Package org.forgerock.openig.tools.jwt.validation

Class Constraints

  • public final class Constraints
extends Object
    Constraints defined for JWT validation. Constraint evaluation results in a promise of a Result.

    • Method Detail

      • isEqualTo

        public static <T> JwtClaimConstraint<T> isEqualTo​(T expected)
        Returns empty if the value is equal to the one expected and fulfill the Violation with the custom error message.
        Type Parameters:
        T - The type on which the constraint applies.
        Parameters:
        expected - The expected value.
        Returns:
        empty if the value is equal to the one expected or a Violation corresponding to this constraint.

      • contains

        public static <T> JwtClaimConstraint<Collection<T>> contains​(T expected)
        Returns empty if the list contains the expected value.
        Type Parameters:
        T - The type on which the constraint applies.
        Parameters:
        expected - The expected value.
        Returns:
        empty if the value is contained in the list or a Violation corresponding to this constraint.

      • containsOnly

        public static <T> JwtClaimConstraint<Collection<T>> containsOnly​(T expected)
        Returns empty if the list contains only the expected value.
        Type Parameters:
        T - The type on which the constraint applies.
        Parameters:
        expected - The expected value.
        Returns:
        empty if the value is contained in the singletonlist or a Violation corresponding to this constraint.

      • isGreaterOrEqualTo

        public static <T extends Comparable<T>> JwtClaimConstraint<T> isGreaterOrEqualTo​(Function<ValidatorConstraintContext,​T> limitSupplier)
        Returns a JwtClaimConstraint that will succeed if the value is greater than or equal to the given value, otherwise it will fail.
        Type Parameters:
        T - The type of the compared value.
        Parameters:
        limitSupplier - A supplier of the limit to be greater than or equal to.
        Returns:
        a JwtClaimConstraint that will succeed if the value is greater than or equal to the given value, otherwise it will fail.

      • isGreaterOrEqualTo

        public static <T extends Comparable<T>> JwtClaimConstraint<T> isGreaterOrEqualTo​(T limit)
        A shorter version of isGreaterOrEqualTo(constant(limit)).
        Type Parameters:
        T - The type of the compared value.
        Parameters:
        limit - The limit to be greater than or equal to.
        Returns:
        a JwtClaimConstraint that will succeed if the value is greater than or equal to the given value, otherwise it will fail.

      • isGreaterThan

        public static <T extends Comparable<T>> JwtClaimConstraint<T> isGreaterThan​(Function<ValidatorConstraintContext,​T> limitSupplier)
        Returns a JwtClaimConstraint that will succeed if the value is greater than the given value, otherwise it will fail.
        Type Parameters:
        T - The type of the compared value.
        Parameters:
        limitSupplier - A supplier of the limit to be greater than.
        Returns:
        a JwtClaimConstraint that will succeed if the value is greater than the given value, otherwise it will fail.

      • isGreaterThan

        public static <T extends Comparable<T>> JwtClaimConstraint<T> isGreaterThan​(T limit)
        A shorter version of isGreaterThan(constant(limit)).
        Type Parameters:
        T - The type of the compared value.
        Parameters:
        limit - The limit to be greater than.
        Returns:
        a JwtClaimConstraint that will succeed if the value is greater than the given value, otherwise it will fail.

      • isLessOrEqualTo

        public static <T extends Comparable<T>> JwtClaimConstraint<T> isLessOrEqualTo​(Function<ValidatorConstraintContext,​T> limitSupplier)
        Returns a JwtClaimConstraint that will succeed if the value is less than or equal to the given value, otherwise it will fail.
        Type Parameters:
        T - The type of the compared value.
        Parameters:
        limitSupplier - A supplier of the limit to be less than or equal to.
        Returns:
        a JwtClaimConstraint that will succeed if the value is less than or equal to the given value, otherwise it will fail.

      • isLessOrEqualTo

        public static <T extends Comparable<T>> JwtClaimConstraint<T> isLessOrEqualTo​(T limit)
        A shorter version of isLessOrEqualTo(constant(limit)).
        Type Parameters:
        T - The type of the compared value.
        Parameters:
        limit - The limit to be less than or equal to.
        Returns:
        a JwtClaimConstraint that will succeed if the value is less than or equal to the given value, otherwise it will fail.

      • isLessThan

        public static <T extends Comparable<T>> JwtClaimConstraint<T> isLessThan​(Function<ValidatorConstraintContext,​T> limitSupplier)
        Returns a JwtClaimConstraint that will succeed if the value is less than the given value, otherwise it will fail.
        Type Parameters:
        T - The type of the compared value.
        Parameters:
        limitSupplier - A supplier of the limit to be less than.
        Returns:
        a JwtClaimConstraint that will succeed if the value is less than the given value, otherwise it will fail.

      • isLessThan

        public static <T extends Comparable<T>> JwtClaimConstraint<T> isLessThan​(T limit)
        A shorter version of isLessThan(constant(limit)).
        Type Parameters:
        T - The type of the compared value.
        Parameters:
        limit - The limit to be less than.
        Returns:
        a JwtClaimConstraint that will succeed if the value is less than the given value, otherwise it will fail.

      • isNotNull

        public static JwtClaimConstraint<JsonValue> isNotNull()
        Returns empty if the value is present.
        Returns:
        empty if the value is present in the list or a Violation corresponding to this constraint.

      • hasClaims

        public static JwtConstraint hasClaims()
        Returns empty if the JWT does contain claims.
        Returns:
        empty if the JWT does contain claims or a Violation corresponding to this constraint.

      • canBeDecrypted

        public static JwtConstraint canBeDecrypted​(SecretsProvider secretsProvider,
                                           Purpose<DataDecryptionKey> purpose)
        Provides a JwtConstraint configured with the supplied SecretsProvider that contain a secret capable of decrypting and verifying a JWT's encryption. Fails if the supplied JWT is not encrypted or cannot be decrypted with the secrets available in the SecretsProvider.
        Parameters:
        secretsProvider - the instance from where to get the keys.
        purpose - the Purpose of the decryption.
        Returns:
        empty if the JWT has a valid encryption or a Violation corresponding to this constraint.

      • hasValidSignatureAndEncryption

        public static JwtConstraint hasValidSignatureAndEncryption​(JwtConstraint signatureConstraint,
                                                           JwtConstraint decryptionConstraint)
        Provides a JwtConstraint configured with the supplied JwtConstraints verifying both signature and encryption. Fails if the supplied JWT is either :
        • Not encrypted and signed (both orders are accepted)
        • Not decipherable
        • Signed with an invalid signature
        Parameters:
        signatureConstraint - the constraint on signature.
        decryptionConstraint - the constraint on decryption.
        Returns:
        the combined JwtConstraint.

      • equalsAttributeUsingKey

        public static <T> JwtClaimConstraint<T> equalsAttributeUsingKey()
        Returns a JwtClaimConstraint that will succeed if the expected value is equal to the value looked up in the context attributes using the key, otherwise it will fail.
        Type Parameters:
        T - The type of the value being checked.
        Returns:
        a JwtClaimConstraint that will succeed if the expected value is equal to the value looked up in the context attributes using the key, otherwise it will fail.