@Immutable public class DefaultJOSEObjectTypeVerifier<C extends SecurityContext> extends Object implements JOSEObjectTypeVerifier<C>
Example JWS header with a "typ" (type) parameter set to "at+jwt":
{ "alg" : "ES256", "typ" : "at+jwt", "kid" : "123" }
To create a verifier which allows the "typ" to be omitted or set to "JWT":
JOSEObjectVerifier verifier = new DefaultJOSEObjectTypeVerifier(JOSEObjectType.JWT, null);
To create a verifier which allows a "typ" of "at+jwt":
JOSEObjectVerifier verifier = new DefaultJOSEObjectTypeVerifier(new JOSEObjectType("at+jwt")));
Modifier and Type | Field and Description |
---|---|
static DefaultJOSEObjectTypeVerifier |
JOSE
The standard header "typ" (type) parameter verifier for JWS, JWE and
plain (unsecured) JOSE objects (other than JWT).
|
static DefaultJOSEObjectTypeVerifier |
JWT
The standard header "typ" (type) parameter verifier for signed,
encrypted and plain (unsecured) JWTs.
|
Constructor and Description |
---|
DefaultJOSEObjectTypeVerifier()
Creates a new JOSE object type verifier which allows the type to be
omitted or
null . |
DefaultJOSEObjectTypeVerifier(JOSEObjectType... allowedTypes)
Creates a new JOSE object type verifier allowing the specified
types.
|
DefaultJOSEObjectTypeVerifier(Set<JOSEObjectType> allowedTypes)
Creates a new JOSE object type verifier allowing the specified
types.
|
Modifier and Type | Method and Description |
---|---|
Set<JOSEObjectType> |
getAllowedTypes()
Returns the allowed JOSE object types.
|
void |
verify(JOSEObjectType type,
C context)
Verifies the JOSE "typ" (type) header parameter.
|
public static final DefaultJOSEObjectTypeVerifier JOSE
public static final DefaultJOSEObjectTypeVerifier JWT
public DefaultJOSEObjectTypeVerifier()
null
.public DefaultJOSEObjectTypeVerifier(Set<JOSEObjectType> allowedTypes)
allowedTypes
- The allowed types, if a null
is included
the type parameter may be omitted or
null
. The set must not be null
or empty.public DefaultJOSEObjectTypeVerifier(JOSEObjectType... allowedTypes)
allowedTypes
- The allowed types, if a null
is included
the type parameter may be omitted or
null
. The array must not be null
or empty.public Set<JOSEObjectType> getAllowedTypes()
null
is included
the type parameter may be omitted or null
.public void verify(JOSEObjectType type, C context) throws BadJOSEException
JOSEObjectTypeVerifier
verify
in interface JOSEObjectTypeVerifier<C extends SecurityContext>
type
- The "typ" (type) header parameter, null
if
not set.context
- Optional context, null
if not required.BadJOSEException
- If the type is rejected.Copyright © 2020 Connect2id Ltd.. All rights reserved.