Source code

001package com.nimbusds.jose;
002
003
004import java.util.Set;
005
006import com.nimbusds.jose.util.Base64URL;
007
008
009/**
010 * Interface for verifying JSON Web Signature (JWS) objects.
011 *
012 * <p>Callers can query the verifier to determine its algorithm capabilities as
013 * well as the JWS algorithms and header parameters that are accepted for 
014 * processing.
015 *
016 * @author Vladimir Dzhuvinov
017 * @version $version$ (2014-07-08)
018 */
019public interface JWSVerifier extends JWSAlgorithmProvider {
020
021
022        /**
023         * Gets the names of the accepted JWS algorithms. These correspond to
024         * the {@code alg} JWS header parameter.
025         *
026         * @see #setAcceptedAlgorithms
027         *
028         * @return The accepted JWS algorithms, as a read-only set, empty set
029         *         if none.
030         */
031        public Set<JWSAlgorithm> getAcceptedAlgorithms();
032
033
034        /**
035         * Sets the names of the accepted JWS algorithms. These correspond to
036         * the {@code alg} JWS header parameter.
037         *
038         * <p>For JWS verifiers that support multiple JWS algorithms this
039         * method can be used to indicate that only a subset should be accepted
040         * for processing.
041         *
042         * @param acceptedAlgs The accepted JWS algorithms. Must be a subset of
043         *                     the supported algorithms and not {@code null}.
044         */
045        public void setAcceptedAlgorithms(final Set<JWSAlgorithm> acceptedAlgs);
046
047
048        /**
049         * Gets the names of the critical JWS header parameters to ignore.
050         * These are indicated by the {@code crit} header parameter. The JWS
051         * verifier should not ignore critical headers by default.
052         *
053         * @return The names of the critical JWS header parameters to ignore,
054         *         empty or {@code null} if none.
055         */
056        public Set<String> getIgnoredCriticalHeaderParameters();
057
058
059        /**
060         * Sets the names of the critical JWS header parameters to ignore.
061         * These are indicated by the {@code crit} header parameter. The JWS
062         * verifier should not ignore critical headers by default. Use this
063         * setter to delegate processing of selected critical headers to the
064         * application.
065         *
066         * @param headers The names of the critical JWS header parameters to
067         *                ignore, empty or {@code null} if none.
068         */
069        public void setIgnoredCriticalHeaderParameters(final Set<String> headers);
070
071
072        /**
073         * Verifies the specified {@link JWSObject#getSignature signature} of a
074         * {@link JWSObject JWS object}.
075         *
076         * @param header       The JSON Web Signature (JWS) header. Must 
077         *                     specify an accepted JWS algorithm, must contain
078         *                     only accepted header parameters, and must not be
079         *                     {@code null}.
080         * @param signingInput The signing input. Must not be {@code null}.
081         * @param signature    The signature part of the JWS object. Must not
082         *                     be {@code null}.
083         *
084         * @return {@code true} if the signature was successfully verified, 
085         *         else {@code false}.
086         *
087         * @throws JOSEException If the JWS algorithm is not accepted, if a 
088         *                       header parameter is not accepted, or if 
089         *                       signature verification failed for some other
090         *                       reason.
091         */
092        public boolean verify(final JWSHeader header,
093                              final byte[] signingInput,
094                              final Base64URL signature)
095                throws JOSEException;
096}