Class SpireVerificationKeyResolver

java.lang.Object

io.confluent.security.authentication.oauthbearer.SpireVerificationKeyResolver

All Implemented Interfaces:

org.jose4j.keys.resolvers.VerificationKeyResolver

public class SpireVerificationKeyResolver
extends Object
implements org.jose4j.keys.resolvers.VerificationKeyResolver

Fetch JWKS data from SPIRE Trust Bundle.

Constructor Summary

Constructors

Constructor	Description
SpireVerificationKeyResolver(io.spiffe.workloadapi.JwtSource jwtSource, String spireIssuerSuffix)

Method Summary

Modifier and Type	Method	Description
String	getSpireIssuerSuffix()
Key	resolveKey(org.jose4j.jws.JsonWebSignature jws, List<org.jose4j.jwx.JsonWebStructure> nestingContext)	Resolve the public key corresponding to .

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SpireVerificationKeyResolver

public SpireVerificationKeyResolver(io.spiffe.workloadapi.JwtSource jwtSource,
 String spireIssuerSuffix)

Method Details

getSpireIssuerSuffix

public String getSpireIssuerSuffix()

resolveKey

public Key resolveKey(org.jose4j.jws.JsonWebSignature jws,
 List<org.jose4j.jwx.JsonWebStructure> nestingContext)
               throws org.jose4j.lang.UnresolvableKeyException

Resolve the public key corresponding to .

Specified by:

resolveKey in interface org.jose4j.keys.resolvers.VerificationKeyResolver

Parameters:

jws - the JsonWebSignature that's about to be verified

nestingContext - a list of JOSE objects, if any, in which the JWS was nested. The last item in the list is the outermost JOSE object (excluding the current JWS).

Returns:

the public key used for signature verification.

Throws:

org.jose4j.lang.UnresolvableKeyException - if no appropriate key can be found to verify the signature.