001/* 002 * nimbus-jose-jwt 003 * 004 * Copyright 2012-2016, Connect2id Ltd. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.jwt; 019 020 021import com.nimbusds.jose.JOSEObject; 022import com.nimbusds.jose.JWSHeader; 023import com.nimbusds.jose.JWSObject; 024import com.nimbusds.jose.Payload; 025import com.nimbusds.jose.util.Base64URL; 026import net.jcip.annotations.ThreadSafe; 027 028import java.text.ParseException; 029import java.util.Map; 030 031 032/** 033 * Signed JSON Web Token (JWT). 034 * 035 * @author Vladimir Dzhuvinov 036 * @version 2024-06-06 037 */ 038@ThreadSafe 039public class SignedJWT extends JWSObject implements JWT { 040 041 042 private static final long serialVersionUID = 1L; 043 044 /** 045 * The JWT claims set. 046 */ 047 private JWTClaimsSet claimsSet; 048 049 050 /** 051 * Creates a new to-be-signed JSON Web Token (JWT) with the specified 052 * header and claims set. The initial state will be 053 * {@link com.nimbusds.jose.JWSObject.State#UNSIGNED unsigned}. 054 * 055 * @param header The JWS header. Must not be {@code null}. 056 * @param claimsSet The JWT claims set. Must not be {@code null}. 057 */ 058 public SignedJWT(final JWSHeader header, final JWTClaimsSet claimsSet) { 059 060 super(header, claimsSet.toPayload()); 061 this.claimsSet = claimsSet; 062 } 063 064 065 /** 066 * Creates a new signed JSON Web Token (JWT) with the specified 067 * serialised parts. The state will be 068 * {@link com.nimbusds.jose.JWSObject.State#SIGNED signed}. 069 * 070 * @param firstPart The first part, corresponding to the JWS header. 071 * Must not be {@code null}. 072 * @param secondPart The second part, corresponding to the claims set 073 * (payload). Must not be {@code null}. 074 * @param thirdPart The third part, corresponding to the signature. 075 * Must not be {@code null}. 076 * 077 * @throws ParseException If parsing of the serialised parts failed. 078 */ 079 public SignedJWT(final Base64URL firstPart, final Base64URL secondPart, final Base64URL thirdPart) 080 throws ParseException { 081 082 super(firstPart, secondPart, thirdPart); 083 } 084 085 086 @Override 087 public JWTClaimsSet getJWTClaimsSet() 088 throws ParseException { 089 090 if (claimsSet != null) { 091 return claimsSet; 092 } 093 094 Map<String, Object> json = getPayload().toJSONObject(); 095 096 if (json == null) { 097 throw new ParseException("Payload of JWS object is not a valid JSON object", 0); 098 } 099 100 claimsSet = JWTClaimsSet.parse(json); 101 return claimsSet; 102 } 103 104 105 @Override 106 protected void setPayload(final Payload payload) { 107 108 // setPayload() changes the result of getJWTClaimsSet(). 109 // set claimsSet = null and reparse payload again when called getJWTClaimsSet(). 110 claimsSet = null; 111 super.setPayload(payload); 112 } 113 114 115 /** 116 * Parses a signed JSON Web Token (JWT) from the specified string in 117 * compact format. 118 * 119 * @param s The string to parse. Must not be {@code null}. 120 * 121 * @return The signed JWT. 122 * 123 * @throws ParseException If the string couldn't be parsed to a valid 124 * signed JWT. 125 */ 126 public static SignedJWT parse(final String s) 127 throws ParseException { 128 129 Base64URL[] parts = JOSEObject.split(s); 130 131 if (parts.length != 3) { 132 throw new ParseException("Unexpected number of Base64URL parts, must be three", 0); 133 } 134 135 return new SignedJWT(parts[0], parts[1], parts[2]); 136 } 137}