org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService クラス

org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService の継承関係図

org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService 連携図

公開メンバ関数
	DefaultJWTSigningAndValidationService (Map< String, JWK > keys) throws NoSuchAlgorithmException, InvalidKeySpecException
	DefaultJWTSigningAndValidationService (JWKSetKeyStore keyStore) throws NoSuchAlgorithmException, InvalidKeySpecException
String	getDefaultSignerKeyId ()
void	setDefaultSignerKeyId (String defaultSignerId)
JWSAlgorithm	getDefaultSigningAlgorithm ()
void	setDefaultSigningAlgorithmName (String algName)
String	getDefaultSigningAlgorithmName ()
void	signJwt (SignedJWT jwt)
void	signJwt (SignedJWT jwt, JWSAlgorithm alg)
boolean	validateSignature (SignedJWT jwt)
Map< String, JWK >	getAllPublicKeys ()
Collection< JWSAlgorithm >	getAllSigningAlgsSupported ()

非公開メンバ関数
void	buildSignersAndVerifiers () throws NoSuchAlgorithmException, InvalidKeySpecException

非公開変数類
Map< String, JWSSigner >	signers = new HashMap<>()
Map< String, JWSVerifier >	verifiers = new HashMap<>()
String	defaultSignerKeyId
JWSAlgorithm	defaultAlgorithm
Map< String, JWK >	keys = new HashMap<>()

静的非公開変数類
static final Logger	logger = LoggerFactory.getLogger(DefaultJWTSigningAndValidationService.class)

詳解

構築子と解体子

DefaultJWTSigningAndValidationService() [1/2]

org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.DefaultJWTSigningAndValidationService ( Map< String, JWK >  keys ) throws NoSuchAlgorithmException, InvalidKeySpecException

inline

Build this service based on the keys given. All public keys will be used to make verifiers, all private keys will be used to make signers.

引数

keys	A map of key identifier to key

例外

InvalidKeySpecException	If the keys in the JWKs are not valid
NoSuchAlgorithmException	If there is no appropriate algorithm to tie the keys to.

                                                                                                                                     {
                this.keys = keys;
                buildSignersAndVerifiers();
        }

DefaultJWTSigningAndValidationService() [2/2]

org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.DefaultJWTSigningAndValidationService ( JWKSetKeyStore  keyStore ) throws NoSuchAlgorithmException, InvalidKeySpecException

inline

Build this service based on the given keystore. All keys must have a key id (

kid 

) field in order to be used.

引数

keyStore

the keystore to load all keys from

例外

InvalidKeySpecException	If the keys in the JWKs are not valid
NoSuchAlgorithmException	If there is no appropriate algorithm to tie the keys to.

                                                                                                                                       {
                // convert all keys in the keystore to a map based on key id
                if (keyStore!= null && keyStore.getJwkSet() != null) {
                        for (JWK key : keyStore.getKeys()) {
                                if (!Strings.isNullOrEmpty(key.getKeyID())) {
                                        // use the key ID that's built into the key itself
                                        this.keys.put(key.getKeyID(), key);
                                } else {
                                        // create a random key id
                                        String fakeKid = UUID.randomUUID().toString();
                                        this.keys.put(fakeKid, key);
                                }
                        }
                }
                buildSignersAndVerifiers();
        }

関数詳解

buildSignersAndVerifiers()

void org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.buildSignersAndVerifiers ( ) throws NoSuchAlgorithmException, InvalidKeySpecException

inlineprivate

Build all of the signers and verifiers for this based on the key map.

例外

InvalidKeySpecException	If the keys in the JWKs are not valid
NoSuchAlgorithmException	If there is no appropriate algorithm to tie the keys to.

                                                                                                         {
                for (Map.Entry<String, JWK> jwkEntry : keys.entrySet()) {

                        String id = jwkEntry.getKey();
                        JWK jwk = jwkEntry.getValue();

                        try {
                                if (jwk instanceof RSAKey) {
                                        // build RSA signers & verifiers

                                        if (jwk.isPrivate()) { // only add the signer if there's a private key
                                                RSASSASigner signer = new RSASSASigner((RSAKey) jwk);
                                                signers.put(id, signer);
                                        }

                                        RSASSAVerifier verifier = new RSASSAVerifier((RSAKey) jwk);
                                        verifiers.put(id, verifier);

                                } else if (jwk instanceof ECKey) {
                                        // build EC signers & verifiers

                                        if (jwk.isPrivate()) {
                                                ECDSASigner signer = new ECDSASigner((ECKey) jwk);
                                                signers.put(id, signer);
                                        }

                                        ECDSAVerifier verifier = new ECDSAVerifier((ECKey) jwk);
                                        verifiers.put(id, verifier);

                                } else if (jwk instanceof OctetSequenceKey) {
                                        // build HMAC signers & verifiers

                                        if (jwk.isPrivate()) { // technically redundant check because all HMAC keys are private
                                                MACSigner signer = new MACSigner((OctetSequenceKey) jwk);
                                                signers.put(id, signer);
                                        }

                                        MACVerifier verifier = new MACVerifier((OctetSequenceKey) jwk);
                                        verifiers.put(id, verifier);

                                } else {
                                        logger.warn("Unknown key type: " + jwk);
                                }
                        } catch (JOSEException e) {
                                logger.warn("Exception loading signer/verifier", e);
                        }
                }

                if (defaultSignerKeyId == null && keys.size() == 1) {
                        // if there's only one key, it's the default
                        setDefaultSignerKeyId(keys.keySet().iterator().next());
                }
        }

getAllPublicKeys()

Map<String, JWK> org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.getAllPublicKeys ( )

inline

org.mitre.jwt.signer.service.JWTSigningAndValidationServiceを実装しています。

                                                   {
                Map<String, JWK> pubKeys = new HashMap<>();

                // pull all keys out of the verifiers if we know how
                for (String keyId : keys.keySet()) {
                        JWK key = keys.get(keyId);
                        JWK pub = key.toPublicJWK();
                        if (pub != null) {
                                pubKeys.put(keyId, pub);
                        }
                }

                return pubKeys;
        }

getAllSigningAlgsSupported()

Collection<JWSAlgorithm> org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.getAllSigningAlgsSupported ( )

inline

org.mitre.jwt.signer.service.JWTSigningAndValidationServiceを実装しています。

                                                                     {

                Set<JWSAlgorithm> algs = new HashSet<>();

                for (JWSSigner signer : signers.values()) {
                        algs.addAll(signer.supportedJWSAlgorithms());
                }

                for (JWSVerifier verifier : verifiers.values()) {
                        algs.addAll(verifier.supportedJWSAlgorithms());
                }

                return algs;

        }

getDefaultSignerKeyId()

String org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.getDefaultSignerKeyId ( )

inline

戻り値

the defaultSignerKeyId

org.mitre.jwt.signer.service.JWTSigningAndValidationServiceを実装しています。

                                              {
                return defaultSignerKeyId;
        }

getDefaultSigningAlgorithm()

JWSAlgorithm org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.getDefaultSigningAlgorithm ( )

inline

戻り値

org.mitre.jwt.signer.service.JWTSigningAndValidationServiceを実装しています。

                                                         {
                return defaultAlgorithm;
        }

getDefaultSigningAlgorithmName()

String org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.getDefaultSigningAlgorithmName ( )

inline

                                                       {
                if (defaultAlgorithm != null) {
                        return defaultAlgorithm.getName();
                } else {
                        return null;
                }
        }

setDefaultSignerKeyId()

void org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.setDefaultSignerKeyId ( String  defaultSignerId )

inline

引数

defaultSignerKeyId

the defaultSignerKeyId to set

                                                                  {
                this.defaultSignerKeyId = defaultSignerId;
        }

setDefaultSigningAlgorithmName()

void org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.setDefaultSigningAlgorithmName ( String  algName )

inline

                                                                   {
                defaultAlgorithm = JWSAlgorithm.parse(algName);
        }

signJwt() [1/2]

void org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.signJwt ( SignedJWT  jwt )

inline

Sign a jwt in place using the configured default signer.

org.mitre.jwt.signer.service.JWTSigningAndValidationServiceを実装しています。

                                           {
                if (getDefaultSignerKeyId() == null) {
                        throw new IllegalStateException("Tried to call default signing with no default signer ID set");
                }

                JWSSigner signer = signers.get(getDefaultSignerKeyId());

                try {
                        jwt.sign(signer);
                } catch (JOSEException e) {

                        logger.error("Failed to sign JWT, error was: ", e);
                }

        }

signJwt() [2/2]

void org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.signJwt ( SignedJWT  jwt, JWSAlgorithm  alg  )

inline

org.mitre.jwt.signer.service.JWTSigningAndValidationServiceを実装しています。

                                                             {

                JWSSigner signer = null;

                for (JWSSigner s : signers.values()) {
                        if (s.supportedJWSAlgorithms().contains(alg)) {
                                signer = s;
                                break;
                        }
                }

                if (signer == null) {
                        //If we can't find an algorithm that matches, we can't sign
                        logger.error("No matching algirthm found for alg=" + alg);

                }

                try {
                        jwt.sign(signer);
                } catch (JOSEException e) {

                        logger.error("Failed to sign JWT, error was: ", e);
                }

        }

validateSignature()

boolean org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.validateSignature ( SignedJWT  jwt )

inline

org.mitre.jwt.signer.service.JWTSigningAndValidationServiceを実装しています。

                                                        {

                for (JWSVerifier verifier : verifiers.values()) {
                        try {
                                if (jwt.verify(verifier)) {
                                        return true;
                                }
                        } catch (JOSEException e) {

                                logger.error("Failed to validate signature with " + verifier + " error message: " + e.getMessage());
                        }
                }
                return false;
        }

メンバ詳解

defaultAlgorithm

JWSAlgorithm org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.defaultAlgorithm

private

defaultSignerKeyId

String org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.defaultSignerKeyId

private

keys

Map<String, JWK> org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.keys = new HashMap<>()

private

logger

final Logger org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.logger = LoggerFactory.getLogger(DefaultJWTSigningAndValidationService.class)

staticprivate

Logger for this class

signers

Map<String, JWSSigner> org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.signers = new HashMap<>()

private

verifiers

Map<String, JWSVerifier> org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.verifiers = new HashMap<>()

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/mitreid-connect/src/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJWTSigningAndValidationService.java