Loading...
Searching...
No Matches
tenduke::jwk::DynamicJWKSSignatureValidator Class Reference
#include <DynamicJWKSSignatureValidator.h>
Detailed Description
Extension of tenduke::jwk::JWKSSignatureValidator, which first looks up key in cache, and if not found, tries to refresh-the cache.
NOTE: Downloading the keyset may fail for various reasons (no network connection, invalid URL, temporary backend errors etc.), these causes will throw exceptions.
Inheritance diagram for tenduke::jwk::DynamicJWKSSignatureValidator:
Public Member Functions | |
| DynamicJWKSSignatureValidator (const std::shared_ptr< tenduke::jwk::JWKS > &keySet, const std::shared_ptr< const tenduke::jwk::JWKSDownloader > &jwksDownloader, std::string jwksUrl, tenduke::crypto::MessageDigest::Algorithm validationAlgorithm=tenduke::crypto::MessageDigest::Algorithm::NONE, bool requireValidAlgClaim=true) | |
| Constructs new instance. | |
 Public Member Functions inherited from tenduke::jwk::JWKSSignatureValidator | |
| JWKSSignatureValidator (const std::shared_ptr< tenduke::jwk::JWKS > &keySet, tenduke::crypto::MessageDigest::Algorithm validationAlgorithm=tenduke::crypto::MessageDigest::Algorithm::NONE, bool requireValidAlgClaim=true) | |
| Constructs new instance. | |
| bool | validate (const tenduke::json::JSONObject *jwtHeader, const char *payload, std::size_t payloadLength, const unsigned char *signatureBytes, std::size_t signatureLengthB) const override |
| Validates JWT signature. | |
Protected Member Functions | |
| std::unique_ptr< tenduke::jwk::JWK > | findJWK (const std::string &keyId) const override |
| Locates the key from cache by id. | |
| Protected Member Functions inherited from tenduke::jwk::JWKSSignatureValidator | |
| virtual void | mergeKeys (const tenduke::jwk::JWKS &newKeySet) const |
Merges keys from newKeySet to the contained keySet. | |
Constructor & Destructor Documentation
◆ DynamicJWKSSignatureValidator()
| tenduke::jwk::DynamicJWKSSignatureValidator::DynamicJWKSSignatureValidator | ( | const std::shared_ptr< tenduke::jwk::JWKS > & | keySet, |
| const std::shared_ptr< const tenduke::jwk::JWKSDownloader > & | jwksDownloader, | ||
| std::string | jwksUrl, | ||
| tenduke::crypto::MessageDigest::Algorithm | validationAlgorithm = tenduke::crypto::MessageDigest::Algorithm::NONE, |
||
| bool | requireValidAlgClaim = true |
||
| ) |
Constructs new instance.
- Parameters
-
jwksDownloader - keySet - jwksUrl - validationAlgorithm Pre-set validation algorithm to use. If set to anything else than NONE, this algorithm is ALWAYS used to validate the token. This prevents tampering the token.requireValidAlgClaim If codetrue, then the JWT-header must havealg-claim which maps to supported algorithm (excluding NONE). Otherwise the token does not validate. Iffalse, then missingalgor unsupported algorithm means that the token is always considered valid. This parameter has no effect ifvalidationAlgorithmis set.
Member Function Documentation
◆ findJWK()
|
overrideprotectedvirtual |
Locates the key from cache by id.
If key is not found from cache, this extension downloads the keyset from jwksURL and merges the downloaded keyset with the cache. Then it attempts to find the key from cache again.
- Parameters
-
keyId -
- Returns
- the key, or
nullptrif key not found
Reimplemented from tenduke::jwk::JWKSSignatureValidator.
The documentation for this class was generated from the following files:
- core/core/src/jwk/DynamicJWKSSignatureValidator.h
- core/core/src/jwk/DynamicJWKSSignatureValidator.cpp
