Package org.forgerock.json.jose.jws

Class SignedJwt

java.lang.Object
org.forgerock.json.jose.jws.SignedJwt
All Implemented Interfaces:
Jwt, Payload
Direct Known Subclasses:
EncryptedThenSignedJwt
public class SignedJwt extends Object implements Jwt, Payload
A JWS implementation of the Jwt interface.

JSON Web Signature (JWS) is a means of representing content secured with digital signatures or Message Authentication Codes (MACs) using JSON based data structures.

Since:
2.0.0
See Also:

  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
     
    SignedJwt(JwsHeader header, JwtClaimsSet claimsSet, byte[] signingInput, byte[] signature)
    Constructs a reconstructed SignedJwt from its constituent parts, the JwsHeader, JwtClaimsSet, signing input and signature.
     
    SignedJwt(JwsHeader header, JwtClaimsSet claimsSet, SigningHandler signingHandler)
    Constructs a fresh, new SignedJwt from the given JwsHeader and JwtClaimsSet.
    protected
    SignedJwt(JwsHeader header, Payload nestedPayload, byte[] signingInput, byte[] signature)
    Constructs a reconstructed SignedJwt from its constituent parts, the JwsHeader, nested Encrypted JWT, signing input and signature.
    protected
    SignedJwt(JwsHeader header, Payload nestedPayload, SigningHandler signingHandler)
    Constructs a fresh, new SignedJwt from the given JwsHeader and nested Encrypted JWT.
    protected
    SignedJwt(SignedJwt signedJwt)
    Construct an signed JWT from an existent one.

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    build()
    Builds the JWT into a String by following the steps specified in the relevant specification according to whether the JWT is being signed and/or encrypted.
    SignedJwt
    copy()
    Create a copy of the current JWT.
    JwtClaimsSet
    getClaimsSet()
    Gets the claims set object for the Jwt, which contains all of the claims (name value pairs) conveyed by the JWT.
    JwsHeader
    getHeader()
    Gets the header object for the JWT, which contains properties which describe the cryptographic operations applied to the JWT, among other properties.
    protected Payload
    getPayload()
    Gets the payload for the JWS, which will either be a JWT Claims Set, getClaimsSet(), or a nested EncryptedJwt, EncryptedJwt.
    boolean
    verify(SigningHandler signingHandler)
    Verifies that the JWS signature is valid for the contents of its payload.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • SignedJwt

      public SignedJwt(JwsHeader header, JwtClaimsSet claimsSet, SigningHandler signingHandler)
      Constructs a fresh, new SignedJwt from the given JwsHeader and JwtClaimsSet.

      The specified private key will be used in the creation of the JWS signature.

      Parameters:
      header - The JwsHeader containing the header parameters of the JWS.
      claimsSet - The JwtClaimsSet containing the claims of the JWS.
      signingHandler - The SigningHandler instance used to sign the JWS.

    • SignedJwt

      protected SignedJwt(SignedJwt signedJwt)
      Construct an signed JWT from an existent one.
      Parameters:
      signedJwt - the signed JWT

    • SignedJwt

      public SignedJwt(JwsHeader header, JwtClaimsSet claimsSet, byte[] signingInput, byte[] signature)
      Constructs a reconstructed SignedJwt from its constituent parts, the JwsHeader, JwtClaimsSet, signing input and signature.

      For use when a signed JWT has been reconstructed from its base64url encoded string representation and the signature needs verifying.

      Parameters:
      header - The JwsHeader containing the header parameters of the JWS.
      claimsSet - The JwsClaimsSet containing the claims of the JWS.
      signingInput - The original data that was signed, being the base64url encoding of the JWS header and claims set concatenated using a "." character.
      signature - The resulting signature of signing the signing input.

    • SignedJwt

      protected SignedJwt(JwsHeader header, Payload nestedPayload, SigningHandler signingHandler)
      Constructs a fresh, new SignedJwt from the given JwsHeader and nested Encrypted JWT.

      The specified private key will be used in the creation of the JWS signature.

      Parameters:
      header - The JwsHeader containing the header parameters of the JWS.
      nestedPayload - The nested payload that will be the payload of this JWS.
      signingHandler - The SigningHandler instance used to sign the JWS.

    • SignedJwt

      protected SignedJwt(JwsHeader header, Payload nestedPayload, byte[] signingInput, byte[] signature)
      Constructs a reconstructed SignedJwt from its constituent parts, the JwsHeader, nested Encrypted JWT, signing input and signature.

      For use when a signed nested encrypted JWT has been reconstructed from its base64url encoded string representation and the signature needs verifying.

      Parameters:
      header - The JwsHeader containing the header parameters of the JWS.
      nestedPayload - The nested payload that is the payload of the JWS.
      signingInput - The original data that was signed, being the base64url encoding of the JWS header and payload concatenated using a "." character.
      signature - The resulting signature of signing the signing input.

  • Method Details

    • getHeader

      public JwsHeader getHeader()
      Gets the header object for the JWT, which contains properties which describe the cryptographic operations applied to the JWT, among other properties.

      When the JWT is digitally signed or MACed, the JWT Header is a JWS Header. When the JWT is encrypted, the JWT Header is a JWE Header.

      Specified by:
      getHeader in interface Jwt
      Returns:
      The JWTs Header.

    • getClaimsSet

      public JwtClaimsSet getClaimsSet()
      Gets the claims set object for the Jwt, which contains all of the claims (name value pairs) conveyed by the JWT.
      Specified by:
      getClaimsSet in interface Jwt
      Returns:
      The JWTs Claims Set.

    • getPayload

      protected Payload getPayload()
      Gets the payload for the JWS, which will either be a JWT Claims Set, getClaimsSet(), or a nested EncryptedJwt, EncryptedJwt.
      Returns:
      The JWS' payload.
      See Also:

    • build

      public String build()
      Builds the JWT into a String by following the steps specified in the relevant specification according to whether the JWT is being signed and/or encrypted.

      Specified by:
      build in interface Jwt
      Specified by:
      build in interface Payload
      Returns:
      The base64url encoded UTF-8 parts of the JWT.
      See Also:

    • copy

      public SignedJwt copy()
      Description copied from interface: Jwt
      Create a copy of the current JWT.
      Specified by:
      copy in interface Jwt
      Specified by:
      copy in interface Payload
      Returns:
      a copy of the JWT.

    • verify

      public boolean verify(SigningHandler signingHandler)
      Verifies that the JWS signature is valid for the contents of its payload.

      The same private key must be given here as was used to create the signature.

      Parameters:
      signingHandler - The SigningHandler instance used to verify the JWS.
      Returns:
      true if the signature matches the JWS Header and payload.