Class JwtSecureHeader

  • Direct Known Subclasses:
    JweHeader, JwsHeader

    public abstract class JwtSecureHeader
    extends JwtHeader
    A base implementation for the common security header parameters shared by the JWS and JWE headers.
    Since:
    2.0.0
    • Constructor Detail

      • JwtSecureHeader

        public JwtSecureHeader()
        Constructs a new, empty JwtSecureHeader.
      • JwtSecureHeader

        public JwtSecureHeader​(Map<String,​Object> headers)
        Constructs a new JwtSecureHeader, with its parameters set to the contents of the given Map.
        Parameters:
        headers - A Map containing the parameters to be set in the header.
    • Method Detail

      • setJwkSetUrl

        public void setJwkSetUrl​(URL jwkSetUrl)
        Sets the JWK Set URL header parameter for this JWS.

        A URI that refers to a resource for a set of JSON-encoded public keys, one of which corresponds to the key used to digitally sign the JWS.

        The keys MUST be encoded as a JSON Web Key Set (JWK Set).

        The protocol used to acquire the resource MUST provide integrity protection and the identity of the server MUST be validated.

        Parameters:
        jwkSetUrl - The JWK Set URL.
      • getJwkSetUrl

        public URL getJwkSetUrl()
        Gets the JWK Set URL header parameter for this JWS.
        Returns:
        The JWK Set URL.
      • setJsonWebKey

        public void setJsonWebKey​(JWK jsonWebKey)
        Sets the JSON Web Key header parameter for this JWS.

        The public key that corresponds to the key used to digitally sign the JWS. This key is represented as a JSON Web Key (JWK).

        Parameters:
        jsonWebKey - The JSON Web Key.
      • getJsonWebKey

        public JWK getJsonWebKey()
        Gets the JSON Web Key header parameter for this JWS.
        Returns:
        The JSON Web Key.
      • setX509Url

        public void setX509Url​(URL x509Url)
        Sets the X.509 URL header parameter for this JWS.

        A URI that refers to a resource for the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS.

        The certificate containing the public key corresponding to the key used to digitally sign the JWS MUST be the first certificate. This MAY be followed by additional certificates, with each subsequent certificate being the one used to certify the previous one.

        The protocol used to acquire the resource MUST provide integrity protection and the identity of the server MUST be validated.

        Parameters:
        x509Url - The X.509 URL.
      • getX509Url

        public URL getX509Url()
        Gets the X.509 URL header parameter for this JWS.
        Returns:
        The X.509 URL.
      • setX509CertificateThumbprint

        public void setX509CertificateThumbprint​(String x509CertificateThumbprint)
        Sets the X.509 Certificate Thumbprint header parameter for this JWS.

        A base64url encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of the X.509 certificate corresponding to the key used to digitally sign the JWS.

        This method will perform the base64url encoding so the x509CertificateThumbprint must be the SHA-1 digest.

        Parameters:
        x509CertificateThumbprint - The X.509 Certificate Thumbprint.
      • getX509CertificateThumbprint

        public String getX509CertificateThumbprint()
        Gets the X.509 Certificate Thumbprint header parameter for this JWS.
        Returns:
        The X.509 Certificate Thumbprint.
      • setX509CertificateChain

        public void setX509CertificateChain​(List<String> x509CertificateChain)
        Sets the X.509 Certificate Chain header parameter for this JWS.

        Contains the list of X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS. Each entry in the list is a base64 encoded DER PKIX certificate value. This method will perform the base64 encoding of each entry so the entries in the list must be the DER PKIX certificate values.

        The certificate containing the public key corresponding to the key used to digitally sign the JWS MUST be the first certificate. This MAY be followed by additional certificates, with each subsequent certificate being the one used to certify the previous one.

        Parameters:
        x509CertificateChain - The X.509 Certificate Chain.
      • getX509CertificateChain

        public List<String> getX509CertificateChain()
        Gets the X.509 Certificate Chain header parameter for this JWS.
        Returns:
        The X.509 Certificate Chain.
      • setKeyId

        public void setKeyId​(String keyId)
        Sets the Key ID header parameter for this JWS.

        Indicates which key was used to secure the JWS, allowing originators to explicitly signal a change of key to recipients.

        Parameters:
        keyId - The Key ID.
      • getKeyId

        public String getKeyId()
        Gets the Key ID header parameter for this JWS.
        Returns:
        The Key ID.
      • setContentType

        public void setContentType​(String contentType)
        Sets the content type header parameter for this JWS.

        Declares the type of the secured content (the Payload).

        Parameters:
        contentType - The content type of this JWS' payload.
      • getContentType

        public String getContentType()
        Gets the content type header parameter for this JWS.
        Returns:
        The content type of this JWS' payload.
      • setCriticalHeaders

        public void setCriticalHeaders​(List<String> criticalHeaders)
        Sets the critical header parameters for this JWS.

        This header parameter indicates that extensions to the JWS specification are being used that MUST be understood and processed.

        The criticalHeaders parameter cannot be an empty list.

        Parameters:
        criticalHeaders - A List of the critical parameters.
      • getCriticalHeaders

        public List<String> getCriticalHeaders()
        Gets the critical header parameters for this JWS.
        Returns:
        A List of the critical parameters.
      • setParameter

        public void setParameter​(String key,
                                 Object value)
        Sets a header parameter with the specified key and value.

        If the key matches one of the reserved header parameter names, then the relevant set method is called to set that header parameter with the specified value.

        Overrides:
        setParameter in class JwtHeader
        Parameters:
        key - The key of the header parameter.
        value - The value of the header parameter.
      • getParameter

        public Object getParameter​(String key)
        Gets a header parameter for the specified key.

        If the key matches one of the reserved header parameter names, then the relevant get method is called to get that header parameter.

        Overrides:
        getParameter in class JwtHeader
        Parameters:
        key - The header parameter key.
        Returns:
        The value stored against the header parameter key.
      • setCompressionAlgorithm

        public void setCompressionAlgorithm​(CompressionAlgorithm compressionAlgorithm)
        Sets the Compression Algorithm header parameter for this JWE.

        If present, the value of the Compression Algorithm header parameter MUST be CompressionAlgorithm constant DEF.

        Parameters:
        compressionAlgorithm - The Compression Algorithm.
      • getCompressionAlgorithm

        public CompressionAlgorithm getCompressionAlgorithm()
        Gets the Compression Algorithm header parameter for this JWE.
        Returns:
        The Compression Algorithm.