@ThreadSafe public class ECDSAVerifier extends ECDSAProvider implements JWSVerifier, CriticalHeaderParamsAware
JWS objects
. Expects a public EC key
(with a P-256, P-384 or P-521 curve).
See RFC 7518 section 3.4 for more information.
This class is thread-safe.
Supports the following algorithms:
SUPPORTED_ALGORITHMS
Constructor and Description |
---|
ECDSAVerifier(ECKey ecJWK)
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA)
verifier.
|
ECDSAVerifier(ECPublicKey publicKey)
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA)
verifier.
|
ECDSAVerifier(ECPublicKey publicKey,
Set<String> defCritHeaders)
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA)
verifier.
|
Modifier and Type | Method and Description |
---|---|
Set<String> |
getDeferredCriticalHeaderParams()
Returns the names of the critical (
crit ) header parameters
that are deferred to the application for processing and will be
ignored by the JWS verifier / JWE decrypter. |
Set<String> |
getProcessedCriticalHeaderParams()
Returns the names of the critical (
crit ) header parameters
that are understood and processed by the JWS verifier / JWE
decrypter. |
ECPublicKey |
getPublicKey()
Returns the public EC key.
|
boolean |
verify(JWSHeader header,
byte[] signedContent,
Base64URL signature)
Verifies the specified
signature of a
JWS object . |
supportedECDSAAlgorithm
getJCAContext, supportedJWSAlgorithms
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
supportedJWSAlgorithms
getJCAContext
public ECDSAVerifier(ECPublicKey publicKey) throws JOSEException
publicKey
- The public EC key. Must not be null
.JOSEException
- If the elliptic curve of key is not supported.public ECDSAVerifier(ECKey ecJWK) throws JOSEException
ecJWK
- The EC JSON Web Key (JWK). Must not be null
.JOSEException
- If the elliptic curve of key is not supported.public ECDSAVerifier(ECPublicKey publicKey, Set<String> defCritHeaders) throws JOSEException
publicKey
- The public EC key. Must not be null
.defCritHeaders
- The names of the critical header parameters
that are deferred to the application for
processing, empty set or null
if none.JOSEException
- If the elliptic curve of key is not supported.public ECPublicKey getPublicKey()
public Set<String> getProcessedCriticalHeaderParams()
CriticalHeaderParamsAware
crit
) header parameters
that are understood and processed by the JWS verifier / JWE
decrypter.getProcessedCriticalHeaderParams
in interface CriticalHeaderParamsAware
public Set<String> getDeferredCriticalHeaderParams()
CriticalHeaderParamsAware
crit
) header parameters
that are deferred to the application for processing and will be
ignored by the JWS verifier / JWE decrypter.getDeferredCriticalHeaderParams
in interface CriticalHeaderParamsAware
public boolean verify(JWSHeader header, byte[] signedContent, Base64URL signature) throws JOSEException
JWSVerifier
signature
of a
JWS object
.verify
in interface JWSVerifier
header
- The JSON Web Signature (JWS) header. Must
specify a supported JWS algorithm and must not
be null
.signedContent
- The signing input. Must not be null
.signature
- The signature part of the JWS object. Must not
be null
.true
if the signature was successfully verified,
false
if the signature is invalid or if a critical
header is neither supported nor marked for deferral to the
application.JOSEException
- If the JWS algorithm is not supported, or if
signature verification failed for some other
internal reason.Copyright © 2020 Connect2id Ltd.. All rights reserved.