JwtVcMetadataTrustedSdJwtIssuer (Keycloak Docs Distribution 999.0.0-SNAPSHOT API)

java.lang.Object

org.keycloak.sdjwt.consumer.JwtVcMetadataTrustedSdJwtIssuer

All Implemented Interfaces:: TrustedSdJwtIssuer

public class JwtVcMetadataTrustedSdJwtIssuer extends Object implements TrustedSdJwtIssuer

A trusted Issuer for running SD-JWT VP verification.

This implementation targets issuers exposing verifying keys on a normalized JWT VC Issuer metadata endpoint.

Author:

See Also:

JWT VC Issuer Metadata

Constructor Summary

Constructors

Constructor

Description

JwtVcMetadataTrustedSdJwtIssuer(String issuerUri, HttpDataFetcher httpDataFetcher)

JwtVcMetadataTrustedSdJwtIssuer(Pattern issuerUriPattern, HttpDataFetcher httpDataFetcher)
Method Summary

Modifier and Type

Method

Description

List<SignatureVerifierContext>

resolveIssuerVerifyingKeys(IssuerSignedJWT issuerSignedJWT)

Resolves potential verifying keys to validate the Issuer-signed JWT.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- JwtVcMetadataTrustedSdJwtIssuer
  
  public JwtVcMetadataTrustedSdJwtIssuer(String issuerUri, HttpDataFetcher httpDataFetcher)
  
  Parameters:
  
  issuerUri - a trusted issuer URI
- JwtVcMetadataTrustedSdJwtIssuer
  
  public JwtVcMetadataTrustedSdJwtIssuer(Pattern issuerUriPattern, HttpDataFetcher httpDataFetcher)
  
  Parameters:
  
  issuerUriPattern - a regex pattern for trusted issuer URIs
Method Details
- resolveIssuerVerifyingKeys
  
  public List<SignatureVerifierContext> resolveIssuerVerifyingKeys(IssuerSignedJWT issuerSignedJWT) throws VerificationException
  
  Description copied from interface: TrustedSdJwtIssuer
  
  Resolves potential verifying keys to validate the Issuer-signed JWT. The method ensures that the resolved public keys can be trusted.
  
  Specified by:
  
  resolveIssuerVerifyingKeys in interface TrustedSdJwtIssuer
  
  Parameters:
  
  issuerSignedJWT - The Issuer-signed JWT to validate.
  
  Returns:
  
  trusted verifying keys
  
  Throws:
  
  VerificationException - if no trustworthy verifying key could be resolved