Class KeyUtil

java.lang.Object
com.broadleafcommerce.auth.util.KeyUtil

public final class KeyUtil extends Object
Utilities related to token signing keys
  • Field Details

    • PUBLIC_KEY_PROPERTY_MAIN

      public static final String PUBLIC_KEY_PROPERTY_MAIN
      See Also:
    • PUBLIC_KEY_PROPERTY_PATTERN

      public static final Pattern PUBLIC_KEY_PROPERTY_PATTERN
  • Method Details

    • getPublicKeys

      public static List<Key> getPublicKeys(org.springframework.core.env.Environment environment) throws NoSuchAlgorithmException, InvalidKeySpecException
      Get all public keys declared in the spring environment. Having multiple public keys allows for token signing key rotation with zero downtime. Public keys are versioned using the following naming convention: broadleaf.auth.security.oauth2.encodedpublickeys.[version]. The 'version' element of the property name should be an integer. Greater version values are favored as representing the latest. All keys will be available to serve as token verifiers, thus allowing tokens emitted previous to the rotation to still be valid until the relevant property key is removed from the environment.
      Parameters:
      environment - The spring config environment
      Returns:
      All public keys found
      Throws:
      NoSuchAlgorithmException
      InvalidKeySpecException