Package | Description |
---|---|
org.forgerock.json.jose.builders |
Classes and interfaces for builder to build JWTs using a fluent API.
|
org.forgerock.json.jose.jwe |
Classes and interfaces for JWT encryption and JWEs.
|
org.forgerock.json.jose.jws |
Classes and interfaces for JWT signing and JWS'.
|
org.forgerock.json.jose.jws.handlers |
Signing Handler classes for each possible signing algorithm.
|
org.forgerock.json.jose.tokenhandler |
JWT implementation(s) of
TokenHandler . |
org.forgerock.oauth2.core |
Defines the core classes to implement OAuth2 for OpenAM.
|
Modifier and Type | Method and Description |
---|---|
SignedJwtBuilderImpl |
JwtBuilderFactory.jws(SigningHandler signingHandler)
Creates a builder for building a signed JWT into a base64url UTF-8 encoded JWT string.
|
SignedEncryptedJwtBuilder |
EncryptedJwtBuilder.sign(SigningHandler signingHandler,
JwsAlgorithm jwsAlgorithm)
Deprecated.
|
EncryptedThenSignedJwtBuilder |
EncryptedJwtBuilder.signedWith(SigningHandler signingHandler,
JwsAlgorithm jwsAlgorithm)
Returns an
EncryptedThenSignedJwtBuilder that will build a signed JWT with this builder's encrypted JWT
as its payload. |
Constructor and Description |
---|
EncryptedThenSignedJwtBuilder(EncryptedJwtBuilder encryptedJwtBuilder,
SigningHandler signingHandler,
JwsAlgorithm jwsAlgorithm)
Constructs a new SignedEncryptedJwtBuilder that will use the given EncryptedJwtBuilder, to build the nested
Encrypted JWT, and the private key and JwsAlgorithm to sign the outer JWT.
|
SignedEncryptedJwtBuilder(EncryptedJwtBuilder encryptedJwtBuilder,
SigningHandler signingHandler,
JwsAlgorithm jwsAlgorithm)
Deprecated.
Constructs a new SignedEncryptedJwtBuilder that will use the given EncryptedJwtBuilder, to build the nested
Encrypted JWT, and the private key and JwsAlgorithm to sign the outer JWT.
|
SignedJwtBuilderImpl(SigningHandler signingHandler)
Constructs a new SignedJwtBuilderImpl that will use the given private key to sign the JWT.
|
Modifier and Type | Method and Description |
---|---|
boolean |
SignedThenEncryptedJwt.decryptAndVerify(Key decryptionKey,
SigningHandler signingHandler)
Decrypts the outer JWT and then verifies the signature on the inner JWT.
|
boolean |
SignedThenEncryptedJwt.verify(SigningHandler signingHandler)
Verifies that the signature is valid on the nested signed JWT.
|
Modifier and Type | Method and Description |
---|---|
SigningHandler |
SigningManager.newEcdsaSigningHandler(ECPrivateKey key)
Constructs a new handler for signing ES256 signatures.
|
SigningHandler |
SigningManager.newEcdsaSigningHandler(PrivateKey key)
Constructs a new handler for signing ES256 signatures.
|
SigningHandler |
SigningManager.newEcdsaVerificationHandler(ECPublicKey key)
Constructs a new handler for verifying ES256 signatures.
|
SigningHandler |
SigningManager.newEdDsaSigningHandler(byte[] privateKey)
Constructs a new handler for signing EdDSA signatures.
|
SigningHandler |
SigningManager.newEdDsaVerificationHandler(byte[] publicKey)
Constructs a new handler for verifying EdDSA signatures.
|
SigningHandler |
SigningManager.newHmacSigningHandler(byte[] sharedSecret)
Constructs a new HmacSigningHandler.
|
SigningHandler |
SigningManager.newHmacSigningHandler(SecretKey secretKey)
Constructs a new HmacSigningHandler.
|
SigningHandler |
SigningManager.newNopSigningHandler()
Constructs an implementation of the SigningHandler which does not perform
any signing or verifying.
|
SigningHandler |
SigningManager.newRsaSigningHandler(Key key)
Constructs a new RSASigningHandler, with a SignatureUtil instance to
delegate the signing and verifying calls to.
|
SigningHandler |
SigningManager.newSigningHandler(JWK jwk)
Returns the signing handler from the given JSON Web Key (JWK) which will be used to sign the JWT.
|
SigningHandler |
SigningManager.newSigningHandler(Key key)
Returns the signing handler from the given Key which will be used to verify the JWT.
|
SigningHandler |
SigningManager.newVerificationHandler(JWK jwk)
Returns the signing handler from the given JSON Web Key (JWK) which will be used to verify the JWT.
|
SigningHandler |
SigningManager.newVerificationHandler(Key key)
Returns the signing handler from the given Key which will be used to verify the JWT.
|
Modifier and Type | Method and Description |
---|---|
boolean |
SignedJwt.verify(SigningHandler signingHandler)
Verifies that the JWS signature is valid for the contents of its payload.
|
Constructor and Description |
---|
EncryptedThenSignedJwt(JwsHeader header,
EncryptedJwt nestedJwe,
SigningHandler signingHandler)
Constructs a fresh, new SignedEncryptedJwt from the given JwsHeader and nested Encrypted JWT.
|
SignedEncryptedJwt(JwsHeader header,
EncryptedJwt nestedJwe,
SigningHandler signingHandler)
Deprecated.
Constructs a fresh, new SignedEncryptedJwt from the given JwsHeader and nested Encrypted JWT.
|
SignedJwt(JwsHeader header,
JwtClaimsSet claimsSet,
SigningHandler signingHandler)
Constructs a fresh, new SignedJwt from the given JwsHeader and JwtClaimsSet.
|
SignedJwt(JwsHeader header,
Payload nestedPayload,
SigningHandler signingHandler)
Constructs a fresh, new SignedJwt from the given JwsHeader and nested Encrypted JWT.
|
Modifier and Type | Class and Description |
---|---|
class |
ECDSASigningHandler
Elliptic Curve Digital Signature Algorithm (ECDSA) signing and verification.
|
class |
EdDSASigningHandler
Signing handler for Edwards Curve DSA (EdDSA) as defined in RFC
8037.
|
class |
HmacSigningHandler
An implementation of the SigningHandler which can sign and verify using algorithms from the HMAC family.
|
class |
NOPSigningHandler
An implementation of the SigningHandler which does not perform any signing or verifying.
|
class |
RSASigningHandler
An implementation of the SigningHandler which can sign and verify using algorithms from the RSA family.
|
Constructor and Description |
---|
JwtTokenHandler(JweAlgorithm jweAlgorithm,
EncryptionMethod jweMethod,
KeyPair jweKeyPair,
JwsAlgorithm jwsAlgorithm,
SigningHandler jwsHandler)
Constructs a new JWT token handler that never expires.
|
JwtTokenHandler(JweAlgorithm jweAlgorithm,
EncryptionMethod jweMethod,
KeyPair jweKeyPair,
JwsAlgorithm jwsAlgorithm,
SigningHandler jwsHandler,
Optional<Long> tokenLifeTimeInSeconds,
int tokenStatePaddingLength)
Constructs a new JWT token handler.
|
Modifier and Type | Method and Description |
---|---|
boolean |
OAuth2Jwt.isValid(SigningHandler signingHandler)
Verifies that the JWT is valid by:
verifying the signature
ensuring the JWT contains the 'iss', 'sub', 'aud' and 'exp' claims
ensuring the JWT expiry is not unreasonably far in the future
ensuring the JWT has not expired
ensuring the JWT is not being used before its 'not before time'
ensuring the JWT issued at time is not unreasonably far in the past
|
boolean |
OAuth2Jwt.isValid(SigningHandler signingHandler,
boolean includeExpiryCheck)
Verifies that the JWT is valid by:
verifying the signature
ensuring the JWT contains the 'iss', 'sub', 'aud' and 'exp' claims
ensuring the JWT expiry is not unreasonably far in the future
optionally ensuring the JWT has not expired
ensuring the JWT is not being used before its 'not before time'
ensuring the JWT issued at time is not unreasonably far in the past
|
Copyright © 2010-2018, ForgeRock All Rights Reserved.