So for the verifierPublicKey property value, there are 3 natural usecases:
Usage 1, the literal PEM encoded public key:
org.eclipse.microprofile.authentication.JWT.verifierPublicKey=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlivFI8qB4D0y2jy0CfEqFyy46R0o7S8TKpsx5xbHKoU1VWg6QkQm+ntyIv1p4kE1sPEQO73+HY8+Bzs75XwRTYL1BmR1w8J5hmjVWjc6R2BTBGAYRPFRhor3kpM6ni2SPmNNhurEAHw7TaqszP5eUF/F9+KEBWkwVta+PZ37bwqSE4sCb1soZFrVz/UT/LF4tYpuVYt3YbqToZ3pZOZ9AX2o1GCG3xwOjkc4x0W7ezbQZdC9iftPxVHR8irOijJRRjcPDtA6vPKpzLl6CyYnsIYPd99ltwxTHjr3npfv/3Lw50bAkbT4HeLFxTx4flEoZLKO/g0bAoV2uqBhkA9xnQIDAQAB
Usage 2, a classpath resource reference:
org.eclipse.microprofile.authentication.JWT.verifierPublicKey=/somepath/xzykey.pem
Usage 3, an external URL reference:
So I understand one can ask for the config property as a given type, but it is up to the user to choose how they want to encode the value, so the feature consuming the value has to try various types in some order. I have seen frameworks use a prefix to indicate the context for interpretation of a string value. For example:
org.eclipse.microprofile.authentication.JWT.verifierPublicKey=[raw]MIIBIjANBgkqhkiG9w0...
org.eclipse.microprofile.authentication.JWT.verifierPublicKey=[classpath]/somepath/xzykey.pem
org.eclipse.microprofile.authentication.JWT.verifierPublicKey=[url]http://somepath/xzykey.pem
The goal being, that I can write a custom config Converter like the following:
/**
* A custom configuration converter for {@linkplain PublicKey} injection using
* {@linkplain org.eclipse.microprofile.config.inject.ConfigProperty}
*/
public class PublicKeyConverter implements Converter<PublicKey> {
/**
* Converts a string to a PublicKey by loading it as a classpath resource
* @param value - the PEM encoded string value to convert
* @return the PublicKey loaded as a resource
* @throws IllegalArgumentException - on failure to load the key
*/
@Override
public PublicKey convert(String value) throws IllegalArgumentException {
PublicKey pk;
try {
pk = decodePublicKey(value);
}
catch (Exception e) {
IllegalArgumentException ex = new IllegalArgumentException("Failed to parse: "+value);
ex.initCause(e);
throw ex;
}
return pk;
}
}
that does not have to deal with the details of how the value argument was specified in a given config source. The converter just gets the raw PEM encoded string. Make sense?