com.nimbusds.jose.proc

Interface JWSKeySelector<C extends SecurityContext>

All Known Implementing Classes:

JWSVerificationKeySelector

public interface JWSKeySelector<C extends SecurityContext>

Interface for selecting key candidates for verifying a JSON Web Signature (JWS) object. Applications should utilise this interface or a similar framework to determine whether a received JWS object (or signed JWT) is eligible for verification and further processing.

The key selection should be based on application specific criteria, such as recognised header parameters referencing the key (e.g. kid, x5t) and / or the JWS object SecurityContext.

See JSON Web Signature (JWS), Appendix D. Notes on Key Selection for suggestions.

Possible key types:

• SecretKey for HMAC keys.
• RSAPublicKey public RSA keys.
• ECPublicKey public EC keys.

Version:

2016-06-21

Author:

Vladimir Dzhuvinov

Method Summary

Modifier and Type	Method and Description
List<? extends Key>	selectJWSKeys(JWSHeader header, C context) Selects key candidates for verifying a JWS object.

Method Detail

selectJWSKeys

List<? extends Key> selectJWSKeys(JWSHeader header,
                                  C context)
                           throws KeySourceException

Selects key candidates for verifying a JWS object.

Parameters:

header - The header of the JWS object. Must not be null.

context - Optional context of the JWS object, null if not required.

Returns:

The key candidates in trial order, empty list if none.

Throws:

KeySourceException - If a key sourcing exception is encountered, e.g. on remote JWK retrieval.