001package com.nimbusds.jose; 002 003 004import java.util.Collections; 005import java.util.Set; 006 007import net.jcip.annotations.ThreadSafe; 008 009 010/** 011 * JSON Web Signature (JWS) header filter implementation. Intended to be 012 * incorporated by {@link JWSVerifier} implementations. This class is 013 * thread-safe. 014 * 015 * @author Vladimir Dzhuvinov 016 * @version $version$ (2013-10-07) 017 */ 018@ThreadSafe 019public class DefaultJWSHeaderFilter extends DefaultHeaderFilter implements JWSHeaderFilter { 020 021 022 /** 023 * The supported algorithms. Used to bound the subset of the accepted 024 * ones. 025 */ 026 private final Set<JWSAlgorithm> algs; 027 028 029 /** 030 * The accepted algorithms. 031 */ 032 private Set<JWSAlgorithm> acceptedAlgs; 033 034 035 /** 036 * Validates the specified accepted parameters. 037 * 038 * @param acceptedParams The accepted JWS header parameters. Must 039 * contain at least the {@code alg} parameter and 040 * must not be {@code null}. 041 * 042 * @throws IllegalArgumentException If the parameters didn't meet the 043 * validation criteria. 044 */ 045 private static void validateAcceptedParameters(final Set<String> acceptedParams) { 046 047 if (! acceptedParams.contains("alg")) { 048 049 throw new IllegalArgumentException("The accepted JWS header parameters set must include at least the \"alg\" parameter"); 050 } 051 } 052 053 054 /** 055 * Creates a new JWS header filter. The accepted algorithms are set to 056 * equal the specified supported ones. The accepted header parameters 057 * are set to match 058 * {@link com.nimbusds.jose.JWSHeader#getRegisteredParameterNames()}. 059 * 060 * @param algs The supported JWS algorithms. Used to bound the 061 * {@link #setAcceptedAlgorithms accepted algorithms}. Must 062 * not be {@code null}. 063 */ 064 public DefaultJWSHeaderFilter(final Set<JWSAlgorithm> algs) { 065 066 this(algs, JWSHeader.getRegisteredParameterNames()); 067 } 068 069 070 /** 071 * Creates a new JWS header filter. The accepted algorithms are set to 072 * equal the specified supported ones. 073 * 074 * @param algs The supported JWS algorithms. Used to bound 075 * the {@link #setAcceptedAlgorithms accepted 076 * algorithms}. Must not be {@code null}. 077 * @param acceptedParams The accepted JWS header parameters. Must 078 * contain at least the {@code alg} parameter and 079 * must not be {@code null}. 080 */ 081 public DefaultJWSHeaderFilter(final Set<JWSAlgorithm> algs, 082 final Set<String> acceptedParams) { 083 084 super(acceptedParams); 085 086 validateAcceptedParameters(acceptedParams); 087 088 if (algs == null) { 089 090 throw new IllegalArgumentException("The supported JWS algorithms set must not be null"); 091 } 092 093 this.algs = Collections.unmodifiableSet(algs); 094 095 // Initially the accepted set equals the supported set 096 acceptedAlgs = this.algs; 097 } 098 099 100 /** 101 * Returns the names of the supported JWS algorithms. Used to bound the 102 * {@link #setAcceptedAlgorithms accepted algorithms}. 103 * 104 * @return The supported JWS algorithms as a read-only set, empty set 105 * if none. 106 */ 107 public Set<JWSAlgorithm> supportedAlgorithms() { 108 109 return algs; 110 } 111 112 113 @Override 114 public Set<JWSAlgorithm> getAcceptedAlgorithms() { 115 116 return acceptedAlgs; 117 } 118 119 120 @Override 121 public void setAcceptedAlgorithms(final Set<JWSAlgorithm> acceptedAlgs) { 122 123 if (acceptedAlgs == null) { 124 125 throw new IllegalArgumentException("The accepted JWS algorithms set must not be null"); 126 } 127 128 if (! supportedAlgorithms().containsAll(acceptedAlgs)) { 129 130 throw new IllegalArgumentException("One or more of the JWE algorithms is not in the supported set"); 131 } 132 133 this.acceptedAlgs = Collections.unmodifiableSet(acceptedAlgs); 134 } 135 136 137 @Override 138 public void setAcceptedParameters(final Set<String> acceptedParams) { 139 140 validateAcceptedParameters(acceptedParams); 141 142 super.setAcceptedParameters(acceptedParams); 143 } 144}