Package com.broadleafcommerce.auth.user.autoconfigure.support.keys

Class DynamicPropertyKeyJWKSource

java.lang.Object
com.broadleafcommerce.auth.user.autoconfigure.support.keys.DynamicPropertyKeyJWKSource
All Implemented Interfaces:
com.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext>
public class DynamicPropertyKeyJWKSource extends Object implements com.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext>
JWKSource is used by components like NimbusJwtEncoder to obtain JWK instances for operations.

Elsewhere, we have 'smart' dynamic key implementations such as DynamicPropertyPrivateKey and DynamicPropertyPublicKey whose values can change at any time. However, we need to convert them to JWK before they can be successfully used by JWKSource. Unfortunately, JWK implementations such as RSAKey are marked final, and therefore we cannot introduce a 'smart' extension of them.

This represents a custom implementation of JWKSource that will internally construct/use JWK instances on each method call that match the current 'latest' value in DynamicPropertyPublicKey/DynamicPropertyPrivateKey.

  • Constructor Details

    • DynamicPropertyKeyJWKSource

      public DynamicPropertyKeyJWKSource(int cacheSize, KeyPair dynamicPropertyKeyPair)

    • DynamicPropertyKeyJWKSource

      public DynamicPropertyKeyJWKSource(KeyPair dynamicPropertyKeyPair)

  • Method Details

    • getDelegate

      protected com.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext> getDelegate()
      Returns:
      the delegate JWKSource to use for all JWKSource method calls on this instance

    • getCacheKeyForKeyValues

      protected String getCacheKeyForKeyValues()
      The dynamic keys guarantee that when we obtain values from them, they represent either the latest values from properties or the stable values that should be used for the duration of a request lifecycle (if in a request lifecycle).

      Thus, we can safely compute the cache key in this step and assume the same values will appear in constructJWKSourceFromKeyValues() if in a request lifecycle.

      Returns:
      a cache key comprised of the base64-encoded public and private key values

    • constructJWKSourceFromKeyValues

      protected com.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext> constructJWKSourceFromKeyValues()
      By default, construct a simple RSAKey from the key values and wrap it in ImmutableJWKSet.
      Returns:
      a JWKSource based on the current key values

    • get

      public List<com.nimbusds.jose.jwk.JWK> get(com.nimbusds.jose.jwk.JWKSelector jwkSelector, com.nimbusds.jose.proc.SecurityContext context) throws com.nimbusds.jose.KeySourceException
      Specified by:
      get in interface com.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext>
      Throws:
      com.nimbusds.jose.KeySourceException

    • getDynamicPropertyKeyPair

      protected KeyPair getDynamicPropertyKeyPair()
      KeyPair expected to contain the DynamicPropertyPublicKey and DynamicPropertyPrivateKey.

    • getCachedJWKSourceByEncodedKeyPairString

      protected Map<String,com.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext>> getCachedJWKSourceByEncodedKeyPairString()