PublicKeyOpenIdResolverImpl (OpenAM Server Only 7.2.2 Documentation)

java.lang.Object
- org.forgerock.oauth.resolvers.BaseOpenIdResolver
- - org.forgerock.oauth.resolvers.PublicKeyOpenIdResolverImpl

All Implemented Interfaces:

GenericOpenIdResolver<SignedJwt>, OpenIdResolver
```
public class PublicKeyOpenIdResolverImpl
extends BaseOpenIdResolver
```
This class exists to allow functionality for those Open ID Connect providers which supply their signatures through asymmetric key algorithms (e.g. RSA). In these cases we want to use a public key (usually retrieved from a Trust Store) to verify the signature.

Field Summary
- Fields inherited from interface org.forgerock.oauth.resolvers.OpenIdResolver
  CLIENT_SECRET_KEY, ISSUER_KEY, JWK, KEY_ALIAS_KEY, KEYSTORE_LOCATION_KEY, KEYSTORE_PASS_KEY, KEYSTORE_TYPE_KEY, WELL_KNOWN_CONFIGURATION

Constructor Summary

Constructors
Constructor Description

PublicKeyOpenIdResolverImpl(String issuer, PublicKey key)
Constructor for PublicKeyOpenIdResolverImpl.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`validateIdentity(SignedJwt idClaim)`	Validates the supplied Jwt against this OpenId Connect Idp.
`void`	`verifySignature(SignedJwt idClaim)`	Verifies that the JWS was signed by the corresponding private key to this public key.

Methods inherited from class org.forgerock.oauth.resolvers.BaseOpenIdResolver
getIssuer

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.forgerock.oauth.resolvers.OpenIdResolver
getExpectedJwtType

- Constructor Detail
  - PublicKeyOpenIdResolverImpl
```
public PublicKeyOpenIdResolverImpl(String issuer,
                                   PublicKey key)
```
    Constructor for PublicKeyOpenIdResolverImpl.
    
    Parameters:
    
    issuer - The issuer (provider) of the Open Id Connect id token
    
    key - The public key, used to verify a private-key signed signature
- Method Detail
  - validateIdentity
```
public void validateIdentity(SignedJwt idClaim)
                      throws OpenIdConnectVerificationException
```
    Validates the supplied Jwt against this OpenId Connect Idp.
    
    Specified by:
    
    validateIdentity in interface GenericOpenIdResolver<SignedJwt>
    
    Overrides:
    
    validateIdentity in class BaseOpenIdResolver
    
    Parameters:
    
    idClaim - The Jwt to test is authenticated
    
    Throws:
    
    OpenIdConnectVerificationException - If the Jwt is unable to be verified
  - verifySignature
```
public void verifySignature(SignedJwt idClaim)
                     throws InvalidSignatureException
```
    Verifies that the JWS was signed by the corresponding private key to this public key.
    
    Parameters:
    
    idClaim - The JWS to verify
    
    Throws:
    
    InvalidSignatureException - If the JWS supplied does not match the key for this resolver