io.quarkus.oidc.TokenCertificateValidator Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of quarkus-oidc Show documentation

Secure your applications with OpenID Connect Adapter and IDP such as Keycloak

There is a newer version: 3.17.5

package io.quarkus.oidc;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;

/**
 * TokenCertificateValidator can be used to verify X509 certificate chain
 * that is inlined in the JWT token as a 'x5c' header value.
 *
 * Use {@link TenantFeature} qualifier to bind this validator to specific OIDC tenants.
 */
public interface TokenCertificateValidator {
    /**
     * Validate X509 certificate chain
     *
     * @param oidcConfig current OIDC tenant configuration.
     * @param chain the certificate chain. The first element in the list is a leaf certificate, the last element - the root
     *        certificate.
     * @param tokenClaims the decoded JWT token claims in JSON format. If necessary, implementations can convert it to JSON
     *        object.
     * @throws {@link CertificateException} if the certificate chain validation has failed.
     */
    void validate(OidcTenantConfig oidcConfig, List chain, String tokenClaims) throws CertificateException;
}