Module io.inverno.mod.security.jose
Package io.inverno.mod.security.jose.jwk

Interface X509JWK<A extends PublicKey,B extends PrivateKey>

Type Parameters:
A - the public key type
B - the private key type
All Superinterfaces:
AsymmetricJWK<A,B>, JWK
All Known Subinterfaces:
ECJWK, EdECJWK, OKPJWK<A,B>, RSAJWK, XECJWK
public interface X509JWK<A extends PublicKey,B extends PrivateKey> extends AsymmetricJWK<A,B>

An asymmetric JSON Web key that supports X.509 JOSE header parameters: x5u, x5c, x5t and x5t#S256.

Since:
1.5
Author:
Jeremy Kuhn

  • Method Details

    • getX509CertificateURL

      URI getX509CertificateURL()

      Returns the X.509 certificate or certificates chain URL parameter as defined by RFC7517 Section 4.6.

      The certificates chain located at the URL must be in PEM format. The certificate containing the public key must be the first certificate. The key in the first certificate MUST match the public key represented by other members of the JWK.

      Returns:
      the X.509 URI or null

    • getX509CertificateChain

      String[] getX509CertificateChain()

      Returns the X.509 certificate chain as defined by RFC7517 Section 4.7.

      Each certificate is encoded in Base64 DER PKIX certificate value. The certificate containing the public key must be the first certificate. The key in the first certificate MUST match the public key represented by other members of the JWK.

      Returns:
      the X.509 certificate chain or null

    • getX509CertificateSHA1Thumbprint

      String getX509CertificateSHA1Thumbprint()

      Returns the X.509 SHA1 certificate thumbprint as defined by RFC7517 Section 4.8.

      This fingerprint can be used to identify the actual certificate which must MUST match the public key represented by other members of the JWK.

      Returns:
      the X.509 SHA1 thumbprint or null

    • getX509CertificateSHA256Thumbprint

      String getX509CertificateSHA256Thumbprint()

      Returns the X.509 SHA256 certificate thumbprint as defined by RFC7517 Section 4.9.

      This fingerprint can be used to identify the actual certificate which must MUST match the public key represented by other members of the JWK.

      Returns:
      the X.509 SHA1 thumbprint or null

    • getX509Certificate

      Optional<X509Certificate> getX509Certificate()

      Returns the resolved certificate defining the public key.

      Returns:
      an optional containing the resolved certificate or an empty certificate if no certificate could have been resolve when building or reading the key

    • toPublicJWK

      X509JWK<A,B> toPublicJWK()
      Description copied from interface: JWK

      Returns a public and safe to share representation of the key.

      Specified by:
      toPublicJWK in interface AsymmetricJWK<A extends PublicKey,B extends PrivateKey>
      Specified by:
      toPublicJWK in interface JWK
      Returns:
      a public representation of this JWK

    • trust

      X509JWK<A,B> trust()
      Description copied from interface: JWK

      Trusts the key explicitly.

      This should be used with care when the authenticity of an untrusted key has been established through external means.

      Specified by:
      trust in interface AsymmetricJWK<A extends PublicKey,B extends PrivateKey>
      Specified by:
      trust in interface JWK
      Returns:
      this JWK