Package org.forgerock.json.jose.jws

Class SignedJwt

  • All Implemented Interfaces:
    Jwt, Payload
    Direct Known Subclasses:
    EncryptedThenSignedJwt
    public class SignedJwt
extends Object
implements Jwt, Payload
    A JWS implementation of the Jwt interface.

    JSON Web Signature (JWS) is a means of representing content secured with digital signatures or Message Authentication Codes (MACs) using JSON based data structures.

    Since:
    2.0.0
    See Also:
    JSON Web Signature Specification

    • Constructor Summary

      Constructors 
      Modifier Constructor Description
        SignedJwt​(JwsHeader header, JwtClaimsSet claimsSet, byte[] signingInput, byte[] signature)
      Constructs a reconstructed SignedJwt from its constituent parts, the JwsHeader, JwtClaimsSet, signing input and signature.
        SignedJwt​(JwsHeader header, JwtClaimsSet claimsSet, SigningHandler signingHandler)
      Constructs a fresh, new SignedJwt from the given JwsHeader and JwtClaimsSet.
      protected SignedJwt​(JwsHeader header, Payload nestedPayload, byte[] signingInput, byte[] signature)
      Constructs a reconstructed SignedJwt from its constituent parts, the JwsHeader, nested Encrypted JWT, signing input and signature.
      protected SignedJwt​(JwsHeader header, Payload nestedPayload, SigningHandler signingHandler)
      Constructs a fresh, new SignedJwt from the given JwsHeader and nested Encrypted JWT.
      protected SignedJwt​(SignedJwt signedJwt)
      Construct an signed JWT from an existent one.

    • Constructor Detail

      • SignedJwt

        public SignedJwt​(JwsHeader header,
                 JwtClaimsSet claimsSet,
                 SigningHandler signingHandler)
        Constructs a fresh, new SignedJwt from the given JwsHeader and JwtClaimsSet.

        The specified private key will be used in the creation of the JWS signature.

        Parameters:
        header - The JwsHeader containing the header parameters of the JWS.
        claimsSet - The JwtClaimsSet containing the claims of the JWS.
        signingHandler - The SigningHandler instance used to sign the JWS.

      • SignedJwt

        protected SignedJwt​(SignedJwt signedJwt)
        Construct an signed JWT from an existent one.
        Parameters:
        signedJwt - the signed JWT

      • SignedJwt

        public SignedJwt​(JwsHeader header,
                 JwtClaimsSet claimsSet,
                 byte[] signingInput,
                 byte[] signature)
        Constructs a reconstructed SignedJwt from its constituent parts, the JwsHeader, JwtClaimsSet, signing input and signature.

        For use when a signed JWT has been reconstructed from its base64url encoded string representation and the signature needs verifying.

        Parameters:
        header - The JwsHeader containing the header parameters of the JWS.
        claimsSet - The JwsClaimsSet containing the claims of the JWS.
        signingInput - The original data that was signed, being the base64url encoding of the JWS header and claims set concatenated using a "." character.
        signature - The resulting signature of signing the signing input.

      • SignedJwt

        protected SignedJwt​(JwsHeader header,
                    Payload nestedPayload,
                    SigningHandler signingHandler)
        Constructs a fresh, new SignedJwt from the given JwsHeader and nested Encrypted JWT.

        The specified private key will be used in the creation of the JWS signature.

        Parameters:
        header - The JwsHeader containing the header parameters of the JWS.
        nestedPayload - The nested payload that will be the payload of this JWS.
        signingHandler - The SigningHandler instance used to sign the JWS.

      • SignedJwt

        protected SignedJwt​(JwsHeader header,
                    Payload nestedPayload,
                    byte[] signingInput,
                    byte[] signature)
        Constructs a reconstructed SignedJwt from its constituent parts, the JwsHeader, nested Encrypted JWT, signing input and signature.

        For use when a signed nested encrypted JWT has been reconstructed from its base64url encoded string representation and the signature needs verifying.

        Parameters:
        header - The JwsHeader containing the header parameters of the JWS.
        nestedPayload - The nested payload that is the payload of the JWS.
        signingInput - The original data that was signed, being the base64url encoding of the JWS header and payload concatenated using a "." character.
        signature - The resulting signature of signing the signing input.

    • Method Detail

      • getHeader

        public JwsHeader getHeader()
        Gets the header object for the JWT, which contains properties which describe the cryptographic operations applied to the JWT, among other properties.

        When the JWT is digitally signed or MACed, the JWT Header is a JWS Header. When the JWT is encrypted, the JWT Header is a JWE Header.

        Specified by:
        getHeader in interface Jwt
        Returns:
        The JWTs Header.

      • getClaimsSet

        public JwtClaimsSet getClaimsSet()
        Gets the claims set object for the Jwt, which contains all of the claims (name value pairs) conveyed by the JWT.
        Specified by:
        getClaimsSet in interface Jwt
        Returns:
        The JWTs Claims Set.

      • copy

        public SignedJwt copy()
        Description copied from interface: Jwt
        Create a copy of the current JWT.
        Specified by:
        copy in interface Jwt
        Specified by:
        copy in interface Payload
        Returns:
        a copy of the JWT.

      • verify

        public boolean verify​(SigningHandler signingHandler)
        Verifies that the JWS signature is valid for the contents of its payload.

        The same private key must be given here as was used to create the signature.

        Parameters:
        signingHandler - The SigningHandler instance used to verify the JWS.
        Returns:
        true if the signature matches the JWS Header and payload.