public class JsonWebSignature extends JsonWebToken
Sample usage:
public static void printPayload(JsonFactory jsonFactory, String tokenString) throws IOException { JsonWebSignature jws = JsonWebSignature.parse(jsonFactory, tokenString); System.out.println(jws.getPayload()); }
Implementation is not thread-safe.
Static Methods
parse(JsonFactory jsonFactory, String tokenString)
public static JsonWebSignature parse(JsonFactory jsonFactory, String tokenString)Parses the given JWS token string and returns the parsed JsonWebSignature.
| Parameters | |
|---|---|
| Name | Description |
jsonFactory |
JsonFactoryJSON factory |
tokenString |
StringJWS token string |
| Returns | |
|---|---|
| Type | Description |
JsonWebSignature |
parsed JWS |
| Exceptions | |
|---|---|
| Type | Description |
IOException |
|
parser(JsonFactory jsonFactory)
public static JsonWebSignature.Parser parser(JsonFactory jsonFactory)Returns a new instance of a JWS parser.
| Parameter | |
|---|---|
| Name | Description |
jsonFactory |
JsonFactory |
| Returns | |
|---|---|
| Type | Description |
JsonWebSignature.Parser |
|
signUsingRsaSha256(PrivateKey privateKey, JsonFactory jsonFactory, JsonWebSignature.Header header, JsonWebToken.Payload payload)
public static String signUsingRsaSha256(PrivateKey privateKey, JsonFactory jsonFactory, JsonWebSignature.Header header, JsonWebToken.Payload payload)Signs a given JWS header and payload based on the given private key using RSA and SHA-256 as described in JWS using RSA SHA-256.
| Parameters | |
|---|---|
| Name | Description |
privateKey |
PrivateKeyprivate key |
jsonFactory |
JsonFactoryJSON factory |
header |
JsonWebSignature.HeaderJWS header |
payload |
JsonWebToken.PayloadJWS payload |
| Returns | |
|---|---|
| Type | Description |
String |
signed JWS string |
| Exceptions | |
|---|---|
| Type | Description |
GeneralSecurityException |
|
IOException |
|
Constructors
JsonWebSignature(JsonWebSignature.Header header, JsonWebToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)
public JsonWebSignature(JsonWebSignature.Header header, JsonWebToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)| Parameters | |
|---|---|
| Name | Description |
header |
JsonWebSignature.Headerheader |
payload |
JsonWebToken.Payloadpayload |
signatureBytes |
byte[]bytes of the signature |
signedContentBytes |
byte[]bytes of the signed content |
Methods
getHeader()
public JsonWebSignature.Header getHeader()Returns the header.
Overriding is only supported for the purpose of calling the super implementation and changing the return type, but nothing else.
| Returns | |
|---|---|
| Type | Description |
JsonWebSignature.Header |
|
getSignatureBytes()
public final byte[] getSignatureBytes()Returns the bytes of the signature.
| Returns | |
|---|---|
| Type | Description |
byte[] |
|
getSignedContentBytes()
public final byte[] getSignedContentBytes()Returns the bytes of the signature content.
| Returns | |
|---|---|
| Type | Description |
byte[] |
|
verifySignature()
public final X509Certificate verifySignature()Beta
Verifies the signature of the content using the certificate chain embedded in the signature.
Currently only "RS256" algorithm is verified, but others may be added in the future.
For any other algorithm it returns null.
The certificate chain is verified using the system default trust manager.
The leaf certificate of the certificate chain must be an SSL server certificate.
| Returns | |
|---|---|
| Type | Description |
X509Certificate |
the signature certificate if the signature could be verified, null otherwise |
| Exceptions | |
|---|---|
| Type | Description |
GeneralSecurityException |
|
verifySignature(PublicKey publicKey)
public final boolean verifySignature(PublicKey publicKey)Verifies the signature of the content.
Currently only "RS256" and "ES256" algorithms are verified, but others may
be added in the future. For any other algorithm it returns false.
| Parameter | |
|---|---|
| Name | Description |
publicKey |
PublicKeypublic key |
| Returns | |
|---|---|
| Type | Description |
boolean |
whether the algorithm is recognized and it is verified |
| Exceptions | |
|---|---|
| Type | Description |
GeneralSecurityException |
|
verifySignature(X509TrustManager trustManager)
public final X509Certificate verifySignature(X509TrustManager trustManager)Beta
Verifies the signature of the content using the certificate chain embedded in the signature.
Currently only "RS256" and "ES256" algorithms are verified, but others may
be added in the future. For any other algorithm it returns null.
The leaf certificate of the certificate chain must be an SSL server certificate.
| Parameter | |
|---|---|
| Name | Description |
trustManager |
X509TrustManagertrust manager used to verify the X509 certificate chain embedded in this message |
| Returns | |
|---|---|
| Type | Description |
X509Certificate |
the signature certificate if the signature could be verified, null otherwise |
| Exceptions | |
|---|---|
| Type | Description |
GeneralSecurityException |
|