com.nimbusds.jose.crypto

Class RSASSAVerifier

java.lang.Object

com.nimbusds.jose.crypto.RSASSAVerifier

All Implemented Interfaces:

AlgorithmProvider, JWSAlgorithmProvider, JWSVerifier

@ThreadSafe
public class RSASSAVerifier
extends Object
implements JWSVerifier

RSA Signature-Scheme-with-Appendix (RSASSA) verifier of JWS objects. This class is thread-safe.

Supports the following JSON Web Algorithms (JWAs):

• JWSAlgorithm.RS256
• JWSAlgorithm.RS384
• JWSAlgorithm.RS512
• JWSAlgorithm.PS256
• JWSAlgorithm.PS384
• JWSAlgorithm.PS512

Accepts all registered JWS header parameters. Use setAcceptedAlgorithms(java.util.Set<com.nimbusds.jose.JWSAlgorithm>) to restrict the acceptable JWS algorithms.

Version:

$version$ (2014-04-22)

Author:

Vladimir Dzhuvinov

Field Summary

Fields

Modifier and Type	Field and Description
protected Provider	provider The underlying cryptographic provider, null if not specified (implies default one).
static Set<JWSAlgorithm>	SUPPORTED_ALGORITHMS The supported JWS algorithms.

Constructor Summary

Constructors

Constructor and Description
RSASSAVerifier(RSAPublicKey publicKey) Creates a new RSA Signature-Scheme-with-Appendix (RSASSA) verifier.

Method Summary

Methods

Modifier and Type	Method and Description
Set<JWSAlgorithm>	getAcceptedAlgorithms() Gets the names of the accepted JWS algorithms.
Set<String>	getIgnoredCriticalHeaderParameters() Gets the names of the critical JWS header parameters to ignore.
RSAPublicKey	getPublicKey() Gets the public RSA key.
protected static Signature	getRSASignerAndVerifier(JWSAlgorithm alg, Provider provider) Gets a signer and verifier for the specified RSASSA-based JSON Web Algorithm (JWA).
void	setAcceptedAlgorithms(Set<JWSAlgorithm> acceptedAlgs) Sets the names of the accepted JWS algorithms.
void	setIgnoredCriticalHeaderParameters(Set<String> headers) Sets the names of the critical JWS header parameters to ignore.
void	setProvider(Provider provider) Sets a specific JCA provider, to be used for all operations.
Set<JWSAlgorithm>	supportedAlgorithms() Returns the names of the supported JWS algorithms.
boolean	verify(JWSHeader header, byte[] signedContent, Base64URL signature) Verifies the specified signature of a JWS object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.nimbusds.jose.JWSAlgorithmProvider

supportedAlgorithms

Methods inherited from interface com.nimbusds.jose.AlgorithmProvider

setProvider

Field Detail

SUPPORTED_ALGORITHMS

public static final Set<JWSAlgorithm> SUPPORTED_ALGORITHMS

The supported JWS algorithms.

provider

protected Provider provider

The underlying cryptographic provider, null if not specified (implies default one).

Constructor Detail

RSASSAVerifier

public RSASSAVerifier(RSAPublicKey publicKey)

Creates a new RSA Signature-Scheme-with-Appendix (RSASSA) verifier.

Parameters:

publicKey - The public RSA key. Must not be null.

Method Detail

getPublicKey

public RSAPublicKey getPublicKey()

Gets the public RSA key.

Returns:

The public RSA key.

getAcceptedAlgorithms

public Set<JWSAlgorithm> getAcceptedAlgorithms()

Description copied from interface: JWSVerifier

Gets the names of the accepted JWS algorithms. These correspond to the alg JWS header parameter.

Specified by:

getAcceptedAlgorithms in interface JWSVerifier

Returns:

The accepted JWS algorithms, as a read-only set, empty set if none.

See Also:

JWSVerifier.setAcceptedAlgorithms(java.util.Set<com.nimbusds.jose.JWSAlgorithm>)

setAcceptedAlgorithms

public void setAcceptedAlgorithms(Set<JWSAlgorithm> acceptedAlgs)

Description copied from interface: JWSVerifier

Sets the names of the accepted JWS algorithms. These correspond to the alg JWS header parameter.

For JWS verifiers that support multiple JWS algorithms this method can be used to indicate that only a subset should be accepted for processing.

Specified by:

setAcceptedAlgorithms in interface JWSVerifier

Parameters:

acceptedAlgs - The accepted JWS algorithms. Must be a subset of the supported algorithms and not null.

getIgnoredCriticalHeaderParameters

public Set<String> getIgnoredCriticalHeaderParameters()

Description copied from interface: JWSVerifier

Gets the names of the critical JWS header parameters to ignore. These are indicated by the crit header parameter. The JWS verifier should not ignore critical headers by default.

Specified by:

getIgnoredCriticalHeaderParameters in interface JWSVerifier

Returns:

The names of the critical JWS header parameters to ignore, empty or null if none.

setIgnoredCriticalHeaderParameters

public void setIgnoredCriticalHeaderParameters(Set<String> headers)

Description copied from interface: JWSVerifier

Sets the names of the critical JWS header parameters to ignore. These are indicated by the crit header parameter. The JWS verifier should not ignore critical headers by default. Use this setter to delegate processing of selected critical headers to the application.

Specified by:

setIgnoredCriticalHeaderParameters in interface JWSVerifier

Parameters:

headers - The names of the critical JWS header parameters to ignore, empty or null if none.

verify

public boolean verify(JWSHeader header,
             byte[] signedContent,
             Base64URL signature)
               throws JOSEException

Description copied from interface: JWSVerifier

Verifies the specified signature of a JWS object.

Specified by:

verify in interface JWSVerifier

Parameters:

header - The JSON Web Signature (JWS) header. Must specify an accepted JWS algorithm, must contain only accepted header parameters, and must not be null.

signedContent - The signing input. Must not be null.

signature - The signature part of the JWS object. Must not be null.

Returns:

true if the signature was successfully verified, else false.

Throws:

JOSEException - If the JWS algorithm is not accepted, if a header parameter is not accepted, or if signature verification failed for some other reason.

getRSASignerAndVerifier

protected static Signature getRSASignerAndVerifier(JWSAlgorithm alg,
                                Provider provider)
                                            throws JOSEException

Gets a signer and verifier for the specified RSASSA-based JSON Web Algorithm (JWA).

Parameters:

alg - The JSON Web Algorithm (JWA). Must be supported and not null.

Returns:

A signer and verifier instance.

Throws:

JOSEException - If the algorithm is not supported.

supportedAlgorithms

public Set<JWSAlgorithm> supportedAlgorithms()

Description copied from interface: JWSAlgorithmProvider

Returns the names of the supported JWS algorithms. These correspond to the alg JWS header parameter.

Specified by:

supportedAlgorithms in interface JWSAlgorithmProvider

Returns:

The supported JWS algorithms, empty set if none.

setProvider

public void setProvider(Provider provider)

Description copied from interface: AlgorithmProvider

Sets a specific JCA provider, to be used for all operations.

Specified by:

setProvider in interface AlgorithmProvider

Parameters:

provider - The JCA provider, or null to use the default one.