Package org.keycloak.protocol.oid4vc.issuance.keybinding

Class AttestationValidatorUtil

java.lang.Object

org.keycloak.protocol.oid4vc.issuance.keybinding.AttestationValidatorUtil

public class AttestationValidatorUtil
extends Object

Utility for validating attestation JWTs as per OID4VCI spec.

Author:

Rodrick Awambeng

Field Summary

Fields

Modifier and Type	Field	Description
static final String	ATTESTATION_JWT_TYP
static final String	LEGACY_ATTESTATION_JWT_TYP	Deprecated.

Constructor Summary

Constructors

Constructor	Description
AttestationValidatorUtil()

Method Summary

Modifier and Type	Method	Description
static KeyAttestationJwtBody	validateAttestationJwt(String attestationJwt, KeycloakSession keycloakSession, VCIssuanceContext vcIssuanceContext, AttestationKeyResolver keyResolver, boolean requireExpForJwtProof, String proofTypeKeyForSigningAlgPolicy)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

ATTESTATION_JWT_TYP

public static final String ATTESTATION_JWT_TYP

See Also:

• Constant Field Values

LEGACY_ATTESTATION_JWT_TYP

@Deprecated
public static final String LEGACY_ATTESTATION_JWT_TYP

Deprecated.

See Also:

• Constant Field Values

Constructor Details

AttestationValidatorUtil

public AttestationValidatorUtil()

Method Details

validateAttestationJwt

public static KeyAttestationJwtBody validateAttestationJwt(String attestationJwt,
 KeycloakSession keycloakSession,
 VCIssuanceContext vcIssuanceContext,
 AttestationKeyResolver keyResolver,
 boolean requireExpForJwtProof,
 String proofTypeKeyForSigningAlgPolicy)
                                                    throws JWSInputException,
VerificationException

Parameters:

requireExpForJwtProof - OID4VCI D.1: exp MUST be present when the attestation is used with the jwt proof type (embedded key_attestation header).

proofTypeKeyForSigningAlgPolicy - ProofType value (jwt or attestation) to resolve proof_signing_alg_values_supported; if null, only FAPI ALLOWED_ALGORITHMS is enforced.

Throws:

JWSInputException

VerificationException