Package org.apache.solr.security

Class JWTVerificationkeyResolver

  • All Implemented Interfaces:
    org.jose4j.keys.resolvers.VerificationKeyResolver
    public class JWTVerificationkeyResolver
extends Object
implements org.jose4j.keys.resolvers.VerificationKeyResolver
    Resolves jws signature verification keys from a set of JWTIssuerConfig objects, which may represent any valid configuration in Solr's security.json, i.e. static list of JWKs or keys retrieved from HTTPs JWK endpoints. This implementation maintains a map of issuers, each with its own list of JsonWebKey, and resolves correct key from correct issuer similar to HttpsJwksVerificationKeyResolver. If issuer claim is not required, we will select the first IssuerConfig if there is exactly one such config. If a key is not found, and issuer is backed by HTTPsJWKs, we attempt one cache refresh before failing.

    • Constructor Detail

      • JWTVerificationkeyResolver

        public JWTVerificationkeyResolver​(Collection<JWTIssuerConfig> issuerConfigs,
                                  boolean requireIssuer)
        Resolves key from a JWKs from one or more IssuerConfigs
        Parameters:
        issuerConfigs - Collection of configuration objects for the issuer(s)
        requireIssuer - if true, will require 'iss' claim on jws

    • Method Detail

      • resolveKey

        public Key resolveKey​(org.jose4j.jws.JsonWebSignature jws,
                      List<org.jose4j.jwx.JsonWebStructure> nestingContext)
               throws org.jose4j.lang.UnresolvableKeyException
        Specified by:
        resolveKey in interface org.jose4j.keys.resolvers.VerificationKeyResolver
        Throws:
        org.jose4j.lang.UnresolvableKeyException