com.nimbusds.jose.crypto

Class ECDSAVerifier

java.lang.Object

com.nimbusds.jose.crypto.ECDSAVerifier

All Implemented Interfaces:

JWSAlgorithmProvider, JWSVerifier

@ThreadSafe
public class ECDSAVerifier
extends Object
implements JWSVerifier

Elliptic Curve Digital Signature Algorithm (ECDSA) verifier of JWS objects.

Supports the following JSON Web Algorithms (JWAs):

• JWSAlgorithm.ES256
• JWSAlgorithm.ES384
• JWSAlgorithm.ES512

Accepts all reserved JWS header parameters. Modify the header filter properties to restrict the acceptable JWS algorithms and header parameters, or to allow custom JWS header parameters.

Version:

$version$ (2013-03-27)

Author:

Axel Nennker, Vladimir Dzhuvinov

Field Summary

Fields

Modifier and Type	Field and Description
static Set<JWSAlgorithm>	SUPPORTED_ALGORITHMS The supported JWS algorithms.

Constructor Summary

Constructors

Constructor and Description
ECDSAVerifier(BigInteger x, BigInteger y) Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.

Method Summary

Methods

Modifier and Type	Method and Description
protected static com.nimbusds.jose.crypto.ECDSAParameters	getECDSAParameters(JWSAlgorithm alg) Gets the initial parameters for the specified ECDSA-based JSON Web Algorithm (JWA).
JWSHeaderFilter	getJWSHeaderFilter() Gets the JWS header filter associated with the verifier.
protected static int	getSignatureByteArrayLength(JWSAlgorithm alg) Gets the expected signature byte array length (R + S parts) for the specified ECDSA algorithm.
BigInteger	getX() Gets the 'x' coordinate for the elliptic curve point.
BigInteger	getY() Gets the 'y' coordinate for the elliptic curve point.
Set<JWSAlgorithm>	supportedAlgorithms() Returns the names of the supported JWS algorithms.
boolean	verify(ReadOnlyJWSHeader header, byte[] signedContent, Base64URL signature) Verifies the specified signature of a JWS object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.nimbusds.jose.JWSAlgorithmProvider

supportedAlgorithms

Field Detail

SUPPORTED_ALGORITHMS

public static final Set<JWSAlgorithm> SUPPORTED_ALGORITHMS

The supported JWS algorithms.

Constructor Detail

ECDSAVerifier

public ECDSAVerifier(BigInteger x,
             BigInteger y)

Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.

Parameters:

x - The 'x' coordinate for the elliptic curve point. Must not be null.

y - The 'y' coordinate for the elliptic curve point. Must not be null.

Method Detail

getX

public BigInteger getX()

Gets the 'x' coordinate for the elliptic curve point.

Returns:

The 'x' coordinate.

getY

public BigInteger getY()

Gets the 'y' coordinate for the elliptic curve point.

Returns:

The 'y' coordinate.

getJWSHeaderFilter

public JWSHeaderFilter getJWSHeaderFilter()

Description copied from interface: JWSVerifier

Gets the JWS header filter associated with the verifier. Specifies the names of those supported JWS algorithms and header parameters that the verifier is configured to accept.

Attempting to verify a JWS object signature with an algorithm or header parameter that is not accepted must result in a JOSEException.

Specified by:

getJWSHeaderFilter in interface JWSVerifier

Returns:

The JWS header filter.

verify

public boolean verify(ReadOnlyJWSHeader header,
             byte[] signedContent,
             Base64URL signature)
               throws JOSEException

Description copied from interface: JWSVerifier

Verifies the specified signature of a JWS object.

Specified by:

verify in interface JWSVerifier

Parameters:

header - The JSON Web Signature (JWS) header. Must specify an accepted JWS algorithm, must contain only accepted header parameters, and must not be null.

signedContent - The signing input. Must not be null.

signature - The signature part of the JWS object. Must not be null.

Returns:

true if the signature was successfully verified, else false.

Throws:

JOSEException - If the JWS algorithm is not accepted, if a header parameter is not accepted, or if signature verification failed for some other reason.

getSignatureByteArrayLength

protected static int getSignatureByteArrayLength(JWSAlgorithm alg)
                                          throws JOSEException

Gets the expected signature byte array length (R + S parts) for the specified ECDSA algorithm.

Parameters:

alg - The JSON Web Algorithm (JWA). Must be supported and not null.

Returns:

The expected byte array length for the signature.

Throws:

JOSEException - If the algorithm is not supported.

getECDSAParameters

protected static com.nimbusds.jose.crypto.ECDSAParameters getECDSAParameters(JWSAlgorithm alg)
                                                                      throws JOSEException

Gets the initial parameters for the specified ECDSA-based JSON Web Algorithm (JWA).

Parameters:

alg - The JSON Web Algorithm (JWA). Must be supported and not null.

Returns:

The initial ECDSA parameters.

Throws:

JOSEException - If the algorithm is not supported.

supportedAlgorithms

public Set<JWSAlgorithm> supportedAlgorithms()

Description copied from interface: JWSAlgorithmProvider

Returns the names of the supported JWS algorithms. These correspond to the alg JWS header parameter.

Specified by:

supportedAlgorithms in interface JWSAlgorithmProvider

Returns:

The supported JWS algorithms, empty set if none.