multipaz/org.multipaz.webtoken

Package-level declarations

Types

Helper object to generate and validate short single-use unique values with expiration that are suitable for use as JWT nonce/challenge.

ChallengeInvalidException

class ChallengeInvalidException : Exception

Thrown when challenge or nonce claim in a web token is not valid or missing.

WebTokenCheck

enum WebTokenCheck : Enum<WebTokenCheck>

Defines a specific type of JWT validation.

WebTokenClaim

abstract class WebTokenClaim<T : Any>(val kType: KClass<T>, val strKey: String, val numKey: Long? = null, val header: Boolean = false)

Helper object to represent a web token (CWT or JWT) claim.

Properties

TAG

const val TAG: String

Functions

basicCertificateChainValidator

suspend fun basicCertificateChainValidator(certificateChain: X509CertChain, now: Instant): Boolean

Performs basic certificate chain validation.

buildCwt

suspend fun buildCwt(type: String, key: AsymmetricKey, protectedHeaders: Map<CoseLabel, DataItem> = mapOf(), unprotectedHeaders: Map<CoseLabel, DataItem> = mapOf(), creationTime: Instant = Clock.System.now(), expiresIn: Duration? = null, body: suspend MapBuilder<*>.() -> Unit): ByteArray

suspend fun buildCwt(type: DataItem, key: AsymmetricKey, protectedHeaders: Map<CoseLabel, DataItem> = mapOf(), unprotectedHeaders: Map<CoseLabel, DataItem> = mapOf(), creationTime: Instant = Clock.System.now(), expiresIn: Duration? = null, builderAction: suspend MapBuilder<*>.() -> Unit): ByteArray

Creates a CWT message signed with the given key.

buildJwt

suspend fun buildJwt(type: String, key: AsymmetricKey, header: suspend JsonObjectBuilder.() -> Unit = {}, creationTime: Instant = Clock.System.now(), expiresIn: Duration? = null, builderAction: suspend JsonObjectBuilder.() -> Unit): String

Creates a JWT message signed with the given key.

validateCwt

suspend fun validateCwt(cwt: ByteArray, cwtName: String, publicKey: EcPublicKey?, checks: Map<WebTokenCheck, String> = mapOf(), maxValidity: Duration = 10.hours, certificateChainValidator: suspend (chain: X509CertChain, atTime: Instant) -> Boolean? = null, clock: Clock = Clock.System): CborMap

General-purpose CWT validation using a set of built-in required checks (expiration and signature validity) and a set of optional checks specified in checks parameter.

validateJwt

suspend fun validateJwt(jwt: String, jwtName: String, publicKey: EcPublicKey? = null, checks: Map<WebTokenCheck, String> = mapOf(), maxValidity: Duration = 10.hours, certificateChainValidator: suspend (chain: X509CertChain, atTime: Instant) -> Boolean? = null, clock: Clock = Clock.System): JsonObject

General-purpose JWT validation using a set of built-in required checks (expiration and signature validity) and a set of optional checks specified in checks parameter.