Class Constraints
java.lang.Object
org.forgerock.openig.tools.jwt.validation.Constraints
Constraints
defined for JWT validation. Constraint evaluation results in a promise of a Result
.-
Method Summary
Modifier and TypeMethodDescriptionstatic JwtConstraint
canBeDecrypted
(SecretsProvider secretsProvider, Purpose<DataDecryptionKey> purpose) Provides aJwtConstraint
configured with the suppliedSecretsProvider
that contain a secret capable of decrypting and verifying a JWT's encryption.static <T> JwtClaimConstraint<Collection<T>>
contains
(T expected) Returnsempty
if the list contains the expected value.static <T> JwtClaimConstraint<Collection<T>>
containsOnly
(T expected) Returnsempty
if the list contains only the expected value.static <T> JwtClaimConstraint<T>
Returns aJwtClaimConstraint
that will succeed if the expected value is equal to the value looked up in the context attributes using the key, otherwise it will fail.static JwtConstraint
Returnsempty
if the JWT does contain claims.static JwtConstraint
hasValidSignature
(JwsSignatureVerifier verifier) Validates the signature of thisSignedJwt
.static JwtConstraint
hasValidSignature
(SecretsProvider secretsProvider, Purpose<VerificationKey> purpose) Validates the signature of thisSignedJwt
.static JwtConstraint
hasValidSignatureAndEncryption
(JwtConstraint signatureConstraint, JwtConstraint decryptionConstraint) Provides aJwtConstraint
configured with the suppliedJwtConstraint
s verifying both signature and encryption.static <T> JwtClaimConstraint<T>
isEqualTo
(T expected) Returnsempty
if the value is equal to the one expected and fulfill theViolation
with the custom error message.static <T> JwtClaimConstraint<T>
isExpectedType
(Class<?> expectedType) Returns aJwtClaimConstraint
that will succeed if the claim exists and is of the expected type, otherwise it will fail.static <T extends Comparable<T>>
JwtClaimConstraint<T>isGreaterOrEqualTo
(Function<ValidatorConstraintContext, T> limitSupplier) Returns aJwtClaimConstraint
that will succeed if the value is greater than or equal to the given value, otherwise it will fail.static <T extends Comparable<T>>
JwtClaimConstraint<T>isGreaterOrEqualTo
(T limit) A shorter version of isGreaterOrEqualTo(constant(limit)).static <T extends Comparable<T>>
JwtClaimConstraint<T>isGreaterThan
(Function<ValidatorConstraintContext, T> limitSupplier) Returns aJwtClaimConstraint
that will succeed if the value is greater than the given value, otherwise it will fail.static <T extends Comparable<T>>
JwtClaimConstraint<T>isGreaterThan
(T limit) A shorter version of isGreaterThan(constant(limit)).static JwtClaimConstraint<Instant>
Returns aJwtClaimConstraint
that will succeed if the timestamp is after the given date, otherwise it will fail.static JwtClaimConstraint<Instant>
Returns aJwtClaimConstraint
that will succeed if the timestamp is before the given date, otherwise it will fail.static <T extends Comparable<T>>
JwtClaimConstraint<T>isLessOrEqualTo
(Function<ValidatorConstraintContext, T> limitSupplier) Returns aJwtClaimConstraint
that will succeed if the value is less than or equal to the given value, otherwise it will fail.static <T extends Comparable<T>>
JwtClaimConstraint<T>isLessOrEqualTo
(T limit) A shorter version of isLessOrEqualTo(constant(limit)).static <T extends Comparable<T>>
JwtClaimConstraint<T>isLessThan
(Function<ValidatorConstraintContext, T> limitSupplier) Returns aJwtClaimConstraint
that will succeed if the value is less than the given value, otherwise it will fail.static <T extends Comparable<T>>
JwtClaimConstraint<T>isLessThan
(T limit) A shorter version of isLessThan(constant(limit)).static JwtClaimConstraint<JsonValue>
Returnsempty
if the value is present.static JwtClaimConstraint<String>
Build and returns a new `Constraint` that checks if the claim's value is matched (as perMatcher.matches()
) by the givenregex
.
-
Method Details
-
isEqualTo
Returnsempty
if the value is equal to the one expected and fulfill theViolation
with the custom error message.- Type Parameters:
T
- The type on which the constraint applies.- Parameters:
expected
- The expected value.- Returns:
empty
if the value is equal to the one expected or aViolation
corresponding to this constraint.
-
contains
Returnsempty
if the list contains the expected value.- Type Parameters:
T
- The type on which the constraint applies.- Parameters:
expected
- The expected value.- Returns:
empty
if the value is contained in the list or aViolation
corresponding to this constraint.
-
containsOnly
Returnsempty
if the list contains only the expected value.- Type Parameters:
T
- The type on which the constraint applies.- Parameters:
expected
- The expected value.- Returns:
empty
if the value is contained in the singletonlist or aViolation
corresponding to this constraint.
-
isInTheFuture
Returns aJwtClaimConstraint
that will succeed if the timestamp is after the given date, otherwise it will fail. This method uses the skew allowance held on theValidatorConstraintContext
.- Returns:
- a
JwtClaimConstraint
that will succeed if the timestamp is after the given date, otherwise it will fail.
-
isInThePast
Returns aJwtClaimConstraint
that will succeed if the timestamp is before the given date, otherwise it will fail. This method uses the skew allowance held on theValidatorConstraintContext
.- Returns:
- a
JwtClaimConstraint
that will succeed if the timestamp is before the given date, otherwise it will fail.
-
isGreaterOrEqualTo
public static <T extends Comparable<T>> JwtClaimConstraint<T> isGreaterOrEqualTo(Function<ValidatorConstraintContext, T> limitSupplier) Returns aJwtClaimConstraint
that will succeed if the value is greater than or equal to the given value, otherwise it will fail.- Type Parameters:
T
- The type of the compared value.- Parameters:
limitSupplier
- A supplier of the limit to be greater than or equal to.- Returns:
- a
JwtClaimConstraint
that will succeed if the value is greater than or equal to the given value, otherwise it will fail.
-
isGreaterOrEqualTo
A shorter version of isGreaterOrEqualTo(constant(limit)).- Type Parameters:
T
- The type of the compared value.- Parameters:
limit
- The limit to be greater than or equal to.- Returns:
- a
JwtClaimConstraint
that will succeed if the value is greater than or equal to the given value, otherwise it will fail.
-
isGreaterThan
public static <T extends Comparable<T>> JwtClaimConstraint<T> isGreaterThan(Function<ValidatorConstraintContext, T> limitSupplier) Returns aJwtClaimConstraint
that will succeed if the value is greater than the given value, otherwise it will fail.- Type Parameters:
T
- The type of the compared value.- Parameters:
limitSupplier
- A supplier of the limit to be greater than.- Returns:
- a
JwtClaimConstraint
that will succeed if the value is greater than the given value, otherwise it will fail.
-
isGreaterThan
A shorter version of isGreaterThan(constant(limit)).- Type Parameters:
T
- The type of the compared value.- Parameters:
limit
- The limit to be greater than.- Returns:
- a
JwtClaimConstraint
that will succeed if the value is greater than the given value, otherwise it will fail.
-
isLessOrEqualTo
public static <T extends Comparable<T>> JwtClaimConstraint<T> isLessOrEqualTo(Function<ValidatorConstraintContext, T> limitSupplier) Returns aJwtClaimConstraint
that will succeed if the value is less than or equal to the given value, otherwise it will fail.- Type Parameters:
T
- The type of the compared value.- Parameters:
limitSupplier
- A supplier of the limit to be less than or equal to.- Returns:
- a
JwtClaimConstraint
that will succeed if the value is less than or equal to the given value, otherwise it will fail.
-
isLessOrEqualTo
A shorter version of isLessOrEqualTo(constant(limit)).- Type Parameters:
T
- The type of the compared value.- Parameters:
limit
- The limit to be less than or equal to.- Returns:
- a
JwtClaimConstraint
that will succeed if the value is less than or equal to the given value, otherwise it will fail.
-
isLessThan
public static <T extends Comparable<T>> JwtClaimConstraint<T> isLessThan(Function<ValidatorConstraintContext, T> limitSupplier) Returns aJwtClaimConstraint
that will succeed if the value is less than the given value, otherwise it will fail.- Type Parameters:
T
- The type of the compared value.- Parameters:
limitSupplier
- A supplier of the limit to be less than.- Returns:
- a
JwtClaimConstraint
that will succeed if the value is less than the given value, otherwise it will fail.
-
isLessThan
A shorter version of isLessThan(constant(limit)).- Type Parameters:
T
- The type of the compared value.- Parameters:
limit
- The limit to be less than.- Returns:
- a
JwtClaimConstraint
that will succeed if the value is less than the given value, otherwise it will fail.
-
isNotNull
Returnsempty
if the value is present.- Returns:
empty
if the value is present in the list or aViolation
corresponding to this constraint.
-
matches
Build and returns a new `Constraint` that checks if the claim's value is matched (as perMatcher.matches()
) by the givenregex
.The Constraint fails with a Violation otherwise.
- Parameters:
pattern
- The regex pattern to match.- Returns:
- a new Constraint for Pattern matching
- See Also:
-
hasClaims
Returnsempty
if the JWT does contain claims.- Returns:
empty
if the JWT does contain claims or aViolation
corresponding to this constraint.
-
hasValidSignature
Validates the signature of thisSignedJwt
.- Parameters:
verifier
- TheJwsSignatureVerifier
used to verify the signature.- Returns:
empty
if the JWT has a valid signature or aViolation
corresponding to this constraint.
-
hasValidSignature
public static JwtConstraint hasValidSignature(SecretsProvider secretsProvider, Purpose<VerificationKey> purpose) Validates the signature of thisSignedJwt
.- Parameters:
secretsProvider
- the secretsProvider containing the validation keypurpose
- the purpose used to retieve the signature validation key- Returns:
empty
if the JWT has a valid signature or aViolation
corresponding to this constraint.
-
canBeDecrypted
public static JwtConstraint canBeDecrypted(SecretsProvider secretsProvider, Purpose<DataDecryptionKey> purpose) Provides aJwtConstraint
configured with the suppliedSecretsProvider
that contain a secret capable of decrypting and verifying a JWT's encryption. Fails if the supplied JWT is not encrypted or cannot be decrypted with the secrets available in theSecretsProvider
. -
hasValidSignatureAndEncryption
public static JwtConstraint hasValidSignatureAndEncryption(JwtConstraint signatureConstraint, JwtConstraint decryptionConstraint) Provides aJwtConstraint
configured with the suppliedJwtConstraint
s verifying both signature and encryption. Fails if the supplied JWT is either :- Not encrypted and signed (both orders are accepted)
- Not decipherable
- Signed with an invalid signature
- Parameters:
signatureConstraint
- the constraint on signature.decryptionConstraint
- the constraint on decryption.- Returns:
- the combined JwtConstraint.
-
equalsAttributeUsingKey
Returns aJwtClaimConstraint
that will succeed if the expected value is equal to the value looked up in the context attributes using the key, otherwise it will fail.- Type Parameters:
T
- The type of the value being checked.- Returns:
- a
JwtClaimConstraint
that will succeed if the expected value is equal to the value looked up in the context attributes using the key, otherwise it will fail.
-
isExpectedType
Returns aJwtClaimConstraint
that will succeed if the claim exists and is of the expected type, otherwise it will fail.- Type Parameters:
T
- The type on which the constraint applies.- Parameters:
expectedType
- The expected type of the claim.- Returns:
- a
JwtClaimConstraint
that will succeed if the claim exists and is of the expected type, otherwise it will fail.
-