@ThreadSafe public class ECDSAVerifier extends Object implements JWSVerifier
JWS objects
.
Supports the following JSON Web Algorithms (JWAs):
Accepts all registered JWS header parameters
. Use setAcceptedAlgorithms(java.util.Set<com.nimbusds.jose.JWSAlgorithm>)
to
restrict the acceptable JWS algorithms.
Modifier and Type | Field and Description |
---|---|
protected Provider |
provider
The underlying cryptographic provider,
null if not specified
(implies default one). |
static Set<JWSAlgorithm> |
SUPPORTED_ALGORITHMS
The supported JWS algorithms.
|
Constructor and Description |
---|
ECDSAVerifier(BigInteger x,
BigInteger y)
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA)
verifier.
|
Modifier and Type | Method and Description |
---|---|
Set<JWSAlgorithm> |
getAcceptedAlgorithms()
Gets the names of the accepted JWS algorithms.
|
protected static com.nimbusds.jose.crypto.ECDSAParameters |
getECDSAParameters(JWSAlgorithm alg)
Gets the initial parameters for the specified ECDSA-based JSON Web
Algorithm (JWA).
|
Set<String> |
getIgnoredCriticalHeaderParameters()
Gets the names of the critical JWS header parameters to ignore.
|
protected static int |
getSignatureByteArrayLength(JWSAlgorithm alg)
Gets the expected signature byte array length (R + S parts) for the
specified ECDSA algorithm.
|
BigInteger |
getX()
Gets the 'x' coordinate for the elliptic curve point.
|
BigInteger |
getY()
Gets the 'y' coordinate for the elliptic curve point.
|
void |
setAcceptedAlgorithms(Set<JWSAlgorithm> acceptedAlgs)
Sets the names of the accepted JWS algorithms.
|
void |
setIgnoredCriticalHeaderParameters(Set<String> headers)
Sets the names of the critical JWS header parameters to ignore.
|
void |
setProvider(Provider provider)
Sets a specific JCA provider, to be used for all operations.
|
Set<JWSAlgorithm> |
supportedAlgorithms()
Returns the names of the supported JWS algorithms.
|
boolean |
verify(JWSHeader header,
byte[] signedContent,
Base64URL signature)
Verifies the specified
signature of a
JWS object . |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
supportedAlgorithms
setProvider
public static final Set<JWSAlgorithm> SUPPORTED_ALGORITHMS
public ECDSAVerifier(BigInteger x, BigInteger y)
x
- The 'x' coordinate for the elliptic curve point. Must not
be null
.y
- The 'y' coordinate for the elliptic curve point. Must not
be null
.public BigInteger getX()
public BigInteger getY()
public Set<JWSAlgorithm> getAcceptedAlgorithms()
JWSVerifier
alg
JWS header parameter.getAcceptedAlgorithms
in interface JWSVerifier
JWSVerifier.setAcceptedAlgorithms(java.util.Set<com.nimbusds.jose.JWSAlgorithm>)
public void setAcceptedAlgorithms(Set<JWSAlgorithm> acceptedAlgs)
JWSVerifier
alg
JWS header parameter.
For JWS verifiers that support multiple JWS algorithms this method can be used to indicate that only a subset should be accepted for processing.
setAcceptedAlgorithms
in interface JWSVerifier
acceptedAlgs
- The accepted JWS algorithms. Must be a subset of
the supported algorithms and not null
.public Set<String> getIgnoredCriticalHeaderParameters()
JWSVerifier
crit
header parameter. The JWS
verifier should not ignore critical headers by default.getIgnoredCriticalHeaderParameters
in interface JWSVerifier
null
if none.public void setIgnoredCriticalHeaderParameters(Set<String> headers)
JWSVerifier
crit
header parameter. The JWS
verifier should not ignore critical headers by default. Use this
setter to delegate processing of selected critical headers to the
application.setIgnoredCriticalHeaderParameters
in interface JWSVerifier
headers
- The names of the critical JWS header parameters to
ignore, empty or null
if none.public boolean verify(JWSHeader header, byte[] signedContent, Base64URL signature) throws JOSEException
JWSVerifier
signature
of a
JWS object
.verify
in interface JWSVerifier
header
- The JSON Web Signature (JWS) header. Must
specify an accepted JWS algorithm, must contain
only accepted header parameters, and must not be
null
.signedContent
- The signing input. Must not be null
.signature
- The signature part of the JWS object. Must not
be null
.true
if the signature was successfully verified,
else false
.JOSEException
- If the JWS algorithm is not accepted, if a
header parameter is not accepted, or if
signature verification failed for some other
reason.protected static int getSignatureByteArrayLength(JWSAlgorithm alg) throws JOSEException
alg
- The JSON Web Algorithm (JWA). Must be supported and not
null
.JOSEException
- If the algorithm is not supported.protected static com.nimbusds.jose.crypto.ECDSAParameters getECDSAParameters(JWSAlgorithm alg) throws JOSEException
alg
- The JSON Web Algorithm (JWA). Must be supported and not
null
.JOSEException
- If the algorithm is not supported.public Set<JWSAlgorithm> supportedAlgorithms()
JWSAlgorithmProvider
alg
JWS header parameter.supportedAlgorithms
in interface JWSAlgorithmProvider
public void setProvider(Provider provider)
AlgorithmProvider
setProvider
in interface AlgorithmProvider
provider
- The JCA provider, or null
to use the default
one.Copyright © 2015 Connect2id Ltd.. All Rights Reserved.