PublicKeyOpenIdResolverImpl (OpenAM Server Only 6.5.5 Documentation)

Skip navigation links

OpenAM Server Only 6.5.5 Documentation

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- org.forgerock.oauth.resolvers.BaseOpenIdResolver
- - org.forgerock.oauth.resolvers.PublicKeyOpenIdResolverImpl

All Implemented Interfaces:

OpenIdResolver
```
public class PublicKeyOpenIdResolverImpl
extends BaseOpenIdResolver
```
This class exists to allow functionality for those Open ID Connect providers which supply their signatures through asymmetric key algorithms (e.g. RSA). In these cases we want to use a public key (usually retrieved from a Trust Store) to verify the signature.

Field Summary
- Fields inherited from interface org.forgerock.oauth.resolvers.OpenIdResolver
  CLIENT_SECRET_KEY, ISSUER_KEY, JWK, KEY_ALIAS_KEY, KEYSTORE_LOCATION_KEY, KEYSTORE_PASS_KEY, KEYSTORE_TYPE_KEY, WELL_KNOWN_CONFIGURATION

Constructor Summary

Constructors
Constructor and Description

PublicKeyOpenIdResolverImpl(String issuer, PublicKey key)
Constructor for PublicKeyOpenIdResolverImpl.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`validateIdentity(SignedJwt idClaim)` Validates the supplied Jwt against this OpenId Connect Idp.
`void`	`verifySignature(SignedJwt idClaim)` Verifies that the JWS was signed by the corresponding private key to this public key.

Methods inherited from class org.forgerock.oauth.resolvers.BaseOpenIdResolver
getIssuer

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - PublicKeyOpenIdResolverImpl
```
public PublicKeyOpenIdResolverImpl(String issuer,
                                   PublicKey key)
```
    Constructor for PublicKeyOpenIdResolverImpl.
    
    Parameters:
    
    issuer - The issuer (provider) of the Open Id Connect id token
    
    key - The public key, used to verify a private-key signed signature
- Method Detail
  - validateIdentity
```
public void validateIdentity(SignedJwt idClaim)
                      throws OpenIdConnectVerificationException
```
    Validates the supplied Jwt against this OpenId Connect Idp.
    
    Specified by:
    
    validateIdentity in interface OpenIdResolver
    
    Overrides:
    
    validateIdentity in class BaseOpenIdResolver
    
    Parameters:
    
    idClaim - The Jwt to test is authenticated from this issuer
    
    Throws:
    
    OpenIdConnectVerificationException - If the Jwt is unable to be verified
  - verifySignature
```
public void verifySignature(SignedJwt idClaim)
                     throws InvalidSignatureException
```
    Verifies that the JWS was signed by the corresponding private key to this public key.
    
    Parameters:
    
    idClaim - The JWS to verify
    
    Throws:
    
    InvalidSignatureException - If the JWS supplied does not match the key for this resolver

Skip navigation links

OpenAM Server Only 6.5.5 Documentation

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

Copyright © 2010-2018, ForgeRock All Rights Reserved.