Package org.jose4j.jws
Class JsonWebSignature
java.lang.Object
org.jose4j.jwx.JsonWebStructure
org.jose4j.jws.JsonWebSignature
The JsonWebSignature class is used to produce and consume JSON Web Signature (JWS) as defined in
RFC 7515.
-
Field Summary
Fields inherited from class org.jose4j.jwx.JsonWebStructure
base64url, doKeyValidation, headers, rawCompactSerialization
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionSign and produce the JWS Compact Serialization.Produces the compact serialization with an empty/detached payload as described in Appendix F, Detached Content, of the JWS spec though providing library support rather than making the application do it all as described therein.Gets the base64url encoded JWS Payload.Gets the JWS payload as a string.byte[]
Get the JWS payload.Gets the character encoding used for the string representation of the JWS payload.protected byte[]
Gets the JWS payload as a string.byte[]
Get the JWS payload.protected boolean
protected boolean
isSupportedCriticalHeader
(String headerName) protected void
onNewKey()
Create, initialize (using the key andProviderContext
) and return theCryptoPrimitive
that this JWS instance will use for signing.protected void
setCompactSerializationParts
(String[] parts) void
setEncodedPayload
(String encodedPayload) void
setPayload
(String payload) Sets the JWS payload as a string.void
setPayloadBytes
(byte[] payloadBytes) Sets the JWS payload.void
setPayloadCharEncoding
(String payloadCharEncoding) Sets the character encoding used for the string representation of the JWS payload (i.e.protected void
setSignature
(byte[] signature) void
sign()
Compute the JWS signature.boolean
Verify the signature of the JWS.Methods inherited from class org.jose4j.jwx.JsonWebStructure
checkCrit, checkNotEmptyPart, fromCompactSerialization, getAlgorithmConstraints, getAlgorithmHeaderValue, getCertificateChainHeaderValue, getContentTypeHeaderValue, getEncodedHeader, getHeader, getHeader, getHeaders, getIntegrity, getJwkHeader, getKey, getKeyIdHeaderValue, getLeafCertificateHeaderValue, getObjectHeader, getProviderCtx, getX509CertSha1ThumbprintHeaderValue, getX509CertSha256ThumbprintHeaderValue, isDoKeyValidation, setAlgorithmConstraints, setAlgorithmHeaderValue, setCertificateChainHeaderValue, setCompactSerialization, setContentTypeHeaderValue, setCriticalHeaderNames, setDoKeyValidation, setEncodedHeader, setHeader, setHeader, setIntegrity, setJwkHeader, setKey, setKeyIdHeaderValue, setKnownCriticalHeaders, setProviderContext, setX509CertSha1ThumbprintHeaderValue, setX509CertSha1ThumbprintHeaderValue, setX509CertSha256ThumbprintHeaderValue, setX509CertSha256ThumbprintHeaderValue, toString
-
Field Details
-
COMPACT_SERIALIZATION_PARTS
public static final short COMPACT_SERIALIZATION_PARTS- See Also:
-
-
Constructor Details
-
JsonWebSignature
public JsonWebSignature()
-
-
Method Details
-
setPayload
Sets the JWS payload as a string. UsesetPayloadCharEncoding(String)
before calling this method, to use a character encoding other than UTF-8.- Specified by:
setPayload
in classJsonWebStructure
- Parameters:
payload
- the payload, as a string, to be singed.
-
getPayloadBytes
Get the JWS payload.- Returns:
- the sequence of bytes that make up the JWS payload.
- Throws:
JoseException
- if the JWS signature is invalid or an error condition is encountered during the signature verification process
-
getUnverifiedPayloadBytes
public byte[] getUnverifiedPayloadBytes()Get the JWS payload. UnlikegetPayloadBytes()
the signature is not verified when calling this method.- Returns:
- the sequence of bytes that make up the JWS payload.
-
setPayloadBytes
public void setPayloadBytes(byte[] payloadBytes) Sets the JWS payload.- Parameters:
payloadBytes
- the payload, as a byte array, to be singed
-
setCompactSerializationParts
- Specified by:
setCompactSerializationParts
in classJsonWebStructure
- Throws:
JoseException
-
getCompactSerialization
Sign and produce the JWS Compact Serialization.
The JWS Compact Serialization represents digitally signed or MACed content as a compact, URL-safe string. This string is:
BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload) || '.' || BASE64URL(JWS Signature)
- Specified by:
getCompactSerialization
in classJsonWebStructure
- Returns:
- the Compact Serialization: the encoded header + "." + the encoded payload + "." + the encoded signature
- Throws:
JoseException
- if an error condition is encountered during the process
-
getDetachedContentCompactSerialization
Produces the compact serialization with an empty/detached payload as described in Appendix F, Detached Content, of the JWS spec though providing library support rather than making the application do it all as described therein.- Returns:
- the encoded header + ".." + the encoded signature
- Throws:
JoseException
- if an error condition is encountered during the signing process
-
prepareSigningPrimitive
Create, initialize (using the key andProviderContext
) and return theCryptoPrimitive
that this JWS instance will use for signing. This can optionally be called after setting the key (and maybe ProviderContext) but before getting the compact serialization (which is when the singing magic happens). This method provides access to the underlying primitive instance (e.g. aSignature
), which allows execution of the operation to be gated by some approval or authorization. For example, signing on Android with a key that was set to require user authentication when created needs a biometric prompt to allow the signature to execute with the key.- Returns:
- a CryptoPrimitive containing either a
Signature
orMac
, or null - Throws:
JoseException
- if an error condition is encountered during the initialization process
-
sign
Compute the JWS signature.- Throws:
JoseException
- if an error condition is encountered during the signing process
-
onNewKey
protected void onNewKey()- Overrides:
onNewKey
in classJsonWebStructure
-
verifySignature
Verify the signature of the JWS.- Returns:
- true if the signature is valid, false otherwise
- Throws:
JoseException
- if an error condition is encountered during the signature verification process
-
isSupportedCriticalHeader
- Overrides:
isSupportedCriticalHeader
in classJsonWebStructure
-
getAlgorithm
- Specified by:
getAlgorithm
in classJsonWebStructure
- Throws:
InvalidAlgorithmException
-
getAlgorithmNoConstraintCheck
- Specified by:
getAlgorithmNoConstraintCheck
in classJsonWebStructure
- Throws:
InvalidAlgorithmException
-
isRfc7797UnencodedPayload
protected boolean isRfc7797UnencodedPayload() -
getPayload
Gets the JWS payload as a string. UsesetPayloadCharEncoding(String)
before calling this method, to use a character encoding other than UTF-8.- Specified by:
getPayload
in classJsonWebStructure
- Returns:
- the JWS payload
- Throws:
JoseException
- if the JWS signature is invalid or an error condition is encountered during the signature verification process
-
getUnverifiedPayload
Gets the JWS payload as a string. UnlikegetPayload()
the signature is not verified when calling this method. UsesetPayloadCharEncoding(String)
before calling this method, to use a character encoding other than UTF-8.- Returns:
- the JWS payload
-
getPayloadCharEncoding
Gets the character encoding used for the string representation of the JWS payload. The default encoding is UTF-8.- Returns:
- the character encoding
-
setPayloadCharEncoding
Sets the character encoding used for the string representation of the JWS payload (i.e. when usinggetPayload()
,getUnverifiedPayload()
, orsetPayload(String)
). The default encoding is UTF-8.- Parameters:
payloadCharEncoding
- the character encoding to use for the string representation of the JWS payload
-
getKeyType
- Throws:
InvalidAlgorithmException
-
getKeyPersuasion
- Throws:
InvalidAlgorithmException
-
setEncodedPayload
-
getEncodedPayload
Gets the base64url encoded JWS Payload.- Returns:
- the base64url encoded JWS Payload.
-
getEncodedSignature
-
getSignature
protected byte[] getSignature() -
setSignature
protected void setSignature(byte[] signature)
-