@ThreadSafe public class RSASSAVerifier extends java.lang.Object implements JWSVerifier
JWS objects
. This class is thread-safe.
Supports the following JSON Web Algorithms (JWAs):
JWSAlgorithm.RS256
JWSAlgorithm.RS384
JWSAlgorithm.RS512
JWSAlgorithm.PS256
JWSAlgorithm.PS384
JWSAlgorithm.PS512
Accepts all registered JWS header parameters
. Use setAcceptedAlgorithms(java.util.Set<com.nimbusds.jose.JWSAlgorithm>)
to
restrict the acceptable JWS algorithms.
Modifier and Type | Field and Description |
---|---|
protected java.security.Provider |
provider
The underlying cryptographic provider,
null if not specified
(implies default one). |
static java.util.Set<JWSAlgorithm> |
SUPPORTED_ALGORITHMS
The supported JWS algorithms.
|
Constructor and Description |
---|
RSASSAVerifier(java.security.interfaces.RSAPublicKey publicKey)
Creates a new RSA Signature-Scheme-with-Appendix (RSASSA) verifier.
|
Modifier and Type | Method and Description |
---|---|
java.util.Set<JWSAlgorithm> |
getAcceptedAlgorithms()
Gets the names of the accepted JWS algorithms.
|
java.util.Set<java.lang.String> |
getIgnoredCriticalHeaderParameters()
Gets the names of the critical JWS header parameters to ignore.
|
java.security.interfaces.RSAPublicKey |
getPublicKey()
Gets the public RSA key.
|
protected static java.security.Signature |
getRSASignerAndVerifier(JWSAlgorithm alg,
java.security.Provider provider)
Gets a signer and verifier for the specified RSASSA-based JSON Web
Algorithm (JWA).
|
void |
setAcceptedAlgorithms(java.util.Set<JWSAlgorithm> acceptedAlgs)
Sets the names of the accepted JWS algorithms.
|
void |
setIgnoredCriticalHeaderParameters(java.util.Set<java.lang.String> headers)
Sets the names of the critical JWS header parameters to ignore.
|
void |
setProvider(java.security.Provider provider)
Sets a specific JCA provider, to be used for all operations.
|
java.util.Set<JWSAlgorithm> |
supportedAlgorithms()
Returns the names of the supported JWS algorithms.
|
boolean |
verify(JWSHeader header,
byte[] signedContent,
Base64URL signature)
Verifies the specified
signature of a
JWS object . |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
supportedAlgorithms
setProvider
public static final java.util.Set<JWSAlgorithm> SUPPORTED_ALGORITHMS
protected java.security.Provider provider
null
if not specified
(implies default one).public RSASSAVerifier(java.security.interfaces.RSAPublicKey publicKey)
publicKey
- The public RSA key. Must not be null
.public java.security.interfaces.RSAPublicKey getPublicKey()
public java.util.Set<JWSAlgorithm> getAcceptedAlgorithms()
JWSVerifier
alg
JWS header parameter.getAcceptedAlgorithms
in interface JWSVerifier
JWSVerifier.setAcceptedAlgorithms(java.util.Set<com.nimbusds.jose.JWSAlgorithm>)
public void setAcceptedAlgorithms(java.util.Set<JWSAlgorithm> acceptedAlgs)
JWSVerifier
alg
JWS header parameter.
For JWS verifiers that support multiple JWS algorithms this method can be used to indicate that only a subset should be accepted for processing.
setAcceptedAlgorithms
in interface JWSVerifier
acceptedAlgs
- The accepted JWS algorithms. Must be a subset of
the supported algorithms and not null
.public java.util.Set<java.lang.String> getIgnoredCriticalHeaderParameters()
JWSVerifier
crit
header parameter. The JWS
verifier should not ignore critical headers by default.getIgnoredCriticalHeaderParameters
in interface JWSVerifier
null
if none.public void setIgnoredCriticalHeaderParameters(java.util.Set<java.lang.String> headers)
JWSVerifier
crit
header parameter. The JWS
verifier should not ignore critical headers by default. Use this
setter to delegate processing of selected critical headers to the
application.setIgnoredCriticalHeaderParameters
in interface JWSVerifier
headers
- The names of the critical JWS header parameters to
ignore, empty or null
if none.public boolean verify(JWSHeader header, byte[] signedContent, Base64URL signature) throws JOSEException
JWSVerifier
signature
of a
JWS object
.verify
in interface JWSVerifier
header
- The JSON Web Signature (JWS) header. Must
specify an accepted JWS algorithm, must contain
only accepted header parameters, and must not be
null
.signedContent
- The signing input. Must not be null
.signature
- The signature part of the JWS object. Must not
be null
.true
if the signature was successfully verified,
else false
.JOSEException
- If the JWS algorithm is not accepted, if a
header parameter is not accepted, or if
signature verification failed for some other
reason.protected static java.security.Signature getRSASignerAndVerifier(JWSAlgorithm alg, java.security.Provider provider) throws JOSEException
alg
- The JSON Web Algorithm (JWA). Must be supported and not
null
.JOSEException
- If the algorithm is not supported.public java.util.Set<JWSAlgorithm> supportedAlgorithms()
JWSAlgorithmProvider
alg
JWS header parameter.supportedAlgorithms
in interface JWSAlgorithmProvider
public void setProvider(java.security.Provider provider)
AlgorithmProvider
setProvider
in interface AlgorithmProvider
provider
- The JCA provider, or null
to use the default
one.Copyright © 2014 Connect2id Ltd.. All Rights Reserved.