Package io.confluent.kafka.clients.plugins.auth.jwt

Class JkuVerificationKeyResolver

java.lang.Object
io.confluent.kafka.clients.plugins.auth.jwt.JkuVerificationKeyResolver
All Implemented Interfaces:
CloseableVerificationKeyResolver, Closeable, AutoCloseable, org.jose4j.keys.resolvers.VerificationKeyResolver
public final class JkuVerificationKeyResolver extends Object implements CloseableVerificationKeyResolver
Inspired by Confluent's Schroedinger https://github.com/confluentinc/schroedinger JkuVerificationKeyResolver extracts jku from the JWT header and validates that it is from an authorized domain. It then finds the cached AsyncHttpsJwksVerificationKeyResolver and uses it for key verification.

  • Constructor Details

    • JkuVerificationKeyResolver

      public JkuVerificationKeyResolver(Collection<String> domainWhitelist)

    • JkuVerificationKeyResolver

      public JkuVerificationKeyResolver(Collection<String> domainWhitelist, boolean unsafeAllowed)

    • JkuVerificationKeyResolver

      public JkuVerificationKeyResolver(Function<String,AsyncHttpsJwks> httpsJwksSupplier, Collection<String> domainWhitelist, boolean disambiguateKey, boolean unsafeAllowed)

  • Method Details

    • resolveKey

      public Key resolveKey(org.jose4j.jws.JsonWebSignature jws, List<org.jose4j.jwx.JsonWebStructure> nestingContext) throws org.jose4j.lang.UnresolvableKeyException
      Specified by:
      resolveKey in interface org.jose4j.keys.resolvers.VerificationKeyResolver
      Throws:
      org.jose4j.lang.UnresolvableKeyException

    • hasValidJkuDomain

      public static boolean hasValidJkuDomain(Collection<String> domainWhitelist, String requiredProtocol, String jku)

    • close

      public void close()
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable