Package org.keycloak.sdjwt
Class SdJwtVerificationContext
java.lang.Object
org.keycloak.sdjwt.SdJwtVerificationContext
Runs SD-JWT verification in isolation with only essential properties.
- Author:
- Ingrid Kamga
-
Constructor Summary
ConstructorsConstructorDescriptionSdJwtVerificationContext(String sdJwtVpString, IssuerSignedJWT issuerSignedJwt, Map<String, String> disclosures, KeyBindingJWT keyBindingJwt) SdJwtVerificationContext(IssuerSignedJWT issuerSignedJwt, List<String> disclosureStrings) SdJwtVerificationContext(IssuerSignedJWT issuerSignedJwt, Map<String, String> disclosures) -
Method Summary
Modifier and TypeMethodDescriptionvoidverifyIssuance(IssuerSignedJwtVerificationOpts issuerSignedJwtVerificationOpts) Verifies SD-JWT as to whether the Issuer-signed JWT's signature and disclosures are valid.voidverifyPresentation(IssuerSignedJwtVerificationOpts issuerSignedJwtVerificationOpts, KeyBindingJwtVerificationOpts keyBindingJwtVerificationOpts) Verifies SD-JWT presentation.
-
Constructor Details
-
SdJwtVerificationContext
public SdJwtVerificationContext(String sdJwtVpString, IssuerSignedJWT issuerSignedJwt, Map<String, String> disclosures, KeyBindingJWT keyBindingJwt) -
SdJwtVerificationContext
-
SdJwtVerificationContext
-
-
Method Details
-
verifyIssuance
public void verifyIssuance(IssuerSignedJwtVerificationOpts issuerSignedJwtVerificationOpts) throws VerificationException Verifies SD-JWT as to whether the Issuer-signed JWT's signature and disclosures are valid.Upon receiving an SD-JWT, a Holder or a Verifier needs to ensure that:
- the Issuer-signed JWT is valid, i.e., it is signed by the Issuer and the signature is valid, and - all Disclosures are valid and correspond to a respective digest value in the Issuer-signed JWT (directly in the payload or recursively included in the contents of other Disclosures).- Parameters:
issuerSignedJwtVerificationOpts- Options to parameterize the Issuer-Signed JWT verification. A verifier must be specified for validating the Issuer-signed JWT. The caller is responsible for establishing trust in that associated public keys belong to the intended issuer.- Throws:
VerificationException- if verification failed
-
verifyPresentation
public void verifyPresentation(IssuerSignedJwtVerificationOpts issuerSignedJwtVerificationOpts, KeyBindingJwtVerificationOpts keyBindingJwtVerificationOpts) throws VerificationException Verifies SD-JWT presentation.Upon receiving a Presentation, in addition to the checks in
verifyIssuance(org.keycloak.sdjwt.IssuerSignedJwtVerificationOpts), Verifiers need to ensure that if Key Binding is required, the Key Binding JWT is signed by the Holder and valid.- Parameters:
issuerSignedJwtVerificationOpts- Options to parameterize the Issuer-Signed JWT verification. A verifier must be specified for validating the Issuer-signed JWT. The caller is responsible for establishing trust in that associated public keys belong to the intended issuer.keyBindingJwtVerificationOpts- Options to parameterize the Key Binding JWT verification. Must, among others, specify the Verifier's policy whether to check Key Binding.- Throws:
VerificationException- if verification failed
-