java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
  - - net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
    - - net.shibboleth.oidc.jwk.RemoteJwkSetCache

All Implemented Interfaces:

Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent
```
public class RemoteJwkSetCache
extends AbstractIdentifiableInitializableComponent
```
Stores fetched remote key set values for a desired period of time.

Field Summary

Fields
Modifier and Type	Field	Description
`static String`	`CONTEXT_NAME`	The context name in the `StorageService`.
`private org.apache.http.client.HttpClient`	`httpClient`	The `HttpClient` to use.
`private HttpClientSecurityParameters`	`httpClientSecurityParameters`	HTTP client security parameters.
`private org.slf4j.Logger`	`log`	Logger.
`private StorageService`	`storage`	Backing storage for the remote JWK set contents.

Constructor Summary

Constructors
Constructor Description

RemoteJwkSetCache()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`doInitialize()`
`com.nimbusds.jose.jwk.JWKSet`	`fetch(String context, URI uri, String keyId, Instant expires)`	Returns remote JWK set if found from the cache, otherwise fetches and stores it.
`com.nimbusds.jose.jwk.JWKSet`	`fetch(String context, URI uri, Instant expires)`	Returns remote JWK set if found from the cache, otherwise fetches and stores it.
`com.nimbusds.jose.jwk.JWKSet`	`fetch(URI uri, String keyId, Instant expires)`	Returns remote JWK set if found from the cache, otherwise fetches and stores it.
`com.nimbusds.jose.jwk.JWKSet`	`fetch(URI uri, Instant expires)`	Returns remote JWK set if found from the cache, otherwise fetches and stores it.
`private com.nimbusds.jose.jwk.JWKSet`	`fetchAndStore(String context, String cacheKey, URI uri, Instant expires)`	Fetches the remote JWK set from the given URI and stores it in the storage service.
`StorageService`	`getStorage()`	Get the backing store for the remote JWK set contents.
`void`	`setHttpClient(org.apache.http.client.HttpClient client)`	Set the `HttpClient` to use.
`void`	`setHttpClientSecurityParameters(HttpClientSecurityParameters params)`	Set the optional client security parameters.
`void`	`setStorage(StorageService storageService)`	Set the backing store for the remote JWK set contents.

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
setId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
getId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent
getId

Field Detail

CONTEXT_NAME
```
public static final String CONTEXT_NAME
```
The context name in the StorageService.

See Also:

Constant Field Values

log
```
private final org.slf4j.Logger log
```
Logger.

storage
```
private StorageService storage
```
Backing storage for the remote JWK set contents.

httpClient

@NonnullAfterInit
private org.apache.http.client.HttpClient httpClient

The HttpClient to use.

httpClientSecurityParameters

@Nullable
private HttpClientSecurityParameters httpClientSecurityParameters

HTTP client security parameters.

Constructor Detail
- RemoteJwkSetCache
```
public RemoteJwkSetCache()
```

Method Detail

getStorage
```
@NonnullAfterInit
public StorageService getStorage()
```
Get the backing store for the remote JWK set contents.

Returns:

the backing store.

setStorage

public void setStorage(@Nonnull
                       StorageService storageService)

Set the backing store for the remote JWK set contents.

Parameters:: storageService - backing store to use

setHttpClient

public void setHttpClient(@Nonnull
                          org.apache.http.client.HttpClient client)

Set the HttpClient to use.

Parameters:: client - client to use

setHttpClientSecurityParameters

public void setHttpClientSecurityParameters(@Nullable
                                            HttpClientSecurityParameters params)

Set the optional client security parameters.

Parameters:: params - the new client security parameters

doInitialize
```
public void doInitialize()
                  throws ComponentInitializationException
```
Overrides:

doInitialize in class AbstractIdentifiedInitializableComponent

Throws:

ComponentInitializationException

fetch
```
public com.nimbusds.jose.jwk.JWKSet fetch(@Nonnull
                                          URI uri,
                                          @Nonnull
                                          String keyId,
                                          @Nonnull
                                          Instant expires)
```
Returns remote JWK set if found from the cache, otherwise fetches and stores it. If the JWK set is from the cache check it contains the keyId and if not, refresh the JWK set in the cache. Uses the default CONTEXT_NAME. Delegates to fetch(String, URI, String, Instant) for the actual implementation.

Parameters:

uri - value to check

keyId - the identifier of the key to check exists in a cached version of the keyset document

expires - time for disposal of value from cache

Returns:

JWK set, null if not found from the cache and cannot be fetched.

Since:

2.2.0

fetch

public com.nimbusds.jose.jwk.JWKSet fetch(@Nonnull
                                          URI uri,
                                          @Nonnull
                                          Instant expires)

Returns remote JWK set if found from the cache, otherwise fetches and stores it.

Parameters:: uri - value to check; expires - time for disposal of value from cache
Returns:: JWK set, null if not found from the cache and cannot be fetched.

fetch

@Nullable
public com.nimbusds.jose.jwk.JWKSet fetch(@Nonnull @NotEmpty
                                          String context,
                                          @Nonnull
                                          URI uri,
                                          @Nonnull
                                          Instant expires)

Returns remote JWK set if found from the cache, otherwise fetches and stores it.

Parameters:: context - a context label to subdivide the cache; uri - value to check; expires - time (in milliseconds since beginning of epoch) for disposal of value from cache
Returns:: JWK set, null if not found from the cache and cannot be fetched.

fetchAndStore

@Nullable
private com.nimbusds.jose.jwk.JWKSet fetchAndStore(@Nonnull @NotEmpty
                                                   String context,
                                                   @Nonnull
                                                   String cacheKey,
                                                   @Nonnull
                                                   URI uri,
                                                   @Nonnull
                                                   Instant expires)

Fetches the remote JWK set from the given URI and stores it in the storage service.

Parameters:: context - a context label to subdivide the cache; cacheKey - the key to store the JWK set under in the storage service; uri - value to fetch the JWK set from; expires - time (in milliseconds since beginning of epoch) for disposal of value from cache
Returns:: the JWK set document if fetched successfully, null otherwise.
Since:: 2.2.0

fetch
```
@Nullable
public com.nimbusds.jose.jwk.JWKSet fetch(@Nonnull @NotEmpty
                                          String context,
                                          @Nonnull
                                          URI uri,
                                          @Nonnull
                                          String keyId,
                                          @Nonnull
                                          Instant expires)
```
Returns remote JWK set if found from the cache, otherwise fetches and stores it. If the JWK set is retrieved from the cache, checks it contains the JWK keyId input, if not it re-fetches the JWK set even if the set has not expired. This allows keys to be returned when the JWK Set has been updated but has not yet expired e.g. during key rotation.

Parameters:

context - a context label to subdivide the cache

uri - value to check

keyId - the identifier of the key to check exists in a cached version of the keyset document

expires - time (in milliseconds since beginning of epoch) for disposal of value from cache

Returns:

JWK set, null if not found from the cache and cannot be fetched.

Since:

2.2.0

Class RemoteJwkSetCache

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

Field Detail

CONTEXT_NAME

log

storage

httpClient

httpClientSecurityParameters

Constructor Detail

RemoteJwkSetCache

Method Detail

getStorage

setStorage

setHttpClient

setHttpClientSecurityParameters

doInitialize

fetch

fetch

fetch

fetchAndStore

fetch