com.google.api.client.json.webtoken

Class JsonWebSignature

java.lang.Object

com.google.api.client.json.webtoken.JsonWebToken

com.google.api.client.json.webtoken.JsonWebSignature

public class JsonWebSignature
extends JsonWebToken

JSON Web Signature(JWS).

Sample usage:

 public static void printPayload(JsonFactory jsonFactory, String tokenString) throws IOException {
   JsonWebSignature jws = JsonWebSignature.parse(jsonFactory, tokenString);
   System.out.println(jws.getPayload());
 }
 

Implementation is not thread-safe.

Since:

1.14 (since 1.7 as com.google.api.client.auth.jsontoken.JsonWebSignature)

Author:

Yaniv Inbar

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	JsonWebSignature.Header Header as specified in Reserved Header Parameter Names.
static class	JsonWebSignature.Parser JWS parser.

Nested classes/interfaces inherited from class com.google.api.client.json.webtoken.JsonWebToken

JsonWebToken.Payload

Constructor Summary

Constructors

Constructor and Description
JsonWebSignature(JsonWebSignature.Header header, JsonWebToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)

Method Summary

Modifier and Type	Method and Description
JsonWebSignature.Header	getHeader() Returns the header.
byte[]	getSignatureBytes() Returns the bytes of the signature.
byte[]	getSignedContentBytes() Returns the bytes of the signature content.
static JsonWebSignature	parse(JsonFactory jsonFactory, String tokenString) Parses the given JWS token string and returns the parsed JsonWebSignature.
static JsonWebSignature.Parser	parser(JsonFactory jsonFactory) Returns a new instance of a JWS parser.
static String	signUsingRsaSha256(PrivateKey privateKey, JsonFactory jsonFactory, JsonWebSignature.Header header, JsonWebToken.Payload payload) Signs a given JWS header and payload based on the given private key using RSA and SHA-256 as described in JWS using RSA SHA-256.
X509Certificate	verifySignature() Beta Verifies the signature of the content using the certificate chain embedded in the signature.
boolean	verifySignature(PublicKey publicKey) Verifies the signature of the content.
X509Certificate	verifySignature(X509TrustManager trustManager) Beta Verifies the signature of the content using the certificate chain embedded in the signature.

Methods inherited from class com.google.api.client.json.webtoken.JsonWebToken

getPayload, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

JsonWebSignature

public JsonWebSignature(JsonWebSignature.Header header,
                        JsonWebToken.Payload payload,
                        byte[] signatureBytes,
                        byte[] signedContentBytes)

Parameters:

header - header

payload - payload

signatureBytes - bytes of the signature

signedContentBytes - bytes of the signed content

Method Detail

getHeader

public JsonWebSignature.Header getHeader()

Description copied from class: JsonWebToken

Returns the header.

Overriding is only supported for the purpose of calling the super implementation and changing the return type, but nothing else.

Overrides:

getHeader in class JsonWebToken

verifySignature

public final boolean verifySignature(PublicKey publicKey)
                              throws GeneralSecurityException

Verifies the signature of the content.

Currently only "RS256" and "ES256" algorithms are verified, but others may be added in the future. For any other algorithm it returns false.

Parameters:

publicKey - public key

Returns:

whether the algorithm is recognized and it is verified

Throws:

GeneralSecurityException

verifySignature

@Beta
public final X509Certificate verifySignature(X509TrustManager trustManager)
                                            throws GeneralSecurityException

Beta
Verifies the signature of the content using the certificate chain embedded in the signature.

Currently only "RS256" and "ES256" algorithms are verified, but others may be added in the future. For any other algorithm it returns null.

The leaf certificate of the certificate chain must be an SSL server certificate.

Parameters:

trustManager - trust manager used to verify the X509 certificate chain embedded in this message

Returns:

the signature certificate if the signature could be verified, null otherwise

Throws:

GeneralSecurityException

Since:

1.19.1

verifySignature

@Beta
public final X509Certificate verifySignature()
                                            throws GeneralSecurityException

Beta
Verifies the signature of the content using the certificate chain embedded in the signature.

Currently only "RS256" algorithm is verified, but others may be added in the future. For any other algorithm it returns null.

The certificate chain is verified using the system default trust manager.

The leaf certificate of the certificate chain must be an SSL server certificate.

Returns:

the signature certificate if the signature could be verified, null otherwise

Throws:

GeneralSecurityException

Since:

1.19.1.

getSignatureBytes

public final byte[] getSignatureBytes()

Returns the bytes of the signature.

getSignedContentBytes

public final byte[] getSignedContentBytes()

Returns the bytes of the signature content.

parse

public static JsonWebSignature parse(JsonFactory jsonFactory,
                                     String tokenString)
                              throws IOException

Parses the given JWS token string and returns the parsed JsonWebSignature.

Parameters:

jsonFactory - JSON factory

tokenString - JWS token string

Returns:

parsed JWS

Throws:

IOException

parser

public static JsonWebSignature.Parser parser(JsonFactory jsonFactory)

Returns a new instance of a JWS parser.

signUsingRsaSha256

public static String signUsingRsaSha256(PrivateKey privateKey,
                                        JsonFactory jsonFactory,
                                        JsonWebSignature.Header header,
                                        JsonWebToken.Payload payload)
                                 throws GeneralSecurityException,
                                        IOException

Signs a given JWS header and payload based on the given private key using RSA and SHA-256 as described in JWS using RSA SHA-256.

Parameters:

privateKey - private key

jsonFactory - JSON factory

header - JWS header

payload - JWS payload

Returns:

signed JWS string

Throws:

GeneralSecurityException

IOException

Since:

1.14 (since 1.7 as com.google.api.client.auth.jsontoken.RsaSHA256Signer)