Class ECDSAVerifier

All Implemented Interfaces:
CriticalHeaderParamsAware, JCAAware<JCAContext>, JOSEProvider, JWSProvider, JWSVerifier

@ThreadSafe public class ECDSAVerifier extends ECDSAProvider implements JWSVerifier, CriticalHeaderParamsAware
Elliptic Curve Digital Signature Algorithm (ECDSA) verifier of JWS objects. Expects a public EC key (with a P-256, P-384, P-521 or secp256k1 curve).

See RFC 7518 section 3.4 for more information.

This class is thread-safe.

Supports the following algorithms:

Version:
2022-04-22
Author:
Axel Nennker, Vladimir Dzhuvinov
  • Constructor Details

    • ECDSAVerifier

      public ECDSAVerifier(ECPublicKey publicKey) throws JOSEException
      Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.
      Parameters:
      publicKey - The public EC key. Must not be null.
      Throws:
      JOSEException - If the elliptic curve of key is not supported.
    • ECDSAVerifier

      public ECDSAVerifier(ECKey ecJWK) throws JOSEException
      Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.
      Parameters:
      ecJWK - The EC JSON Web Key (JWK). Must not be null.
      Throws:
      JOSEException - If the elliptic curve of key is not supported.
    • ECDSAVerifier

      public ECDSAVerifier(ECPublicKey publicKey, Set<String> defCritHeaders) throws JOSEException
      Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.
      Parameters:
      publicKey - The public EC key. Must not be null.
      defCritHeaders - The names of the critical header parameters that are deferred to the application for processing, empty set or null if none.
      Throws:
      JOSEException - If the elliptic curve of key is not supported.
  • Method Details

    • getPublicKey

      Returns the public EC key.
      Returns:
      The public EC key.
    • getProcessedCriticalHeaderParams

      Description copied from interface: CriticalHeaderParamsAware
      Returns the names of the critical (crit) header parameters that are understood and processed by the JWS verifier / JWE decrypter.
      Specified by:
      getProcessedCriticalHeaderParams in interface CriticalHeaderParamsAware
      Returns:
      The names of the critical header parameters that are understood and processed, empty set if none.
    • getDeferredCriticalHeaderParams

      Description copied from interface: CriticalHeaderParamsAware
      Returns the names of the critical (crit) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.
      Specified by:
      getDeferredCriticalHeaderParams in interface CriticalHeaderParamsAware
      Returns:
      The names of the critical header parameters that are deferred to the application for processing, empty set if none.
    • verify

      public boolean verify(JWSHeader header, byte[] signedContent, Base64URL signature) throws JOSEException
      Description copied from interface: JWSVerifier
      Verifies the specified signature of a JWS object.
      Specified by:
      verify in interface JWSVerifier
      Parameters:
      header - The JSON Web Signature (JWS) header. Must specify a supported JWS algorithm and must not be null.
      signedContent - The signing input. Must not be null.
      signature - The signature part of the JWS object. Must not be null.
      Returns:
      true if the signature was successfully verified, false if the signature is invalid or if a critical header is neither supported nor marked for deferral to the application.
      Throws:
      JOSEException - If the JWS algorithm is not supported, or if signature verification failed for some other internal reason.