Class Constraints
- java.lang.Object
-
- org.forgerock.openig.tools.jwt.validation.Constraints
-
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static JwtConstraint
canBeDecrypted(SecretsProvider secretsProvider, Purpose<DataDecryptionKey> purpose)
Provides aJwtConstraint
configured with the suppliedSecretsProvider
that contain a secret capable of decrypting and verifying a JWT's encryption.static <T> JwtClaimConstraint<Collection<T>>
contains(T expected)
Returnsempty
if the list contains the expected value.static <T> JwtClaimConstraint<Collection<T>>
containsOnly(T expected)
Returnsempty
if the list contains only the expected value.static <T> JwtClaimConstraint<T>
equalsAttributeUsingKey()
Returns aJwtClaimConstraint
that will succeed if the expected value is equal to the value looked up in the context attributes using the key, otherwise it will fail.static JwtConstraint
hasClaims()
Returnsempty
if the JWT does contain claims.static JwtConstraint
hasValidSignature(JwsSignatureVerifier verifier)
Validates the signature of thisSignedJwt
.static JwtConstraint
hasValidSignatureAndEncryption(JwtConstraint signatureConstraint, JwtConstraint decryptionConstraint)
Provides aJwtConstraint
configured with the suppliedJwtConstraint
s verifying both signature and encryption.static <T> JwtClaimConstraint<T>
isEqualTo(T expected)
Returnsempty
if the value is equal to the one expected and fulfill theViolation
with the custom error message.static <T extends Comparable<T>>
JwtClaimConstraint<T>isGreaterOrEqualTo(Function<ValidatorConstraintContext,T> limitSupplier)
Returns aJwtClaimConstraint
that will succeed if the value is greater than or equal to the given value, otherwise it will fail.static <T extends Comparable<T>>
JwtClaimConstraint<T>isGreaterOrEqualTo(T limit)
A shorter version of isGreaterOrEqualTo(constant(limit)).static <T extends Comparable<T>>
JwtClaimConstraint<T>isGreaterThan(Function<ValidatorConstraintContext,T> limitSupplier)
Returns aJwtClaimConstraint
that will succeed if the value is greater than the given value, otherwise it will fail.static <T extends Comparable<T>>
JwtClaimConstraint<T>isGreaterThan(T limit)
A shorter version of isGreaterThan(constant(limit)).static JwtClaimConstraint<Instant>
isInTheFuture()
Returns aJwtClaimConstraint
that will succeed if the timestamp is after the given date, otherwise it will fail.static JwtClaimConstraint<Instant>
isInThePast()
Returns aJwtClaimConstraint
that will succeed if the timestamp is before the given date, otherwise it will fail.static <T extends Comparable<T>>
JwtClaimConstraint<T>isLessOrEqualTo(Function<ValidatorConstraintContext,T> limitSupplier)
Returns aJwtClaimConstraint
that will succeed if the value is less than or equal to the given value, otherwise it will fail.static <T extends Comparable<T>>
JwtClaimConstraint<T>isLessOrEqualTo(T limit)
A shorter version of isLessOrEqualTo(constant(limit)).static <T extends Comparable<T>>
JwtClaimConstraint<T>isLessThan(Function<ValidatorConstraintContext,T> limitSupplier)
Returns aJwtClaimConstraint
that will succeed if the value is less than the given value, otherwise it will fail.static <T extends Comparable<T>>
JwtClaimConstraint<T>isLessThan(T limit)
A shorter version of isLessThan(constant(limit)).static JwtClaimConstraint<JsonValue>
isNotNull()
Returnsempty
if the value is present.static JwtClaimConstraint<String>
matches(Pattern pattern)
Build and returns a new `Constraint` that checks if the claim's value is matched (as perMatcher.matches()
) by the givenregex
.
-
-
-
Method Detail
-
isEqualTo
public static <T> JwtClaimConstraint<T> isEqualTo(T expected)
Returnsempty
if the value is equal to the one expected and fulfill theViolation
with the custom error message.- Type Parameters:
T
- The type on which the constraint applies.- Parameters:
expected
- The expected value.- Returns:
empty
if the value is equal to the one expected or aViolation
corresponding to this constraint.
-
contains
public static <T> JwtClaimConstraint<Collection<T>> contains(T expected)
Returnsempty
if the list contains the expected value.- Type Parameters:
T
- The type on which the constraint applies.- Parameters:
expected
- The expected value.- Returns:
empty
if the value is contained in the list or aViolation
corresponding to this constraint.
-
containsOnly
public static <T> JwtClaimConstraint<Collection<T>> containsOnly(T expected)
Returnsempty
if the list contains only the expected value.- Type Parameters:
T
- The type on which the constraint applies.- Parameters:
expected
- The expected value.- Returns:
empty
if the value is contained in the singletonlist or aViolation
corresponding to this constraint.
-
isInTheFuture
public static JwtClaimConstraint<Instant> isInTheFuture()
Returns aJwtClaimConstraint
that will succeed if the timestamp is after the given date, otherwise it will fail. This method uses the skew allowance held on theValidatorConstraintContext
.- Returns:
- a
JwtClaimConstraint
that will succeed if the timestamp is after the given date, otherwise it will fail.
-
isInThePast
public static JwtClaimConstraint<Instant> isInThePast()
Returns aJwtClaimConstraint
that will succeed if the timestamp is before the given date, otherwise it will fail. This method uses the skew allowance held on theValidatorConstraintContext
.- Returns:
- a
JwtClaimConstraint
that will succeed if the timestamp is before the given date, otherwise it will fail.
-
isGreaterOrEqualTo
public static <T extends Comparable<T>> JwtClaimConstraint<T> isGreaterOrEqualTo(Function<ValidatorConstraintContext,T> limitSupplier)
Returns aJwtClaimConstraint
that will succeed if the value is greater than or equal to the given value, otherwise it will fail.- Type Parameters:
T
- The type of the compared value.- Parameters:
limitSupplier
- A supplier of the limit to be greater than or equal to.- Returns:
- a
JwtClaimConstraint
that will succeed if the value is greater than or equal to the given value, otherwise it will fail.
-
isGreaterOrEqualTo
public static <T extends Comparable<T>> JwtClaimConstraint<T> isGreaterOrEqualTo(T limit)
A shorter version of isGreaterOrEqualTo(constant(limit)).- Type Parameters:
T
- The type of the compared value.- Parameters:
limit
- The limit to be greater than or equal to.- Returns:
- a
JwtClaimConstraint
that will succeed if the value is greater than or equal to the given value, otherwise it will fail.
-
isGreaterThan
public static <T extends Comparable<T>> JwtClaimConstraint<T> isGreaterThan(Function<ValidatorConstraintContext,T> limitSupplier)
Returns aJwtClaimConstraint
that will succeed if the value is greater than the given value, otherwise it will fail.- Type Parameters:
T
- The type of the compared value.- Parameters:
limitSupplier
- A supplier of the limit to be greater than.- Returns:
- a
JwtClaimConstraint
that will succeed if the value is greater than the given value, otherwise it will fail.
-
isGreaterThan
public static <T extends Comparable<T>> JwtClaimConstraint<T> isGreaterThan(T limit)
A shorter version of isGreaterThan(constant(limit)).- Type Parameters:
T
- The type of the compared value.- Parameters:
limit
- The limit to be greater than.- Returns:
- a
JwtClaimConstraint
that will succeed if the value is greater than the given value, otherwise it will fail.
-
isLessOrEqualTo
public static <T extends Comparable<T>> JwtClaimConstraint<T> isLessOrEqualTo(Function<ValidatorConstraintContext,T> limitSupplier)
Returns aJwtClaimConstraint
that will succeed if the value is less than or equal to the given value, otherwise it will fail.- Type Parameters:
T
- The type of the compared value.- Parameters:
limitSupplier
- A supplier of the limit to be less than or equal to.- Returns:
- a
JwtClaimConstraint
that will succeed if the value is less than or equal to the given value, otherwise it will fail.
-
isLessOrEqualTo
public static <T extends Comparable<T>> JwtClaimConstraint<T> isLessOrEqualTo(T limit)
A shorter version of isLessOrEqualTo(constant(limit)).- Type Parameters:
T
- The type of the compared value.- Parameters:
limit
- The limit to be less than or equal to.- Returns:
- a
JwtClaimConstraint
that will succeed if the value is less than or equal to the given value, otherwise it will fail.
-
isLessThan
public static <T extends Comparable<T>> JwtClaimConstraint<T> isLessThan(Function<ValidatorConstraintContext,T> limitSupplier)
Returns aJwtClaimConstraint
that will succeed if the value is less than the given value, otherwise it will fail.- Type Parameters:
T
- The type of the compared value.- Parameters:
limitSupplier
- A supplier of the limit to be less than.- Returns:
- a
JwtClaimConstraint
that will succeed if the value is less than the given value, otherwise it will fail.
-
isLessThan
public static <T extends Comparable<T>> JwtClaimConstraint<T> isLessThan(T limit)
A shorter version of isLessThan(constant(limit)).- Type Parameters:
T
- The type of the compared value.- Parameters:
limit
- The limit to be less than.- Returns:
- a
JwtClaimConstraint
that will succeed if the value is less than the given value, otherwise it will fail.
-
isNotNull
public static JwtClaimConstraint<JsonValue> isNotNull()
Returnsempty
if the value is present.- Returns:
empty
if the value is present in the list or aViolation
corresponding to this constraint.
-
matches
public static JwtClaimConstraint<String> matches(Pattern pattern)
Build and returns a new `Constraint` that checks if the claim's value is matched (as perMatcher.matches()
) by the givenregex
.The Constraint fails with a Violation otherwise.
- Parameters:
pattern
- The regex pattern to match.- Returns:
- a new Constraint for Pattern matching
- See Also:
for the supported pattern format
-
hasClaims
public static JwtConstraint hasClaims()
Returnsempty
if the JWT does contain claims.- Returns:
empty
if the JWT does contain claims or aViolation
corresponding to this constraint.
-
hasValidSignature
public static JwtConstraint hasValidSignature(JwsSignatureVerifier verifier)
Validates the signature of thisSignedJwt
.- Parameters:
verifier
- TheJwsSignatureVerifier
used to verify the signature.- Returns:
empty
if the JWT has a valid signature or aViolation
corresponding to this constraint.
-
canBeDecrypted
public static JwtConstraint canBeDecrypted(SecretsProvider secretsProvider, Purpose<DataDecryptionKey> purpose)
Provides aJwtConstraint
configured with the suppliedSecretsProvider
that contain a secret capable of decrypting and verifying a JWT's encryption. Fails if the supplied JWT is not encrypted or cannot be decrypted with the secrets available in theSecretsProvider
.
-
hasValidSignatureAndEncryption
public static JwtConstraint hasValidSignatureAndEncryption(JwtConstraint signatureConstraint, JwtConstraint decryptionConstraint)
Provides aJwtConstraint
configured with the suppliedJwtConstraint
s verifying both signature and encryption. Fails if the supplied JWT is either :- Not encrypted and signed (both orders are accepted)
- Not decipherable
- Signed with an invalid signature
- Parameters:
signatureConstraint
- the constraint on signature.decryptionConstraint
- the constraint on decryption.- Returns:
- the combined JwtConstraint.
-
equalsAttributeUsingKey
public static <T> JwtClaimConstraint<T> equalsAttributeUsingKey()
Returns aJwtClaimConstraint
that will succeed if the expected value is equal to the value looked up in the context attributes using the key, otherwise it will fail.- Type Parameters:
T
- The type of the value being checked.- Returns:
- a
JwtClaimConstraint
that will succeed if the expected value is equal to the value looked up in the context attributes using the key, otherwise it will fail.
-
-