Class JsonWebSignature (1.45.0)

public class JsonWebSignature extends JsonWebToken

JSON Web Signature(JWS).

Sample usage:

public static void printPayload(JsonFactory jsonFactory, String tokenString) throws IOException { JsonWebSignature jws = JsonWebSignature.parse(jsonFactory, tokenString); System.out.println(jws.getPayload()); }

Implementation is not thread-safe.

Inheritance

java.lang.Object > JsonWebToken > JsonWebSignature

Static Methods

parse(JsonFactory jsonFactory, String tokenString)

public static JsonWebSignature parse(JsonFactory jsonFactory, String tokenString)

Parses the given JWS token string and returns the parsed JsonWebSignature.

Parameters
Name Description
jsonFactory JsonFactory

JSON factory

tokenString String

JWS token string

Returns
Type Description
JsonWebSignature

parsed JWS

Exceptions
Type Description
IOException

parser(JsonFactory jsonFactory)

public static JsonWebSignature.Parser parser(JsonFactory jsonFactory)

Returns a new instance of a JWS parser.

Parameter
Name Description
jsonFactory JsonFactory
Returns
Type Description
JsonWebSignature.Parser

signUsingRsaSha256(PrivateKey privateKey, JsonFactory jsonFactory, JsonWebSignature.Header header, JsonWebToken.Payload payload)

public static String signUsingRsaSha256(PrivateKey privateKey, JsonFactory jsonFactory, JsonWebSignature.Header header, JsonWebToken.Payload payload)

Signs a given JWS header and payload based on the given private key using RSA and SHA-256 as described in JWS using RSA SHA-256.

Parameters
Name Description
privateKey PrivateKey

private key

jsonFactory JsonFactory

JSON factory

header JsonWebSignature.Header

JWS header

payload JsonWebToken.Payload

JWS payload

Returns
Type Description
String

signed JWS string

Exceptions
Type Description
GeneralSecurityException
IOException

Constructors

JsonWebSignature(JsonWebSignature.Header header, JsonWebToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)

public JsonWebSignature(JsonWebSignature.Header header, JsonWebToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)
Parameters
Name Description
header JsonWebSignature.Header

header

payload JsonWebToken.Payload

payload

signatureBytes byte[]

bytes of the signature

signedContentBytes byte[]

bytes of the signed content

Methods

getHeader()

public JsonWebSignature.Header getHeader()

Returns the header.

Overriding is only supported for the purpose of calling the super implementation and changing the return type, but nothing else.

Returns
Type Description
JsonWebSignature.Header
Overrides

getSignatureBytes()

public final byte[] getSignatureBytes()

Returns the bytes of the signature.

Returns
Type Description
byte[]

getSignedContentBytes()

public final byte[] getSignedContentBytes()

Returns the bytes of the signature content.

Returns
Type Description
byte[]

verifySignature()

public final X509Certificate verifySignature()

Beta
Verifies the signature of the content using the certificate chain embedded in the signature.

Currently only "RS256" algorithm is verified, but others may be added in the future. For any other algorithm it returns null.

The certificate chain is verified using the system default trust manager.

The leaf certificate of the certificate chain must be an SSL server certificate.

Returns
Type Description
X509Certificate

the signature certificate if the signature could be verified, null otherwise

Exceptions
Type Description
GeneralSecurityException

verifySignature(PublicKey publicKey)

public final boolean verifySignature(PublicKey publicKey)

Verifies the signature of the content.

Currently only "RS256" and "ES256" algorithms are verified, but others may be added in the future. For any other algorithm it returns false.

Parameter
Name Description
publicKey PublicKey

public key

Returns
Type Description
boolean

whether the algorithm is recognized and it is verified

Exceptions
Type Description
GeneralSecurityException

verifySignature(X509TrustManager trustManager)

public final X509Certificate verifySignature(X509TrustManager trustManager)

Beta
Verifies the signature of the content using the certificate chain embedded in the signature.

Currently only "RS256" and "ES256" algorithms are verified, but others may be added in the future. For any other algorithm it returns null.

The leaf certificate of the certificate chain must be an SSL server certificate.

Parameter
Name Description
trustManager X509TrustManager

trust manager used to verify the X509 certificate chain embedded in this message

Returns
Type Description
X509Certificate

the signature certificate if the signature could be verified, null otherwise

Exceptions
Type Description
GeneralSecurityException