Package com.nimbusds.jose.crypto

Class ECDSAVerifier

java.lang.Object

com.nimbusds.jose.crypto.impl.BaseJWSProvider

com.nimbusds.jose.crypto.impl.ECDSAProvider

com.nimbusds.jose.crypto.ECDSAVerifier

All Implemented Interfaces:

CriticalHeaderParamsAware, JCAAware<JCAContext>, JOSEProvider, JWSProvider, JWSVerifier

@ThreadSafe
public class ECDSAVerifier
extends ECDSAProvider
implements JWSVerifier, CriticalHeaderParamsAware

Elliptic Curve Digital Signature Algorithm (ECDSA) verifier of JWS objects. Expects a public EC key (with a P-256, P-384, P-521 or secp256k1 curve).

See RFC 7518 section 3.4 for more information.

This class is thread-safe.

Supports the following algorithms:

• JWSAlgorithm.ES256
• JWSAlgorithm.ES256K
• JWSAlgorithm.ES384
• JWSAlgorithm.ES512

Version:

2022-04-22

Author:

Axel Nennker, Vladimir Dzhuvinov

Field Summary

Fields inherited from class com.nimbusds.jose.crypto.impl.ECDSAProvider

SUPPORTED_ALGORITHMS

Constructor Summary

Constructors

Constructor	Description
ECDSAVerifier(ECKey ecJWK)	Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.
ECDSAVerifier(ECPublicKey publicKey)	Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.
ECDSAVerifier(ECPublicKey publicKey, Set<String> defCritHeaders)	Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.

Method Summary

Modifier and Type	Method	Description
Set<String>	getDeferredCriticalHeaderParams()	Returns the names of the critical (crit) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.
Set<String>	getProcessedCriticalHeaderParams()	Returns the names of the critical (crit) header parameters that are understood and processed by the JWS verifier / JWE decrypter.
ECPublicKey	getPublicKey()	Returns the public EC key.
boolean	verify(JWSHeader header, byte[] signedContent, Base64URL signature)	Verifies the specified signature of a JWS object.

Methods inherited from class com.nimbusds.jose.crypto.impl.ECDSAProvider

supportedECDSAAlgorithm

Methods inherited from class com.nimbusds.jose.crypto.impl.BaseJWSProvider

getJCAContext, supportedJWSAlgorithms

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.nimbusds.jose.jca.JCAAware

getJCAContext

Methods inherited from interface com.nimbusds.jose.JWSProvider

supportedJWSAlgorithms

Constructor Detail

ECDSAVerifier

public ECDSAVerifier(ECPublicKey publicKey)
              throws JOSEException

Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.

Parameters:

publicKey - The public EC key. Must not be null.

Throws:

JOSEException - If the elliptic curve of key is not supported.

ECDSAVerifier

public ECDSAVerifier(ECKey ecJWK)
              throws JOSEException

Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.

Parameters:

ecJWK - The EC JSON Web Key (JWK). Must not be null.

Throws:

JOSEException - If the elliptic curve of key is not supported.

ECDSAVerifier

public ECDSAVerifier(ECPublicKey publicKey,
                     Set<String> defCritHeaders)
              throws JOSEException

Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.

Parameters:

publicKey - The public EC key. Must not be null.

defCritHeaders - The names of the critical header parameters that are deferred to the application for processing, empty set or null if none.

Throws:

JOSEException - If the elliptic curve of key is not supported.

Method Detail

getPublicKey

public ECPublicKey getPublicKey()

Returns the public EC key.

Returns:

The public EC key.

getProcessedCriticalHeaderParams

public Set<String> getProcessedCriticalHeaderParams()

Description copied from interface: CriticalHeaderParamsAware

Returns the names of the critical (crit) header parameters that are understood and processed by the JWS verifier / JWE decrypter.

Specified by:

getProcessedCriticalHeaderParams in interface CriticalHeaderParamsAware

Returns:

The names of the critical header parameters that are understood and processed, empty set if none.

getDeferredCriticalHeaderParams

public Set<String> getDeferredCriticalHeaderParams()

Description copied from interface: CriticalHeaderParamsAware

Returns the names of the critical (crit) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.

Specified by:

getDeferredCriticalHeaderParams in interface CriticalHeaderParamsAware

Returns:

The names of the critical header parameters that are deferred to the application for processing, empty set if none.

verify

public boolean verify(JWSHeader header,
                      byte[] signedContent,
                      Base64URL signature)
               throws JOSEException

Description copied from interface: JWSVerifier

Verifies the specified signature of a JWS object.

Specified by:

verify in interface JWSVerifier

Parameters:

header - The JSON Web Signature (JWS) header. Must specify a supported JWS algorithm and must not be null.

signedContent - The signing input. Must not be null.

signature - The signature part of the JWS object. Must not be null.

Returns:

true if the signature was successfully verified, false if the signature is invalid or if a critical header is neither supported nor marked for deferral to the application.

Throws:

JOSEException - If the JWS algorithm is not supported, or if signature verification failed for some other internal reason.