com.truelayer.signing

Class Verifier

java.lang.Object

com.truelayer.signing.Verifier

public abstract class Verifier
extends java.lang.Object

Builder to verify a request against a `Tl-Signature` header using a public key.

Field Summary

Fields

Modifier and Type	Field and Description
protected byte[]	body
protected java.util.LinkedHashMap<com.truelayer.signing.HeaderName,java.lang.String>	headers
protected java.lang.String	method
protected java.lang.String	path
protected java.util.HashSet<java.lang.String>	requiredHeaders

Constructor Summary

Constructors

Constructor and Description
Verifier()

Method Summary

Modifier and Type	Method and Description
Verifier	body(byte[] body) Add the full unmodified request body.
Verifier	body(java.lang.String body) Add the full unmodified request body.
static java.lang.String	extractJku(java.lang.String tlSignature) Extract jku (JSON Web Key URL) from unverified jws Tl-Signature.
static Verifier	from(byte[] publicKeyPem) Start building a `Tl-Signature` header verifier using public key RFC 7468 PEM-encoded data.
static Verifier	from(java.security.interfaces.ECPublicKey publicKeyPem) Start building a `Tl-Signature` header verifier using public key RFC 7468 PEM-encoded data.
static Verifier	from(java.lang.String publicKeyPem) Start building a `Tl-Signature` header verifier using public key RFC 7468 PEM-encoded data.
Verifier	header(java.lang.String name, java.lang.String value) Add a header name and value.
Verifier	headers(java.util.Map<java.lang.String,java.lang.String> headers) Add a Map of headers.
Verifier	method(java.lang.String method) Add the request method.
Verifier	path(java.lang.String path) Add the request absolute path starting with a leading `/` and without any trailing slashes.
Verifier	requiredHeader(java.lang.String name) Require a header name that must be included in the `Tl-Signature`.
protected java.util.Map<com.truelayer.signing.HeaderName,java.lang.String>	validateSignatureHeader(com.nimbusds.jose.JWSHeader jwsHeader)
abstract void	verify(java.lang.String signature) Verify the given `Tl-Signature` header value.
static Verifier	verifyWithJwks(java.lang.String jwks) Start building a `Tl-Signature` header verifier using public key JWKs JSON response data.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

method

protected java.lang.String method

path

protected java.lang.String path

body

protected byte[] body

headers

protected final java.util.LinkedHashMap<com.truelayer.signing.HeaderName,java.lang.String> headers

requiredHeaders

protected final java.util.HashSet<java.lang.String> requiredHeaders

Constructor Detail

Verifier

public Verifier()

Method Detail

extractJku

public static java.lang.String extractJku(java.lang.String tlSignature)

Extract jku (JSON Web Key URL) from unverified jws Tl-Signature. Used in webhook signatures providing the public key jwk url.

Parameters:

tlSignature - unverified jws Tl-Signature

Returns:

jku (JSON Web Key URL)

Throws:

SignatureException - if the signature is invalid

method

public Verifier method(java.lang.String method)

Add the request method.

Parameters:

method - - the request method must be non null

Returns:

the Verifier instance

Throws:

java.lang.IllegalArgumentException - if the provided param is null

path

public Verifier path(java.lang.String path)

Add the request absolute path starting with a leading `/` and without any trailing slashes.

Parameters:

path - - the request absolute path must not be null

Returns:

the Verifier instance

Throws:

java.lang.IllegalArgumentException - if the provided param is null or invalid

body

public Verifier body(byte[] body)

Add the full unmodified request body.

Parameters:

body - - the full request body must not be null

Returns:

the Verifier instance

Throws:

java.lang.IllegalArgumentException - if the provided param is null

body

public Verifier body(java.lang.String body)

Add the full unmodified request body.

Parameters:

body - - the full request body must not be null

Returns:

the Verifier instance

Throws:

java.lang.IllegalArgumentException - if the provided param is null

headers

public Verifier headers(java.util.Map<java.lang.String,java.lang.String> headers)

Add a Map of headers. Warning: Only a single value per header name is supported.

Parameters:

headers - - must not be null

Returns:

the Verifier instance

Throws:

java.lang.IllegalArgumentException - if the provided params are null

header

public Verifier header(java.lang.String name,
                       java.lang.String value)

Add a header name and value. May be called multiple times to add multiple different headers. Warning: Only a single value per header name is supported.

Parameters:

name - - must not be null

value - - must not be null

Returns:

the Verifier instance

Throws:

java.lang.IllegalArgumentException - if the provided param is null

requiredHeader

public Verifier requiredHeader(java.lang.String name)

Require a header name that must be included in the `Tl-Signature`. May be called multiple times to add multiple required headers.

Parameters:

name - - must not be null

Returns:

the Verifier instance

Throws:

java.lang.IllegalArgumentException - if the provided param is null

from

public static Verifier from(byte[] publicKeyPem)

Start building a `Tl-Signature` header verifier using public key RFC 7468 PEM-encoded data.

Parameters:

publicKeyPem - the public key 7468 PEM-encoded data - must not be null

Returns:

the Verifier instance

Throws:

KeyException - it the provided key is invalid

java.lang.IllegalArgumentException - if the provided param is null

from

public static Verifier from(java.lang.String publicKeyPem)

Start building a `Tl-Signature` header verifier using public key RFC 7468 PEM-encoded data.

Parameters:

publicKeyPem - the public key 7468 PEM-encoded data - must not be null

Returns:

the Verifier instance

Throws:

KeyException - it the provided key is invalid

java.lang.IllegalArgumentException - if the provided param is null

from

public static Verifier from(java.security.interfaces.ECPublicKey publicKeyPem)

Start building a `Tl-Signature` header verifier using public key RFC 7468 PEM-encoded data.

Parameters:

publicKeyPem - the public key 7468 PEM-encoded data - must not be null

Returns:

the Verifier instance

Throws:

KeyException - it the provided key is invalid

java.lang.IllegalArgumentException - if the provided param is null

verifyWithJwks

public static Verifier verifyWithJwks(java.lang.String jwks)

Start building a `Tl-Signature` header verifier using public key JWKs JSON response data.

Parameters:

jwks - public key JWKs JSON response data

Returns:

the Verifier instance

Throws:

SignatureException - if the provided jwks is invalid

verify

public abstract void verify(java.lang.String signature)

Verify the given `Tl-Signature` header value.

Parameters:

signature - the given `TL-signature`

Throws:

SignatureException - if Signature is invalid

validateSignatureHeader

protected java.util.Map<com.truelayer.signing.HeaderName,java.lang.String> validateSignatureHeader(com.nimbusds.jose.JWSHeader jwsHeader)