Interface JwtSignatureValidator

All Superinterfaces:
AutoCloseable, Closeable, org.elasticsearch.core.Releasable
All Known Implementing Classes:
JwtSignatureValidator.DelegatingJwtSignatureValidator, JwtSignatureValidator.HmacJwtSignatureValidator, JwtSignatureValidator.PkcJwtSignatureValidator

public interface JwtSignatureValidator extends org.elasticsearch.core.Releasable
  • Field Details

    • logger

      static final org.apache.logging.log4j.Logger logger
  • Method Details

    • close

      default void close()
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable
      Specified by:
      close in interface org.elasticsearch.core.Releasable
    • validate

      void validate(String tokenPrincipal, com.nimbusds.jwt.SignedJWT jwt, ActionListener<Void> listener)
    • validateSignature

      default void validateSignature(com.nimbusds.jwt.SignedJWT jwt, List<com.nimbusds.jose.jwk.JWK> jwks) throws Exception
      Look through each JWK in the JWKSet to see if they can validate the Signed JWT signature. Apply JWT kid and JWT alg filters to the JWKs to skip unnecessary signature checking. If JWT kid is present, and any JWK kid matches, only use the matching subset of JWKs. Ignore the rest. Note: JWK kid should be unique. However, this method does not assume they are unique. Each match will be tried. Depending on the JWT alg, certain HMAC/RSA/EC JWKs can be excluded. HMAC JWKs that do not meet the minimum length requirement are ignored. RSA JWKs that do not meet the minimum length requirement are ignored. EC JWKs that do not meet the exact curve requirement are ignored.
      Parameters:
      jwt - Signed JWT to be validated.
      jwks - JWKSet of HMAC/RSA/EC JWKs. At least one JWK is required to succeed.
      Throws:
      Exception - Error if JWKs fail to validate the Signed JWT.
    • createJwsVerifier

      default com.nimbusds.jose.JWSVerifier createJwsVerifier(com.nimbusds.jose.jwk.JWK jwk) throws com.nimbusds.jose.JOSEException
      Throws:
      com.nimbusds.jose.JOSEException