Package org.keycloak.sdjwt

Class IssuerSignedJWT

java.lang.Object

org.keycloak.sdjwt.JwsToken

org.keycloak.sdjwt.IssuerSignedJWT

public class IssuerSignedJWT
extends JwsToken

Handle verifiable credentials (SD-JWT VC), enabling the parsing of existing VCs as well as the creation and signing of new ones. It integrates with Keycloak's SignatureSignerContext to facilitate the generation of issuer signature.

Author:

Francis Pouatcha

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	IssuerSignedJWT.Builder

Field Summary

Fields inherited from class org.keycloak.sdjwt.JwsToken

jws, jwsHeader, jwsInput, payload

Constructor Summary

Constructors

Modifier	Constructor	Description
	IssuerSignedJWT(String jwsString)
	IssuerSignedJWT(JWSHeader jwsHeader, com.fasterxml.jackson.databind.node.ObjectNode payload)
protected	IssuerSignedJWT(DisclosureSpec disclosureSpec, JWSHeader jwsHeader, List<SdJwtClaim> disclosureClaims, List<DecoyClaim> decoyClaims, String hashAlg, boolean nestedDisclosures)
protected	IssuerSignedJWT(DisclosureSpec disclosureSpec, JWSHeader jwsHeader, List<SdJwtClaim> disclosureClaims, List<DecoyClaim> decoyClaims, String hashAlg, boolean nestedDisclosures, SignatureSignerContext signer)

Method Summary

Modifier and Type	Method	Description
static IssuerSignedJWT.Builder	builder()
Optional<com.fasterxml.jackson.databind.JsonNode>	getCnfClaim()	Returns `cnf` claim (establishing key binding)
List<DecoyClaim>	getDecoyClaims()
List<SdJwtClaim>	getDisclosureClaims()
DisclosureSpec	getDisclosureSpec()
String	getSdHashAlg()	Returns declared hash algorithm from SD hash claim.
void	setDisclosureClaims(DisclosureSpec disclosureSpec, List<SdJwtClaim> disclosureClaims, List<DecoyClaim> decoyClaims)
void	setDisclosureClaims(DisclosureSpec disclosureSpec, List<SdJwtClaim> disclosureClaims, List<DecoyClaim> decoyClaims, SignatureSignerContext signatureSignerContext)
void	verifySdHashAlgorithm()	Verifies that the SD hash algorithm is understood and deemed secure.

Methods inherited from class org.keycloak.sdjwt.JwsToken

getJws, getJwsHeader, getJwsHeaderAsNode, getJwsInput, getPayload, getSdHashAlgorithm, setJws, setJwsHeader, setJwsInput, setPayload, sign, verifySignature

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

IssuerSignedJWT

public IssuerSignedJWT(JWSHeader jwsHeader,
 com.fasterxml.jackson.databind.node.ObjectNode payload)

IssuerSignedJWT

public IssuerSignedJWT(String jwsString)

IssuerSignedJWT

protected IssuerSignedJWT(DisclosureSpec disclosureSpec,
 JWSHeader jwsHeader,
 List<SdJwtClaim> disclosureClaims,
 List<DecoyClaim> decoyClaims,
 String hashAlg,
 boolean nestedDisclosures)

IssuerSignedJWT

protected IssuerSignedJWT(DisclosureSpec disclosureSpec,
 JWSHeader jwsHeader,
 List<SdJwtClaim> disclosureClaims,
 List<DecoyClaim> decoyClaims,
 String hashAlg,
 boolean nestedDisclosures,
 SignatureSignerContext signer)

Method Details

getCnfClaim

public Optional<com.fasterxml.jackson.databind.JsonNode> getCnfClaim()

Returns `cnf` claim (establishing key binding)

getSdHashAlg

public String getSdHashAlg()

Returns declared hash algorithm from SD hash claim.

verifySdHashAlgorithm

public void verifySdHashAlgorithm()
                           throws VerificationException

Verifies that the SD hash algorithm is understood and deemed secure.

Throws:

VerificationException - if not

getDisclosureSpec

public DisclosureSpec getDisclosureSpec()

getDisclosureClaims

public List<SdJwtClaim> getDisclosureClaims()

getDecoyClaims

public List<DecoyClaim> getDecoyClaims()

setDisclosureClaims

public void setDisclosureClaims(DisclosureSpec disclosureSpec,
 List<SdJwtClaim> disclosureClaims,
 List<DecoyClaim> decoyClaims)

setDisclosureClaims

public void setDisclosureClaims(DisclosureSpec disclosureSpec,
 List<SdJwtClaim> disclosureClaims,
 List<DecoyClaim> decoyClaims,
 SignatureSignerContext signatureSignerContext)

builder

public static IssuerSignedJWT.Builder builder()