Package com.nimbusds.jose.crypto
Class ECDSAVerifier
java.lang.Object
com.nimbusds.jose.crypto.impl.BaseJWSProvider
com.nimbusds.jose.crypto.impl.ECDSAProvider
com.nimbusds.jose.crypto.ECDSAVerifier
- All Implemented Interfaces:
CriticalHeaderParamsAware
,JCAAware<JCAContext>
,JOSEProvider
,JWSProvider
,JWSVerifier
@ThreadSafe
public class ECDSAVerifier
extends ECDSAProvider
implements JWSVerifier, CriticalHeaderParamsAware
Elliptic Curve Digital Signature Algorithm (ECDSA) verifier of
JWS objects
. Expects a public EC key
(with a P-256, P-384, P-521 or secp256k1 curve).
See RFC 7518 section 3.4 for more information.
This class is thread-safe.
Supports the following algorithms:
- Version:
- 2022-04-22
- Author:
- Axel Nennker, Vladimir Dzhuvinov
-
Field Summary
Fields inherited from class com.nimbusds.jose.crypto.impl.ECDSAProvider
SUPPORTED_ALGORITHMS, SUPPORTED_CURVES
-
Constructor Summary
ConstructorsConstructorDescriptionECDSAVerifier
(ECKey ecJWK) Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.ECDSAVerifier
(ECPublicKey publicKey) Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.ECDSAVerifier
(ECPublicKey publicKey, Set<String> defCritHeaders) Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier. -
Method Summary
Modifier and TypeMethodDescriptionReturns the names of the critical (crit
) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.Returns the names of the critical (crit
) header parameters that are understood and processed by the JWS verifier / JWE decrypter.Returns the public EC key.boolean
Verifies the specifiedsignature
of aJWS object
.Methods inherited from class com.nimbusds.jose.crypto.impl.ECDSAProvider
supportedECDSAAlgorithm
Methods inherited from class com.nimbusds.jose.crypto.impl.BaseJWSProvider
getJCAContext, supportedJWSAlgorithms
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface com.nimbusds.jose.jca.JCAAware
getJCAContext
Methods inherited from interface com.nimbusds.jose.JWSProvider
supportedJWSAlgorithms
-
Constructor Details
-
ECDSAVerifier
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.- Parameters:
publicKey
- The public EC key. Must not benull
.- Throws:
JOSEException
- If the elliptic curve of key is not supported.
-
ECDSAVerifier
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.- Parameters:
ecJWK
- The EC JSON Web Key (JWK). Must not benull
.- Throws:
JOSEException
- If the elliptic curve of key is not supported.
-
ECDSAVerifier
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.- Parameters:
publicKey
- The public EC key. Must not benull
.defCritHeaders
- The names of the critical header parameters that are deferred to the application for processing, empty set ornull
if none.- Throws:
JOSEException
- If the elliptic curve of key is not supported.
-
-
Method Details
-
getPublicKey
Returns the public EC key.- Returns:
- The public EC key.
-
getProcessedCriticalHeaderParams
Description copied from interface:CriticalHeaderParamsAware
Returns the names of the critical (crit
) header parameters that are understood and processed by the JWS verifier / JWE decrypter.- Specified by:
getProcessedCriticalHeaderParams
in interfaceCriticalHeaderParamsAware
- Returns:
- The names of the critical header parameters that are understood and processed, empty set if none.
-
getDeferredCriticalHeaderParams
Description copied from interface:CriticalHeaderParamsAware
Returns the names of the critical (crit
) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.- Specified by:
getDeferredCriticalHeaderParams
in interfaceCriticalHeaderParamsAware
- Returns:
- The names of the critical header parameters that are deferred to the application for processing, empty set if none.
-
verify
public boolean verify(JWSHeader header, byte[] signedContent, Base64URL signature) throws JOSEException Description copied from interface:JWSVerifier
Verifies the specifiedsignature
of aJWS object
.- Specified by:
verify
in interfaceJWSVerifier
- Parameters:
header
- The JSON Web Signature (JWS) header. Must specify a supported JWS algorithm and must not benull
.signedContent
- The signing input. Must not benull
.signature
- The signature part of the JWS object. Must not benull
.- Returns:
true
if the signature was successfully verified,false
if the signature is invalid or if a critical header is neither supported nor marked for deferral to the application.- Throws:
JOSEException
- If the JWS algorithm is not supported, or if signature verification failed for some other internal reason.
-