Package com.ebasetech.xi.api
Interface JWS
- All Known Subinterfaces:
JWT
public interface JWS
JWS
represents a parsed JWS (JSON Web Signature) Object.
A JWS consists of three sections:
Header
The header consist of two parts:
- declaring the type, which is JWT
- the hashing algorithm used, e.g HMAC SHA256
{ "type": "JWT", "alg": "HS256" }
Payload
The payload contains the data for the JWS.This can be any string representation or JSON formatted string
An example payload:
{ "iss": "ebasetech.com", "exp": 1300819380, "name": "John Doe", "admin": true }
Signature The third and final part of our JSON Web Token is going to be the signature. The signature is omitted if the algorithm in the header is set to none. The signature is created by signing the concatenated base64Encoded header and payload:
Example of a HS256 signature:
var encodedString = base64UrlEncode(header) + "." + base64UrlEncode(payload); HMACSHA256(encodedString, 'secret');
- Since:
- V5.7
-
Method Summary
Modifier and Type Method Description JWSHeader
getHeader()
Return the JWS header for the JWSjava.lang.String
getPayload()
Return payload as a string.java.lang.String
getSignature()
Return the signature for the JWS or JWTboolean
isSigned()
Return true if the specified JWT compact string represents a signed JWS, false otherwise.boolean
verifyFileJWKSet(java.lang.String filename)
The public RSA keys to validate the signatures will be sourced from the OAuth 2.0 server's JWK set, published at a well-known URLboolean
verifyFromKeyStore(java.lang.String keystore, java.lang.String password)
Validates the signature using a specified KeyStore location and password.boolean
verifyHMAC(javax.crypto.SecretKey secret)
Verify HMAC signature with a specified SecretKeyboolean
verifyInputStreamJWKSet(java.io.InputStream is)
The public RSA keys to validate the signatures will be sourced from the OAuth 2.0 server's JWK set, published at a well-known URLboolean
verifyPublicKey(java.security.PublicKey publickKey)
Verify RSA signature with a specified PublicKeyboolean
verifyRemoteJWKSet(java.lang.String url)
Verify the signature using the OAuth 2.0 server's JSON Web Key Set (JWKS) endpoint.
-
Method Details
-
getHeader
JWSHeader getHeader()Return the JWS header for the JWS- Since:
- V5.7
-
getSignature
java.lang.String getSignature()Return the signature for the JWS or JWT- Since:
- V5.7
-
isSigned
boolean isSigned()Return true if the specified JWT compact string represents a signed JWS, false otherwise.- Since:
- V5.7
-
getPayload
java.lang.String getPayload() throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenExceptionReturn payload as a string.- Throws:
com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException
- thrown if the payload is invalid- Since:
- V5.7
-
verifyHMAC
boolean verifyHMAC(javax.crypto.SecretKey secret) throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenExceptionVerify HMAC signature with a specified SecretKey- Returns:
- true if token signature is verified
- Throws:
com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException
- thrown if the payload is invalid- Since:
- V5.7
-
verifyPublicKey
boolean verifyPublicKey(java.security.PublicKey publickKey) throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenExceptionVerify RSA signature with a specified PublicKey- Returns:
- true if token signature is verified
- Throws:
com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException
- thrown if the payload is invalid- Since:
- V5.7
-
verifyRemoteJWKSet
boolean verifyRemoteJWKSet(java.lang.String url) throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenExceptionVerify the signature using the OAuth 2.0 server's JSON Web Key Set (JWKS) endpoint. Example URL: http://YOUR_DOMAIN/oauth/.well-known/openid-configuration- Returns:
- true if token signature is verified
- Throws:
com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException
- thrown if the payload is invalid- Since:
- V5.7
-
verifyFromKeyStore
boolean verifyFromKeyStore(java.lang.String keystore, java.lang.String password) throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenExceptionValidates the signature using a specified KeyStore location and password.- Returns:
- true if token signature is verified
- Throws:
com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException
- thrown if the payload is invalid- Since:
- V5.7
-
verifyFileJWKSet
boolean verifyFileJWKSet(java.lang.String filename) throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenExceptionThe public RSA keys to validate the signatures will be sourced from the OAuth 2.0 server's JWK set, published at a well-known URL- Returns:
- true if token signature is verified
- Throws:
com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException
- thrown if the payload is invalid- Since:
- V5.7
-
verifyInputStreamJWKSet
boolean verifyInputStreamJWKSet(java.io.InputStream is) throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenExceptionThe public RSA keys to validate the signatures will be sourced from the OAuth 2.0 server's JWK set, published at a well-known URL- Returns:
- true if token signature is verified
- Throws:
com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException
- thrown if the payload is invalid- Since:
- V5.7
-