKSourceBuilder.
Remote JSON Web Key (JWK) source specified by a JWK set URL. The retrieved JWK set is cached to minimise network calls. The cache is updated whenever the key selector tries to get a key with an unknown ID or the cache expires.

If no ResourceRetriever is specified when creating a remote JWK set source the default one will be used, with the following HTTP timeouts and limits:

  • HTTP connect timeout, in milliseconds: Determined by the DEFAULT_HTTP_CONNECT_TIMEOUT constant which can be overridden by setting the com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpConnectTimeout Java system property.
  • HTTP read timeout, in milliseconds: Determined by the DEFAULT_HTTP_READ_TIMEOUT constant which can be overridden by setting the com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpReadTimeout Java system property.
  • HTTP entity size limit: Determined by the DEFAULT_HTTP_SIZE_LIMIT constant which can be overridden by setting the com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpSizeLimit Java system property.

A failover JWK source can be configured in case the JWK set URL becomes unavailable (HTTP 404) or times out. The failover JWK source can be another URL or some other object.

Version:
2024-04-20
Author:
Vladimir Dzhuvinov, Andreas Huber

  • Field Details

  • Constructor Details

    • RemoteJWKSet

      public RemoteJWKSet(URL jwkSetURL)
      Deprecated.
      Creates a new remote JWK set using the default HTTP resource retriever with the default HTTP timeouts and entity size limit.
      Parameters:
      jwkSetURL - The JWK set URL. Must not be null.

    • RemoteJWKSet

      public RemoteJWKSet(URL jwkSetURL, JWKSource<C> failoverJWKSource)
      Deprecated.
      Creates a new remote JWK set using the default HTTP resource retriever with the default HTTP timeouts and entity size limit.
      Parameters:
      jwkSetURL - The JWK set URL. Must not be null.
      failoverJWKSource - Optional failover JWK source in case retrieval from the JWK set URL fails, null if no failover is specified.

    • RemoteJWKSet

      public RemoteJWKSet(URL jwkSetURL, ResourceRetriever resourceRetriever)
      Deprecated.
      Creates a new remote JWK set.
      Parameters:
      jwkSetURL - The JWK set URL. Must not be null.
      resourceRetriever - The HTTP resource retriever to use, null to use the default one with the default HTTP timeouts and entity size limit.

    • RemoteJWKSet

      public RemoteJWKSet(URL jwkSetURL, ResourceRetriever resourceRetriever, JWKSetCache jwkSetCache)
      Deprecated.
      Creates a new remote JWK set.
      Parameters:
      jwkSetURL - The JWK set URL. Must not be null.
      resourceRetriever - The HTTP resource retriever to use, null to use the default one with the default HTTP timeouts and entity size limit.
      jwkSetCache - The JWK set cache to use, null to use the default one.

    • RemoteJWKSet

      public RemoteJWKSet(URL jwkSetURL, JWKSource<C> failoverJWKSource, ResourceRetriever resourceRetriever, JWKSetCache jwkSetCache)
      Deprecated.
      Creates a new remote JWK set.
      Parameters:
      jwkSetURL - The JWK set URL. Must not be null.
      failoverJWKSource - Optional failover JWK source in case retrieval from the JWK set URL fails, null if no failover is specified.
      resourceRetriever - The HTTP resource retriever to use, null to use the default one with the default HTTP timeouts and entity size limit.
      jwkSetCache - The JWK set cache to use, null to use the default one.

  • Method Details

    • resolveDefaultHTTPConnectTimeout

      public static int resolveDefaultHTTPConnectTimeout()
      Deprecated.
      Resolves the default HTTP connect timeout for JWK set retrieval, in milliseconds.
      Returns:
      The static constant, overridden by setting the com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpConnectTimeout Java system property.

    • resolveDefaultHTTPReadTimeout

      public static int resolveDefaultHTTPReadTimeout()
      Deprecated.
      Resolves the default HTTP read timeout for JWK set retrieval, in milliseconds.
      Returns:
      The static constant, overridden by setting the com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpReadTimeout Java system property.

    • resolveDefaultHTTPSizeLimit

      public static int resolveDefaultHTTPSizeLimit()
      Deprecated.
      Resolves default HTTP entity size limit for JWK set retrieval, in bytes.
      Returns:
      The static constant, overridden by setting the com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpSizeLimit Java system property.

    • getJWKSetURL

      public URL getJWKSetURL()
      Deprecated.
      Returns the JWK set URL.
      Returns:
      The JWK set URL.

    • getFailoverJWKSource

      public JWKSource<C> getFailoverJWKSource()
      Deprecated.
      Returns the optional failover JWK source.
      Returns:
      The failover JWK source, null if not specified.

    • getResourceRetriever

      public ResourceRetriever getResourceRetriever()
      Deprecated.
      Returns the HTTP resource retriever.
      Returns:
      The HTTP resource retriever.

    • getJWKSetCache

      public JWKSetCache getJWKSetCache()
      Deprecated.
      Returns the configured JWK set cache.
      Returns:
      The JWK set cache.

    • getCachedJWKSet

      public JWKSet getCachedJWKSet()
      Deprecated.
      Returns the cached JWK set.
      Returns:
      The cached JWK set, null if none or expired.

    • getFirstSpecifiedKeyID

      protected static String getFirstSpecifiedKeyID(JWKMatcher jwkMatcher)
      Deprecated.
      Returns the first specified key ID (kid) for a JWK matcher.
      Parameters:
      jwkMatcher - The JWK matcher. Must not be null.
      Returns:
      The first key ID, null if none.

    • get

      public List<JWK> get(JWKSelector jwkSelector, C context) throws RemoteKeySourceException
      Deprecated.
      Description copied from interface: JWKSource
      Retrieves a list of JWKs matching the specified selector.
      Specified by:
      get in interface JWKSource<C extends SecurityContext>
      Parameters:
      jwkSelector - A JWK selector. Must not be null.
      context - Optional context, null if not required.
      Returns:
      The matching JWKs, empty list if no matches were found.
      Throws:
      RemoteKeySourceException