com.sap.cloud.security.token.validation.validators

Class OAuth2TokenKeyServiceWithCache

java.lang.Object

com.sap.cloud.security.token.validation.validators.OAuth2TokenKeyServiceWithCache

public class OAuth2TokenKeyServiceWithCache
extends Object

Decorates OAuth2TokenKeyService with a cache, which gets looked up before the identity service is requested via http.

Method Summary

Modifier and Type	Method and Description
void	clearCache()
static OAuth2TokenKeyServiceWithCache	getInstance() Creates a new instance.
PublicKey	getPublicKey(JwtSignatureAlgorithm keyAlgorithm, String keyId, URI keyUri) Returns the cached key by id and type or requests the keys from the jwks URI of the identity service.
static String	getUniqueCacheKey(JwtSignatureAlgorithm keyAlgorithm, String keyId, URI jwksUri)
OAuth2TokenKeyServiceWithCache	withCacheSize(int size) Caches the Json web keys.
OAuth2TokenKeyServiceWithCache	withCacheTime(int timeInSeconds) Caches the Json web keys.
OAuth2TokenKeyServiceWithCache	withTokenKeyService(OAuth2TokenKeyService tokenKeyService) Overwrites the service to be used to request the Json web keys.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getInstance

public static OAuth2TokenKeyServiceWithCache getInstance()

Creates a new instance.

Returns:

the new instance.

withCacheTime

public OAuth2TokenKeyServiceWithCache withCacheTime(int timeInSeconds)

Caches the Json web keys. Overwrite the cache time (default: 900 seconds).

Parameters:

timeInSeconds - time to cache the signing keys

Returns:

this

withCacheSize

public OAuth2TokenKeyServiceWithCache withCacheSize(int size)

Caches the Json web keys. Overwrite the size of the cache (default: 100).

Parameters:

size - number of cached json web keys.

Returns:

this

withTokenKeyService

public OAuth2TokenKeyServiceWithCache withTokenKeyService(OAuth2TokenKeyService tokenKeyService)

Overwrites the service to be used to request the Json web keys.

Parameters:

tokenKeyService - the service to request the json web key set.

Returns:

this

getPublicKey

@Nullable
public PublicKey getPublicKey(JwtSignatureAlgorithm keyAlgorithm,
                                        String keyId,
                                        URI keyUri)
                                 throws OAuth2ServiceException,
                                        InvalidKeySpecException,
                                        NoSuchAlgorithmException

Returns the cached key by id and type or requests the keys from the jwks URI of the identity service.

Parameters:

keyAlgorithm - the Key Algorithm of the Access Token.

keyId - the Key Id of the Access Token.

keyUri - the Token Key Uri (jwks) of the Access Token (can be tenant specific).

Returns:

a PublicKey

Throws:

OAuth2ServiceException - in case the call to the jwks endpoint of the identity service failed.

InvalidKeySpecException - in case the PublicKey generation for the json web key failed.

NoSuchAlgorithmException - in case the algorithm of the json web key is not supported.

clearCache

public void clearCache()

getUniqueCacheKey

public static String getUniqueCacheKey(JwtSignatureAlgorithm keyAlgorithm,
                                       String keyId,
                                       URI jwksUri)