Interface JWS

All Known Subinterfaces:
JWT

public interface JWS
JWS represents a parsed JWS (JSON Web Signature) Object.

A JWS consists of three sections:

Header

The header consist of two parts:

  • declaring the type, which is JWT
  • the hashing algorithm used, e.g HMAC SHA256
An example header:
 {
  "type": "JWT",
  "alg": "HS256"
 }
 

Payload

The payload contains the data for the JWS.This can be any string representation or JSON formatted string
An example payload:

 {
  "iss": "ebasetech.com",
  "exp": 1300819380,
  "name": "John Doe",
  "admin": true
 }
 

Signature The third and final part of our JSON Web Token is going to be the signature. The signature is omitted if the algorithm in the header is set to none. The signature is created by signing the concatenated base64Encoded header and payload:

Example of a HS256 signature:

 
 var encodedString = base64UrlEncode(header) + "." + base64UrlEncode(payload);
 
 HMACSHA256(encodedString, 'secret');
 
Since:
V5.7
  • Method Summary

    Modifier and Type Method Description
    JWSHeader getHeader()
    Return the JWS header for the JWS
    java.lang.String getPayload()
    Return payload as a string.
    java.lang.String getSignature()
    Return the signature for the JWS or JWT
    boolean isSigned()
    Return true if the specified JWT compact string represents a signed JWS, false otherwise.
    boolean verifyFileJWKSet​(java.lang.String filename)
    The public RSA keys to validate the signatures will be sourced from the OAuth 2.0 server's JWK set, published at a well-known URL
    boolean verifyFromKeyStore​(java.lang.String keystore, java.lang.String password)
    Validates the signature using a specified KeyStore location and password.
    boolean verifyHMAC​(javax.crypto.SecretKey secret)
    Verify HMAC signature with a specified SecretKey
    boolean verifyInputStreamJWKSet​(java.io.InputStream is)
    The public RSA keys to validate the signatures will be sourced from the OAuth 2.0 server's JWK set, published at a well-known URL
    boolean verifyPublicKey​(java.security.PublicKey publickKey)
    Verify RSA signature with a specified PublicKey
    boolean verifyRemoteJWKSet​(java.lang.String url)
    Verify the signature using the OAuth 2.0 server's JSON Web Key Set (JWKS) endpoint.
  • Method Details

    • getHeader

      JWSHeader getHeader()
      Return the JWS header for the JWS
      Since:
      V5.7
    • getSignature

      java.lang.String getSignature()
      Return the signature for the JWS or JWT
      Since:
      V5.7
    • isSigned

      boolean isSigned()
      Return true if the specified JWT compact string represents a signed JWS, false otherwise.
      Since:
      V5.7
    • getPayload

      java.lang.String getPayload() throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException
      Return payload as a string.
      Throws:
      com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException - thrown if the payload is invalid
      Since:
      V5.7
    • verifyHMAC

      boolean verifyHMAC​(javax.crypto.SecretKey secret) throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException
      Verify HMAC signature with a specified SecretKey
      Returns:
      true if token signature is verified
      Throws:
      com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException - thrown if the payload is invalid
      Since:
      V5.7
    • verifyPublicKey

      boolean verifyPublicKey​(java.security.PublicKey publickKey) throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException
      Verify RSA signature with a specified PublicKey
      Returns:
      true if token signature is verified
      Throws:
      com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException - thrown if the payload is invalid
      Since:
      V5.7
    • verifyRemoteJWKSet

      boolean verifyRemoteJWKSet​(java.lang.String url) throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException
      Verify the signature using the OAuth 2.0 server's JSON Web Key Set (JWKS) endpoint. Example URL: http://YOUR_DOMAIN/oauth/.well-known/openid-configuration
      Returns:
      true if token signature is verified
      Throws:
      com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException - thrown if the payload is invalid
      Since:
      V5.7
    • verifyFromKeyStore

      boolean verifyFromKeyStore​(java.lang.String keystore, java.lang.String password) throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException
      Validates the signature using a specified KeyStore location and password.
      Returns:
      true if token signature is verified
      Throws:
      com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException - thrown if the payload is invalid
      Since:
      V5.7
    • verifyFileJWKSet

      boolean verifyFileJWKSet​(java.lang.String filename) throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException
      The public RSA keys to validate the signatures will be sourced from the OAuth 2.0 server's JWK set, published at a well-known URL
      Returns:
      true if token signature is verified
      Throws:
      com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException - thrown if the payload is invalid
      Since:
      V5.7
    • verifyInputStreamJWKSet

      boolean verifyInputStreamJWKSet​(java.io.InputStream is) throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException
      The public RSA keys to validate the signatures will be sourced from the OAuth 2.0 server's JWK set, published at a well-known URL
      Returns:
      true if token signature is verified
      Throws:
      com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException - thrown if the payload is invalid
      Since:
      V5.7