• Home
• io.jsonwebtoken
• jjwt-api
• 0.12.2
• source code
• KeyOperationPolicyBuilder.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.jsonwebtoken.security.KeyOperationPolicyBuilder Maven / Gradle / Ivy

/*
 * Copyright © 2023 jsonwebtoken.io
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package io.jsonwebtoken.security;

import io.jsonwebtoken.Identifiable;
import io.jsonwebtoken.lang.Builder;
import io.jsonwebtoken.lang.CollectionMutator;

import java.util.Collection;


/**
 * A {@code KeyOperationPolicyBuilder} produces a {@link KeyOperationPolicy} that determines
 * which {@link KeyOperation}s may be assigned to a JWK. Custom {@code KeyOperation}s (such as those created by a
 * {@link Jwks.OP#builder()}) may be added to a policy via the {@link #add(KeyOperation)} or {@link #add(Collection)}
 * methods.
 *
 * @see Jwks.OP#policy()
 * @see JwkBuilder#operationPolicy(KeyOperationPolicy)
 * @see Jwks.OP#builder()
 * @since 0.12.0
 */
public interface KeyOperationPolicyBuilder extends CollectionMutator,
        Builder {

    /**
     * Allows a JWK to have unrelated {@link KeyOperation}s in its {@code key_ops} parameter values. Be careful
     * when calling this method - one should fully understand the security implications of using the same key
     * with multiple algorithms in your application.
     * 
If this method is not called, unrelated key operations are disabled by default per the recommendations in
     * RFC 7517, Section 4.3:
     * 
     * Multiple unrelated key operations SHOULD NOT be specified for a key
     * because of the potential vulnerabilities associated with using the
     * same key with multiple algorithms.
     *
     * @return the builder for method chaining
     * @see "key_ops" (Key Operations)
     * Parameter
     */
    KeyOperationPolicyBuilder unrelated();

    /**
     * Adds the specified key operation to the policy's total set of supported key operations
     * used to validate a key's intended usage, replacing any existing one with an identical (CaSe-SeNsItIvE)
     * {@link Identifiable#getId() id}.
     *
     * 
Standard {@code KeyOperation}s and Overrides
     *
     * 
The RFC standard {@link Jwks.OP} key operations are supported by default and do not need
     * to be added via this method, but beware: If the {@code op} argument has a JWK standard
     * {@link Identifiable#getId() id}, it will replace the JJWT standard operation implementation.
     * This is to allow application developers to favor their own implementations over JJWT's default implementations
     * if necessary (for example, to support legacy or custom behavior).
     *
     * 
If a custom {@code KeyOperation} is desired, one may be easily created with a {@link Jwks.OP#builder()}.
     *
     * @param op a key operation to add to the policy's total set of supported operations, replacing any
     *           existing one with the same exact (CaSe-SeNsItIvE) {@link KeyOperation#getId() id}.
     * @return the builder for method chaining.
     * @see Jwks.OP
     * @see Jwks.OP#builder()
     * @see JwkBuilder#operationPolicy(KeyOperationPolicy)
     * @see JwkBuilder#operations()
     */
    @Override
    // for better JavaDoc
    KeyOperationPolicyBuilder add(KeyOperation op);

    /**
     * Adds the specified key operations to the policy's total set of supported key operations
     * used to validate a key's intended usage, replacing any existing ones with identical
     * {@link Identifiable#getId() id}s.
     *
     * 
There may be only one registered {@code KeyOperation} per CaSe-SeNsItIvE {@code id}, and the
     * {@code ops} collection is added in iteration order; if a duplicate id is found when iterating the {@code ops}
     * collection, the later operation will evict any existing operation with the same {@code id}.
     *
     * 
Standard {@code KeyOperation}s and Overrides
     *
     * 
The RFC standard {@link Jwks.OP} key operations are supported by default and do not need
     * to be added via this method, but beware: any operation in the {@code ops} argument with a
     * JWK standard {@link Identifiable#getId() id} will replace the JJWT standard operation implementation.
     * This is to allow application developers to favor their own implementations over JJWT's default implementations
     * if necessary (for example, to support legacy or custom behavior).
     *
     * 
If custom {@code KeyOperation}s are desired, they may be easily created with a {@link Jwks.OP#builder()}.
     *
     * @param ops collection of key operations to add to the policy's total set of supported operations, replacing any
     *            existing ones with the same exact (CaSe-SeNsItIvE) {@link KeyOperation#getId() id}s.
     * @return the builder for method chaining.
     * @see Jwks.OP
     * @see Jwks.OP#builder()
     * @see JwkBuilder#operationPolicy(KeyOperationPolicy)
     * @see JwkBuilder#operations()
     */
    @Override
    // for better JavaDoc
    KeyOperationPolicyBuilder add(Collection ops);

}