JwtX5tValidator (java-security 2.14.2 API)

java.lang.Object
- com.sap.cloud.security.token.validation.validators.JwtX5tValidator

All Implemented Interfaces:

Validator<Token>
```
public class JwtX5tValidator
extends Object
implements Validator<Token>
```
Validates if the jwt access token is intended for the OAuth2 client of this application, in certificate based authentication scenario. The cnf claim provides the SHA-256 thumbprint of the X.509 certificate information, this information needs to match the thumbprint of the provided certificate.
Validates whether there 'cnf' thumbprint value matches with the X509 certificate from the request. Validator is by default disabled. It can be activated by setting environment variable 'X5T_VALIDATOR_ENABLED' to true.

Constructor Summary

Constructors
Constructor Description

JwtX5tValidator(OAuth2ServiceConfiguration config)

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`ValidationResult`	`validate(Token token)`	Validates the cnf thumbprint of X509 certificate against trusted certificate's thumbprint.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - JwtX5tValidator
```
public JwtX5tValidator(OAuth2ServiceConfiguration config)
```
- Method Detail
  - validate
```
public ValidationResult validate(Token token)
```
    Validates the cnf thumbprint of X509 certificate against trusted certificate's thumbprint. In case audience contains only a single value, thumbprint comparison is not performed and request is validated. To guarantee that this single audience is trusted, use this validator in combination with JwtAudienceValidator
    
    Specified by:
    
    validate in interface Validator<Token>
    
    Parameters:
    
    token - token to be validated
    
    Returns:
    
    validation result. Result is valid when both thumbprints match in case of multiple audiences.