Class JwksStore

java.lang.Object
org.forgerock.json.jose.jwk.store.JwksStore

public class JwksStore extends Object
Store JWKs into a jwkSet from a JWKs_URI and refresh the jwkSet when necessary.
  • Constructor Details

    • JwksStore

      @Deprecated public JwksStore(Duration cacheTimeout, Duration cacheMissCacheTime, URL jwkUrl, JWKSetParser jwkSetParser, Clock clock) throws FailedToLoadJWKException
      Deprecated.
      Create a new JWKs store.
      Parameters:
      cacheTimeout - a cache timeout to avoid reloading the cache all the time when doing encryption
      cacheMissCacheTime - the cache time before reloading the cache in case of a cache miss. This avoids polling the client application too often.
      jwkUrl - the jwk url of the JWKs hosted by the client application
      jwkSetParser - the jwks set parser
      clock - the clock to use for determining when to reload the jwk set.
      Throws:
      FailedToLoadJWKException - if the jwks can't be reloaded.
  • Method Details

    • newJwksStore

      public static Promise<JwksStore,FailedToLoadJWKException> newJwksStore(Duration cacheTimeout, Duration cacheMissCacheTime, URL jwkUrl, JWKSetParser jwkSetParser, Clock clock)
      Create a new JWKs store asynchronously. The JwksStore may not be properly initialized when the promise is completed, as we ignore the exception and return the store anyway.
      Parameters:
      cacheTimeout - a cache timeout to avoid reloading the cache all the time when doing encryption
      cacheMissCacheTime - the cache time before reloading the cache in case of a cache miss. This avoids polling the client application too often.
      jwkUrl - the jwk url of the JWKs hosted by the client application
      jwkSetParser - the jwks set parser
      clock - the clock to use for determining when to reload the jwk set.
      Returns:
      a Promise of a JwksStore.
    • reloadJwksAsync

      public Promise<Void,FailedToLoadJWKException> reloadJwksAsync()
      Communicates with the configured server, attempting to download the latest JWKs for use.
      Returns:
      a Promise of a FailedToLoadJWKException if an exception occurs.
    • reloadJwks

      @Deprecated public void reloadJwks() throws FailedToLoadJWKException
      Deprecated.
      Use reloadJwksAsync() instead.
      Communicates with the configured server, attempting to download the latest JWKs for use.
      Throws:
      FailedToLoadJWKException - if there were issues parsing the supplied URL
    • findJwk

      @Deprecated public JWK findJwk(Algorithm algorithm, String keyUse) throws FailedToLoadJWKException
      Deprecated.
      Search for a JWK that matches the algorithm and the key usage.
      Parameters:
      algorithm - the algorithm needed
      keyUse - the key usage. If null, only the algorithm will be used as a search criteria.
      Returns:
      A jwk that matches the search criteria. If no JWK found for the key usage, then it searches for a JWK without key usage defined. If still no JWK found, then returns null.
      Throws:
      FailedToLoadJWKException - if the jwks can't be reloaded.
    • findJwkAsync

      public Promise<JWK,FailedToLoadJWKException> findJwkAsync(Algorithm algorithm, String keyUse)
      Search asynchronously for a JWK that matches the algorithm and the key usage.
      Parameters:
      algorithm - the algorithm needed
      keyUse - the key usage. If null, only the algorithm will be used as a search criteria.
      Returns:
      A Promise of a JWK that matches the search criteria.
    • findJwk

      @Deprecated public JWK findJwk(String kid) throws FailedToLoadJWKException
      Deprecated.
      Search for a JWK that matches the kid.
      Parameters:
      kid - Key ID
      Returns:
      A jwk that matches the kid. If no JWK found, returns null
      Throws:
      FailedToLoadJWKException - if the jwks can't be reloaded.
    • findJwkAsync

      public Promise<JWK,FailedToLoadJWKException> findJwkAsync(String kid)
      Search asynchronously for a JWK that matches the kid.
      Parameters:
      kid - Key ID
      Returns:
      A Promise of a JWK that matches the provided kid.
    • findJwkAsync

      public Promise<JWK,FailedToLoadJWKException> findJwkAsync(Predicate<JWK> predicate)
      Return the JWK matching the keyID with the algorithm and keyUse.
      Parameters:
      predicate - function test the JWK against.
      Returns:
      the JWK matching the predicate.
    • getLastLoadedJwkSet

      public Pair<JWKSet,Instant> getLastLoadedJwkSet()
      Returns the last successfully loaded JWK Set together with the time at which it was last fetched.
      Returns:
      the current JWK Set and the instant it was loaded.
    • getLatestJwkSet

      public Promise<JWKSet,FailedToLoadJWKException> getLatestJwkSet()
      Returns the latest non expired successfully loaded JWK Set.
      Returns:
      the latest non expired successfully loaded JWK Set.
    • getCacheTimeout

      public Duration getCacheTimeout()
      Get the cache timeout.
      Returns:
      the cache timeout.
    • getCacheMissCacheTime

      public Duration getCacheMissCacheTime()
      Get the cache time before reloading the cache in case of cache miss.
      Returns:
      the cache miss cache time.
    • getJwkUrl

      public URL getJwkUrl()
      The JWKs URI.
      Returns:
      the jwk uri.
    • setCacheTimeout

      public void setCacheTimeout(Duration cacheTimeout)
      Update the cache timeout.
      Parameters:
      cacheTimeout - the cache timeout.
    • setCacheMissCacheTime

      public void setCacheMissCacheTime(Duration cacheMissCacheTime)
      Update the cache time before reloading the cache in case of cache miss.
      Parameters:
      cacheMissCacheTime - the cache miss cache time.
    • setJwkUrl

      @Deprecated public void setJwkUrl(URL jwkUrl) throws FailedToLoadJWKException
      Deprecated.
      Use setJwkUrlAsync(URL) instead.
      Update the JWKs URI.
      Parameters:
      jwkUrl - the jwks uri.
      Throws:
      FailedToLoadJWKException - if unable to set the URL.
    • setJwkUrlAsync

      public Promise<Void,FailedToLoadJWKException> setJwkUrlAsync(URL jwkUrl)
      Update the JWKs URI.
      Parameters:
      jwkUrl - the jwks uri.
      Returns:
      a Promise encapsulating any potential exception.
    • toString

      public String toString()
      Overrides:
      toString in class Object