Package org.forgerock.json.jose.jwk.store

Class JwksStore

  • public class JwksStore
extends Object
    Store JWKs into a jwkSet from a JWKs_URI and refresh the jwkSet when necessary.

    • Constructor Detail

      • JwksStore

        @Deprecated
public JwksStore​(Duration cacheTimeout,
                 Duration cacheMissCacheTime,
                 URL jwkUrl,
                 JWKSetParser jwkSetParser,
                 Clock clock)
          throws FailedToLoadJWKException
        Deprecated.
        It is recommended to use newJwksStore(Duration, Duration, URL, JWKSetParser, Clock).
        Create a new JWKs store.
        Parameters:
        cacheTimeout - a cache timeout to avoid reloading the cache all the time when doing encryption
        cacheMissCacheTime - the cache time before reloading the cache in case of a cache miss. This avoids polling the client application too often.
        jwkUrl - the jwk url of the JWKs hosted by the client application
        jwkSetParser - the jwks set parser
        clock - the clock to use for determining when to reload the jwk set.
        Throws:
        FailedToLoadJWKException - if the jwks can't be reloaded.

    • Method Detail

      • newJwksStore

        public static Promise<JwksStore,​FailedToLoadJWKException> newJwksStore​(Duration cacheTimeout,
                                                                             Duration cacheMissCacheTime,
                                                                             URL jwkUrl,
                                                                             JWKSetParser jwkSetParser,
                                                                             Clock clock)
        Create a new JWKs store asynchronously. The JwksStore may not be properly initialized when the promise is completed, as we ignore the exception and return the store anyway.
        Parameters:
        cacheTimeout - a cache timeout to avoid reloading the cache all the time when doing encryption
        cacheMissCacheTime - the cache time before reloading the cache in case of a cache miss. This avoids polling the client application too often.
        jwkUrl - the jwk url of the JWKs hosted by the client application
        jwkSetParser - the jwks set parser
        clock - the clock to use for determining when to reload the jwk set.
        Returns:
        a Promise of a JwksStore.

      • reloadJwksAsync

        public Promise<Void,​FailedToLoadJWKException> reloadJwksAsync()
        Communicates with the configured server, attempting to download the latest JWKs for use.
        Returns:
        a Promise of a FailedToLoadJWKException if an exception occurs.

      • findJwk

        @Deprecated
public JWK findJwk​(Algorithm algorithm,
                   String keyUse)
            throws FailedToLoadJWKException
        Deprecated.
        Use findJwkAsync(String) instead.
        Search for a JWK that matches the algorithm and the key usage.
        Parameters:
        algorithm - the algorithm needed
        keyUse - the key usage. If null, only the algorithm will be used as a search criteria.
        Returns:
        A jwk that matches the search criteria. If no JWK found for the key usage, then it searches for a JWK without key usage defined. If still no JWK found, then returns null.
        Throws:
        FailedToLoadJWKException - if the jwks can't be reloaded.

      • findJwkAsync

        public Promise<JWK,​FailedToLoadJWKException> findJwkAsync​(Algorithm algorithm,
                                                                String keyUse)
        Search asynchronously for a JWK that matches the algorithm and the key usage.
        Parameters:
        algorithm - the algorithm needed
        keyUse - the key usage. If null, only the algorithm will be used as a search criteria.
        Returns:
        A Promise of a JWK that matches the search criteria.

      • findJwkAsync

        public Promise<JWK,​FailedToLoadJWKException> findJwkAsync​(Predicate<JWK> predicate)
        Return the JWK matching the keyID with the algorithm and keyUse.
        Parameters:
        predicate - function test the JWK against.
        Returns:
        the JWK matching the predicate.

      • getLastLoadedJwkSet

        public Pair<JWKSet,​Instant> getLastLoadedJwkSet()
        Returns the last successfully loaded JWK Set together with the time at which it was last fetched.
        Returns:
        the current JWK Set and the instant it was loaded.

      • getLatestJwkSet

        public Promise<JWKSet,​FailedToLoadJWKException> getLatestJwkSet()
        Returns the latest non expired successfully loaded JWK Set.
        Returns:
        the latest non expired successfully loaded JWK Set.

      • getCacheTimeout

        public Duration getCacheTimeout()
        Get the cache timeout.
        Returns:
        the cache timeout.

      • getCacheMissCacheTime

        public Duration getCacheMissCacheTime()
        Get the cache time before reloading the cache in case of cache miss.
        Returns:
        the cache miss cache time.

      • getJwkUrl

        public URL getJwkUrl()
        The JWKs URI.
        Returns:
        the jwk uri.

      • setCacheTimeout

        public void setCacheTimeout​(Duration cacheTimeout)
        Update the cache timeout.
        Parameters:
        cacheTimeout - the cache timeout.

      • setCacheMissCacheTime

        public void setCacheMissCacheTime​(Duration cacheMissCacheTime)
        Update the cache time before reloading the cache in case of cache miss.
        Parameters:
        cacheMissCacheTime - the cache miss cache time.