Package org.keycloak.sdjwt
Class SdJwtVerificationContext
java.lang.Object
org.keycloak.sdjwt.SdJwtVerificationContext
Runs SD-JWT verification in isolation with only essential properties.
- Author:
- Ingrid Kamga
-
Constructor Summary
ConstructorsConstructorDescriptionSdJwtVerificationContext(String sdJwtVpString, IssuerSignedJWT issuerSignedJwt, Map<String, String> disclosures, KeyBindingJWT keyBindingJwt) SdJwtVerificationContext(IssuerSignedJWT issuerSignedJwt, List<String> disclosureStrings) SdJwtVerificationContext(IssuerSignedJWT issuerSignedJwt, Map<String, String> disclosures) -
Method Summary
Modifier and TypeMethodDescriptionvoidverifyIssuance(List<SignatureVerifierContext> issuerVerifyingKeys, IssuerSignedJwtVerificationOpts issuerSignedJwtVerificationOpts, PresentationRequirements presentationRequirements) Verifies SD-JWT as to whether the Issuer-signed JWT's signature and disclosures are valid.voidverifyPresentation(List<SignatureVerifierContext> issuerVerifyingKeys, IssuerSignedJwtVerificationOpts issuerSignedJwtVerificationOpts, KeyBindingJwtVerificationOpts keyBindingJwtVerificationOpts, PresentationRequirements presentationRequirements) Verifies SD-JWT presentation.
-
Constructor Details
-
SdJwtVerificationContext
public SdJwtVerificationContext(String sdJwtVpString, IssuerSignedJWT issuerSignedJwt, Map<String, String> disclosures, KeyBindingJWT keyBindingJwt) -
SdJwtVerificationContext
-
SdJwtVerificationContext
-
-
Method Details
-
verifyIssuance
public void verifyIssuance(List<SignatureVerifierContext> issuerVerifyingKeys, IssuerSignedJwtVerificationOpts issuerSignedJwtVerificationOpts, PresentationRequirements presentationRequirements) throws VerificationException Verifies SD-JWT as to whether the Issuer-signed JWT's signature and disclosures are valid.Upon receiving an SD-JWT, a Holder or a Verifier needs to ensure that:
- the Issuer-signed JWT is valid, i.e., it is signed by the Issuer and the signature is valid, and - all Disclosures are valid and correspond to a respective digest value in the Issuer-signed JWT (directly in the payload or recursively included in the contents of other Disclosures).- Parameters:
issuerVerifyingKeys- Verifying keys for validating the Issuer-signed JWT. The caller is responsible for establishing trust in that the keys belong to the intended issuer.issuerSignedJwtVerificationOpts- Options to parameterize the Issuer-Signed JWT verification.presentationRequirements- If set, the presentation requirements will be enforced upon fully disclosing the Issuer-signed JWT during the verification.- Throws:
VerificationException- if verification failed
-
verifyPresentation
public void verifyPresentation(List<SignatureVerifierContext> issuerVerifyingKeys, IssuerSignedJwtVerificationOpts issuerSignedJwtVerificationOpts, KeyBindingJwtVerificationOpts keyBindingJwtVerificationOpts, PresentationRequirements presentationRequirements) throws VerificationException Verifies SD-JWT presentation.Upon receiving a Presentation, in addition to the checks in
verifyIssuance(java.util.List<org.keycloak.crypto.SignatureVerifierContext>, org.keycloak.sdjwt.IssuerSignedJwtVerificationOpts, org.keycloak.sdjwt.consumer.PresentationRequirements), Verifiers need to ensure that if Key Binding is required, the Key Binding JWT is signed by the Holder and valid.- Parameters:
issuerVerifyingKeys- Verifying keys for validating the Issuer-signed JWT. The caller is responsible for establishing trust in that the keys belong to the intended issuer.issuerSignedJwtVerificationOpts- Options to parameterize the Issuer-Signed JWT verification.keyBindingJwtVerificationOpts- Options to parameterize the Key Binding JWT verification. Must, among others, specify the Verifier's policy whether to check Key Binding.presentationRequirements- If set, the presentation requirements will be enforced upon fully disclosing the Issuer-signed JWT during the verification.- Throws:
VerificationException- if verification failed
-