Package com.google.crypto.tink.jwt

Class JwtRsaSsaPssParameters.KidStrategy

  • Enclosing class:
    JwtRsaSsaPssParameters
    @Immutable
public static final class JwtRsaSsaPssParameters.KidStrategy
extends java.lang.Object
    Specifies how the "kid" header is handled.

    • Field Detail

      • BASE64_ENCODED_KEY_ID

        public static final JwtRsaSsaPssParameters.KidStrategy BASE64_ENCODED_KEY_ID
        The "kid" is the URL safe (RFC 4648 Section 5) base64-encoded big-endian key_id in the keyset.

        In PublicKeySign#signAndEncode Tink always adds the KID.

        In PublicKeyVerify#verifyAndDecode Tink checks that the kid is present and equal to this value.

        This strategy is recommended by Tink.

      • IGNORED

        public static final JwtRsaSsaPssParameters.KidStrategy IGNORED
        The "kid" header is ignored.

        In PublicKeySign#signAndEncode Tink does not write a "kid" header.

        In PublicKeyVerify#verifyAndDecode Tink ignores the "kid" header.

      • CUSTOM

        public static final JwtRsaSsaPssParameters.KidStrategy CUSTOM
        The "kid" is fixed. It can be obtained from parameters.getCustomKid().

        In PublicKeySign#signAndEncode Tink writes the "kid" header to the value given by parameters.getCustomKid().

        In PublicKeyVerify#verifyAndDecode, if the kid is present, it needs to match parameters.getCustomKid(). If the kid is absent, it will be accepted.

        Note: Tink does not allow to randomly generate new JwtRsaSsaPssKey objects from parameters objects with KidStrategy equals to CUSTOM.

    • Method Detail

      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.lang.Object