Package org.keycloak.sdjwt

Class SdJws

java.lang.Object

org.keycloak.sdjwt.SdJws

Direct Known Subclasses:

IssuerSignedJWT, KeyBindingJWT

public abstract class SdJws
extends Object

Handle jws, either the issuer jwt or the holder key binding jwt.

Author:

Francis Pouatcha

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CLAIM_NAME_ISSUER

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	SdJws(com.fasterxml.jackson.databind.JsonNode payload)
protected	SdJws(com.fasterxml.jackson.databind.JsonNode payload, SignatureSignerContext signer, String jwsType)
protected	SdJws(com.fasterxml.jackson.databind.JsonNode payload, JWSInput jwsInput)
protected	SdJws(String jwsString)

Method Summary

Modifier and Type	Method	Description
JWSHeader	getHeader()
com.fasterxml.jackson.databind.JsonNode	getPayload()
protected static JWSInput	sign(com.fasterxml.jackson.databind.JsonNode payload, SignatureSignerContext signer, String jwsType)
String	toJws()
void	verifyAge(int maxAge)	Verifies that the JWS is not too old.
void	verifyExpClaim()
void	verifyIssClaim(List<String> issuers)	Verifies that SD-JWT was issued by one of the provided issuers.
void	verifyIssuedAtClaim()
void	verifyNotBeforeClaim()
void	verifySignature(SignatureVerifierContext verifier)
void	verifyVctClaim(List<String> vcts)	Verifies that SD-JWT vct claim matches the expected one.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

CLAIM_NAME_ISSUER

public static final String CLAIM_NAME_ISSUER

See Also:

• Constant Field Values

Constructor Details

SdJws

protected SdJws(com.fasterxml.jackson.databind.JsonNode payload)

SdJws

protected SdJws(String jwsString)

SdJws

protected SdJws(com.fasterxml.jackson.databind.JsonNode payload,
 JWSInput jwsInput)

SdJws

protected SdJws(com.fasterxml.jackson.databind.JsonNode payload,
 SignatureSignerContext signer,
 String jwsType)

Method Details

toJws

public String toJws()

getPayload

public com.fasterxml.jackson.databind.JsonNode getPayload()

sign

protected static JWSInput sign(com.fasterxml.jackson.databind.JsonNode payload,
 SignatureSignerContext signer,
 String jwsType)

verifySignature

public void verifySignature(SignatureVerifierContext verifier)
                     throws VerificationException

Throws:

VerificationException

getHeader

public JWSHeader getHeader()

verifyIssuedAtClaim

public void verifyIssuedAtClaim()
                         throws VerificationException

Throws:

VerificationException

verifyExpClaim

public void verifyExpClaim()
                    throws VerificationException

Throws:

VerificationException

verifyNotBeforeClaim

public void verifyNotBeforeClaim()
                          throws VerificationException

Throws:

VerificationException

verifyAge

public void verifyAge(int maxAge)
               throws VerificationException

Verifies that the JWS is not too old.

Parameters:

maxAge - Maximum age in seconds

Throws:

VerificationException - if too old

verifyIssClaim

public void verifyIssClaim(List<String> issuers)
                    throws VerificationException

Verifies that SD-JWT was issued by one of the provided issuers.

Parameters:

issuers - List of trusted issuers

Throws:

VerificationException

verifyVctClaim

public void verifyVctClaim(List<String> vcts)
                    throws VerificationException

Verifies that SD-JWT vct claim matches the expected one.

Parameters:

vcts - list of supported verifiable credential types

Throws:

VerificationException