All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.jsonwebtoken.security.KeyOperationPolicied Maven / Gradle / Ivy

There is a newer version: 0.12.6
Show newest version
/*
 * Copyright © 2023 jsonwebtoken.io
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package io.jsonwebtoken.security;

/**
 * A marker interface that indicates the implementing instance supports the ability to configure a
 * {@link KeyOperationPolicy} used to validate JWK instances.
 *
 * @param  the implementing instance for method chaining
 */
public interface KeyOperationPolicied> {

    /**
     * Sets the key operation policy that determines which {@link KeyOperation}s may be assigned to a
     * JWK. Unless overridden by this method, the default RFC-recommended policy is used where:
     * 
    *
  • All {@link Jwks.OP RFC-standard key operations} are supported.
  • *
  • Multiple unrelated operations may not be assigned to the JWK per the * RFC 7517, Section 4.3 recommendation: *
         * Multiple unrelated key operations SHOULD NOT be specified for a key
         * because of the potential vulnerabilities associated with using the
         * same key with multiple algorithms.  Thus, the combinations "{@link Jwks.OP#SIGN sign}"
         * with "{@link Jwks.OP#VERIFY verify}", "{@link Jwks.OP#ENCRYPT encrypt}" with "{@link Jwks.OP#DECRYPT decrypt}", and "{@link Jwks.OP#WRAP_KEY wrapKey}" with
         * "{@link Jwks.OP#UNWRAP_KEY unwrapKey}" are permitted, but other combinations SHOULD NOT be used.
    *
  • *
* *

If you wish to enable a different policy, perhaps to support additional custom {@code KeyOperation} values, * one can be created by using the {@link Jwks.OP#policy()} builder, or by implementing the * {@link KeyOperationPolicy} interface directly.

* * @param policy the policy that determines which {@link KeyOperation}s may be assigned to a JWK. * @return the builder for method chaining. * @throws IllegalArgumentException if {@code policy} is null */ T operationPolicy(KeyOperationPolicy policy) throws IllegalArgumentException; }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy