Class JwtBundle

java.lang.Object
io.spiffe.bundle.jwtbundle.JwtBundle
All Implemented Interfaces:
BundleSource<JwtBundle>
public class JwtBundle extends Object implements BundleSource<JwtBundle>
Represents a collection of trusted JWT authorities (Public Keys) for a trust domain.

  • Constructor Details

    • JwtBundle

      public JwtBundle(@NonNull @NonNull TrustDomain trustDomain)
      Creates a new JWT bundle for a trust domain.
      Parameters:
      trustDomain - a TrustDomain to associate to the JwtBundle

    • JwtBundle

      public JwtBundle(@NonNull @NonNull TrustDomain trustDomain, @NonNull @NonNull Map<String,PublicKey> jwtAuthorities)
      Creates a new JWT bundle for a trust domain with JWT Authorities (public keys associated to keyIds).
      Parameters:
      trustDomain - a TrustDomain to associate to the JwtBundle
      jwtAuthorities - a Map of public Keys

  • Method Details

    • load

      public static JwtBundle load(@NonNull @NonNull TrustDomain trustDomain, @NonNull @NonNull Path bundlePath) throws KeyException, JwtBundleException
      Loads a JWT bundle from a file on disk. The file must contain a standard RFC 7517 JWKS document.

      Key Types supported are EC and RSA.

      Parameters:
      trustDomain - a TrustDomain to associate to the JWT bundle.
      bundlePath - a path to a file containing the JWT authorities (public keys).
      Returns:
      an instance of a JwtBundle
      Throws:
      JwtBundleException - if there is an error reading or parsing the file, or if a keyId is empty
      KeyException - if the bundle file contains a key type that is not supported

    • parse

      public static JwtBundle parse(@NonNull @NonNull TrustDomain trustDomain, @NonNull @NonNull byte[] bundleBytes) throws JwtBundleException
      Parses a JWT bundle from a byte array.
      Parameters:
      trustDomain - a TrustDomain
      bundleBytes - an array of bytes representing the JWT bundle.
      Returns:
      an instance of a JwtBundle
      Throws:
      JwtBundleException - if there is an error reading or parsing the file, or if a keyId is empty

    • getBundleForTrustDomain

      public JwtBundle getBundleForTrustDomain(TrustDomain trustDomain) throws BundleNotFoundException
      Returns the JWT bundle for a trust domain.
      Specified by:
      getBundleForTrustDomain in interface BundleSource<JwtBundle>
      Parameters:
      trustDomain - a TrustDomain
      Returns:
      a JwtBundle for the trust domain
      Throws:
      BundleNotFoundException - if there is no bundle for the given trust domain

    • getJwtAuthorities

      public Map<String,PublicKey> getJwtAuthorities()
      Returns the JWT authorities in the bundle, keyed by key ID.
      Returns:
      the JWT authorities in the bundle, keyed by key ID

    • findJwtAuthority

      public PublicKey findJwtAuthority(String keyId) throws AuthorityNotFoundException
      Finds the JWT key with the given key id from the bundle.
      Parameters:
      keyId - the Key ID
      Returns:
      PublicKey representing the Authority associated to the KeyID.
      Throws:
      AuthorityNotFoundException - if no Authority is found associated to the Key ID

    • hasJwtAuthority

      public boolean hasJwtAuthority(String keyId)
      Looks for a JWT authority id in the JWT bundle.
      Parameters:
      keyId - id of a JWT Authority
      Returns:
      true if the bundle has a JWT authority with the given key ID.

    • putJwtAuthority

      public void putJwtAuthority(@NonNull @NonNull String keyId, @NonNull @NonNull PublicKey jwtAuthority)
      Adds a JWT authority to the bundle. If a JWT authority already exists under the given key ID, it is replaced. A key ID must be specified.
      Parameters:
      keyId - Key ID to associate to the jwtAuthority
      jwtAuthority - a PublicKey

    • removeJwtAuthority

      public void removeJwtAuthority(String keyId)
      Removes the JWT authority identified by the key ID from the bundle.
      Parameters:
      keyId - The key id of the JWT authority to be removed