Package com.nimbusds.jose.crypto

Class RSASSAVerifier

java.lang.Object
com.nimbusds.jose.crypto.impl.BaseJWSProvider
com.nimbusds.jose.crypto.impl.RSASSAProvider
com.nimbusds.jose.crypto.RSASSAVerifier
All Implemented Interfaces:
CriticalHeaderParamsAware, JCAAware<JCAContext>, JOSEProvider, JWSProvider, JWSVerifier
@ThreadSafe public class RSASSAVerifier extends RSASSAProvider implements JWSVerifier, CriticalHeaderParamsAware
RSA Signature-Scheme-with-Appendix (RSASSA) verifier of JWS objects. Expects a public RSA key.

See RFC 7518, sections 3.3 and 3.5 for more information.

This class is thread-safe.

Supports the following algorithms:

Supports the BouncyCastle FIPS provider for the PSxxx family of JWS algorithms.

Version:
2024-04-20
Author:
Vladimir Dzhuvinov

  • Constructor Details

    • RSASSAVerifier

      public RSASSAVerifier(RSAPublicKey publicKey)
      Creates a new RSA Signature-Scheme-with-Appendix (RSASSA) verifier.
      Parameters:
      publicKey - The public RSA key. Must not be null.

    • RSASSAVerifier

      public RSASSAVerifier(RSAKey rsaJWK) throws JOSEException
      Creates a new RSA Signature-Scheme-with-Appendix (RSASSA) verifier.
      Parameters:
      rsaJWK - The RSA JSON Web Key (JWK). Must not be null.
      Throws:
      JOSEException - If the RSA JWK extraction failed.

    • RSASSAVerifier

      public RSASSAVerifier(RSAPublicKey publicKey, Set<String> defCritHeaders)
      Creates a new RSA Signature-Scheme-with-Appendix (RSASSA) verifier.
      Parameters:
      publicKey - The public RSA key. Must not be null.
      defCritHeaders - The names of the critical header parameters that are deferred to the application for processing, empty set or null if none.

  • Method Details

    • getPublicKey

      public RSAPublicKey getPublicKey()
      Gets the public RSA key.
      Returns:
      The public RSA key.

    • getProcessedCriticalHeaderParams

      public Set<String> getProcessedCriticalHeaderParams()
      Description copied from interface: CriticalHeaderParamsAware
      Returns the names of the critical (crit) header parameters that are understood and processed by the JWS verifier / JWE decrypter.
      Specified by:
      getProcessedCriticalHeaderParams in interface CriticalHeaderParamsAware
      Returns:
      The names of the critical header parameters that are understood and processed, empty set if none.

    • getDeferredCriticalHeaderParams

      public Set<String> getDeferredCriticalHeaderParams()
      Description copied from interface: CriticalHeaderParamsAware
      Returns the names of the critical (crit) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.
      Specified by:
      getDeferredCriticalHeaderParams in interface CriticalHeaderParamsAware
      Returns:
      The names of the critical header parameters that are deferred to the application for processing, empty set if none.

    • verify

      public boolean verify(JWSHeader header, byte[] signedContent, Base64URL signature) throws JOSEException
      Description copied from interface: JWSVerifier
      Verifies the specified signature of a JWS object.
      Specified by:
      verify in interface JWSVerifier
      Parameters:
      header - The JSON Web Signature (JWS) header. Must specify a supported JWS algorithm and must not be null.
      signedContent - The signing input. Must not be null.
      signature - The signature part of the JWS object. Must not be null.
      Returns:
      true if the signature was successfully verified, false if the signature is invalid or if a critical header is neither supported nor marked for deferral to the application.
      Throws:
      JOSEException - If the JWS algorithm is not supported, or if signature verification failed for some other internal reason.