Package org.keycloak.protocol.oid4vc.issuance.keybinding

Class JwtCNonceHandler

java.lang.Object

org.keycloak.protocol.oid4vc.issuance.keybinding.JwtCNonceHandler

All Implemented Interfaces:

CNonceHandler, Provider

public class JwtCNonceHandler
extends Object
implements CNonceHandler

Author:

Pascal Knüppel

Field Summary

Fields

Modifier and Type	Field	Description
static final int	NONCE_DEFAULT_LENGTH
static final int	NONCE_LENGTH_RANDOM_OFFSET
static final String	SOURCE_ENDPOINT

Constructor Summary

Constructors

Constructor	Description
JwtCNonceHandler(KeycloakSession keycloakSession)

Method Summary

Modifier and Type	Method	Description
String	buildCNonce(List<String> audiences, Map<String,Object> additionalDetails)	used to build a cNonce in any style.
protected boolean	checkAttributeEquality(String key, Object object, Object actualValue)
protected KeyWrapper	selectSigningKey(RealmModel realm)
void	verifyCNonce(String cNonce, List<String> audiences, Map<String,Object> additionalDetails)	must verify the validity of a cNonce value that has been issued by the CNonceHandler.buildCNonce(List, Map) method.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.protocol.oid4vc.issuance.keybinding.CNonceHandler

close

Field Details

SOURCE_ENDPOINT

public static final String SOURCE_ENDPOINT

See Also:

• Constant Field Values

NONCE_DEFAULT_LENGTH

public static final int NONCE_DEFAULT_LENGTH

See Also:

• Constant Field Values

NONCE_LENGTH_RANDOM_OFFSET

public static final int NONCE_LENGTH_RANDOM_OFFSET

See Also:

• Constant Field Values

Constructor Details

JwtCNonceHandler

public JwtCNonceHandler(KeycloakSession keycloakSession)

Method Details

buildCNonce

public String buildCNonce(List<String> audiences,
 Map<String,Object> additionalDetails)

Description copied from interface: CNonceHandler

used to build a cNonce in any style. For jwt-based cNonces we will additionally require the audience-values that should be added into the cNonce

Specified by:

buildCNonce in interface CNonceHandler

Parameters:

audiences - the audiences for jwt-based cNonces

additionalDetails - additional attributes that might be required to build the cNonce and that are handler specific

Returns:

the cNonce in string representation

verifyCNonce

public void verifyCNonce(String cNonce,
 List<String> audiences,
 @Nullable
 Map<String,Object> additionalDetails)
                  throws VerificationException

Description copied from interface: CNonceHandler

must verify the validity of a cNonce value that has been issued by the CNonceHandler.buildCNonce(List, Map) method.

Specified by:

verifyCNonce in interface CNonceHandler

Parameters:

cNonce - the cNonce to validate

audiences - the expected audiences for jwt-based cNonces

additionalDetails - additional attributes that might be required to build the cNonce and that are handler specific

Throws:

VerificationException

checkAttributeEquality

protected boolean checkAttributeEquality(String key,
 Object object,
 Object actualValue)
                                  throws VerificationException

Throws:

VerificationException

selectSigningKey

protected KeyWrapper selectSigningKey(RealmModel realm)