Module io.inverno.mod.security.jose
Package io.inverno.mod.security.jose.jwk

Interface JWKStore

All Known Implementing Classes:
InMemoryJWKStore
public interface JWKStore

A JWK store is used to store frequently used keys and make them available to JWKFactory and JWKBuilder so keys can be automatically resolved when building or reading JOSE objects.

Keys are stored and resolved based on the key id, the X.509 SHA1 thumbprint, the X.509 SHA256 thumbprint or the JWK thumbprint in that order.

It is recommended to only store trusted keys inside a JWK store to prevent them from being evicted when resolving a JOSE object key.

Since:
1.5
Author:
Jeremy Kuhn

  • Method Details

    • getByKeyId

      <T extends JWK> Mono<T> getByKeyId(String kid) throws JWKStoreException

      Returns the key stored for the specified key id.

      Type Parameters:
      T - the expected type of the key
      Parameters:
      kid - a key id
      Returns:
      a single key publisher or an empty publisher
      Throws:
      JWKStoreException - if there was an error accessing the store

    • getBy509CertificateSHA1Thumbprint

      <T extends JWK> Mono<T> getBy509CertificateSHA1Thumbprint(String x5t) throws JWKStoreException

      Returns the key stored for the specified X.509 SHA1 thumbprint

      Type Parameters:
      T - the expected type of the key
      Parameters:
      x5t - an X.509 SHA1 thumbprint
      Returns:
      a single key publisher or an empty publisher
      Throws:
      JWKStoreException - if there was an error accessing the store

    • getByX509CertificateSHA256Thumbprint

      <T extends JWK> Mono<T> getByX509CertificateSHA256Thumbprint(String x5t_S256) throws JWKStoreException

      Returns the key stored for the specified X.509 SHA256 thumbprint

      Type Parameters:
      T - the expected type of the key
      Parameters:
      x5t_S256 - an X.509 SHA256 thumbprint
      Returns:
      a single key publisher or an empty publisher
      Throws:
      JWKStoreException - if there was an error accessing the store

    • getByJWKThumbprint

      <T extends JWK> Mono<T> getByJWKThumbprint(String jwkThumbprint) throws JWKStoreException

      Returns the key stored for the specified JWK thumbprint.

      Type Parameters:
      T - the expected type of the key
      Parameters:
      jwkThumbprint - a JWK thumbprint
      Returns:
      a single key publisher or an empty publisher
      Throws:
      JWKStoreException - if there was an error accessing the store

    • set

      Mono<Void> set(JWK jwk) throws JWKStoreException

      Stores the specified key into the store.

      This method should store the key for all available identifiers: key id, X.509 SHA1 thumbprint, X.509 SHA256 thumbprint and JWK thumbprint.

      Parameters:
      jwk - the key to store
      Returns:
      a single empty publisher that completes once the key has been stored
      Throws:
      JWKStoreException - if there was an error accessing the store

    • remove

      Mono<Void> remove(JWK jwk) throws JWKStoreException

      Removes the specified key from the store.

      This method should remove the key associated to all available identifiers: key id, X.509 SHA1 thumbprint, X.509 SHA256 thumbprint and JWK thumbprint.

      Parameters:
      jwk - the key to remove
      Returns:
      a single empty publisher that completes once the key has been removed
      Throws:
      JWKStoreException - if there was an error accessing the store