Class JsonWebSignature

public class JsonWebSignature extends JsonWebToken

JSON Web Signature(JWS).

Sample usage:

public static void printPayload(JsonFactory jsonFactory, String tokenString) throws IOException { JsonWebSignature jws = JsonWebSignature.parse(jsonFactory, tokenString); System.out.println(jws.getPayload()); }

Implementation is not thread-safe.

Inheritance

java.lang.Object > JsonWebToken > JsonWebSignature

Static Methods

parse(JsonFactory jsonFactory, String tokenString)

public static JsonWebSignature parse(JsonFactory jsonFactory, String tokenString)

Parses the given JWS token string and returns the parsed JsonWebSignature.

Parameters
NameDescription
jsonFactoryJsonFactory

JSON factory

tokenStringString

JWS token string

Returns
TypeDescription
JsonWebSignature

parsed JWS

Exceptions
TypeDescription
IOException

parser(JsonFactory jsonFactory)

public static JsonWebSignature.Parser parser(JsonFactory jsonFactory)

Returns a new instance of a JWS parser.

Parameter
NameDescription
jsonFactoryJsonFactory
Returns
TypeDescription
JsonWebSignature.Parser

signUsingRsaSha256(PrivateKey privateKey, JsonFactory jsonFactory, JsonWebSignature.Header header, JsonWebToken.Payload payload)

public static String signUsingRsaSha256(PrivateKey privateKey, JsonFactory jsonFactory, JsonWebSignature.Header header, JsonWebToken.Payload payload)

Signs a given JWS header and payload based on the given private key using RSA and SHA-256 as described in JWS using RSA SHA-256.

Parameters
NameDescription
privateKeyPrivateKey

private key

jsonFactoryJsonFactory

JSON factory

headerJsonWebSignature.Header

JWS header

payloadJsonWebToken.Payload

JWS payload

Returns
TypeDescription
String

signed JWS string

Exceptions
TypeDescription
GeneralSecurityException
IOException

Constructors

JsonWebSignature(JsonWebSignature.Header header, JsonWebToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)

public JsonWebSignature(JsonWebSignature.Header header, JsonWebToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)
Parameters
NameDescription
headerJsonWebSignature.Header

header

payloadJsonWebToken.Payload

payload

signatureBytesbyte[]

bytes of the signature

signedContentBytesbyte[]

bytes of the signed content

Methods

getHeader()

public JsonWebSignature.Header getHeader()

Returns the header.

Overriding is only supported for the purpose of calling the super implementation and changing the return type, but nothing else.

Returns
TypeDescription
JsonWebSignature.Header
Overrides

getSignatureBytes()

public final byte[] getSignatureBytes()

Returns the bytes of the signature.

Returns
TypeDescription
byte[]

getSignedContentBytes()

public final byte[] getSignedContentBytes()

Returns the bytes of the signature content.

Returns
TypeDescription
byte[]

verifySignature()

public final X509Certificate verifySignature()

Beta
Verifies the signature of the content using the certificate chain embedded in the signature.

Currently only "RS256" algorithm is verified, but others may be added in the future. For any other algorithm it returns null.

The certificate chain is verified using the system default trust manager.

The leaf certificate of the certificate chain must be an SSL server certificate.

Returns
TypeDescription
X509Certificate

the signature certificate if the signature could be verified, null otherwise

Exceptions
TypeDescription
GeneralSecurityException

verifySignature(PublicKey publicKey)

public final boolean verifySignature(PublicKey publicKey)

Verifies the signature of the content.

Currently only "RS256" and "ES256" algorithms are verified, but others may be added in the future. For any other algorithm it returns false.

Parameter
NameDescription
publicKeyPublicKey

public key

Returns
TypeDescription
boolean

whether the algorithm is recognized and it is verified

Exceptions
TypeDescription
GeneralSecurityException

verifySignature(X509TrustManager trustManager)

public final X509Certificate verifySignature(X509TrustManager trustManager)

Beta
Verifies the signature of the content using the certificate chain embedded in the signature.

Currently only "RS256" and "ES256" algorithms are verified, but others may be added in the future. For any other algorithm it returns null.

The leaf certificate of the certificate chain must be an SSL server certificate.

Parameter
NameDescription
trustManagerX509TrustManager

trust manager used to verify the X509 certificate chain embedded in this message

Returns
TypeDescription
X509Certificate

the signature certificate if the signature could be verified, null otherwise

Exceptions
TypeDescription
GeneralSecurityException