Package com.nimbusds.jose.crypto
Class ECDSAVerifier
- java.lang.Object
-
- com.nimbusds.jose.crypto.impl.BaseJWSProvider
-
- com.nimbusds.jose.crypto.impl.ECDSAProvider
-
- com.nimbusds.jose.crypto.ECDSAVerifier
-
- All Implemented Interfaces:
CriticalHeaderParamsAware
,JCAAware<JCAContext>
,JOSEProvider
,JWSProvider
,JWSVerifier
@ThreadSafe public class ECDSAVerifier extends ECDSAProvider implements JWSVerifier, CriticalHeaderParamsAware
Elliptic Curve Digital Signature Algorithm (ECDSA) verifier ofJWS objects
. Expects a public EC key (with a P-256, P-384, P-521 or secp256k1 curve).See RFC 7518 section 3.4 for more information.
This class is thread-safe.
Supports the following algorithms:
- Version:
- 2022-04-22
- Author:
- Axel Nennker, Vladimir Dzhuvinov
-
-
Field Summary
-
Fields inherited from class com.nimbusds.jose.crypto.impl.ECDSAProvider
SUPPORTED_ALGORITHMS
-
-
Constructor Summary
Constructors Constructor Description ECDSAVerifier(ECKey ecJWK)
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.ECDSAVerifier(ECPublicKey publicKey)
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.ECDSAVerifier(ECPublicKey publicKey, Set<String> defCritHeaders)
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Set<String>
getDeferredCriticalHeaderParams()
Returns the names of the critical (crit
) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.Set<String>
getProcessedCriticalHeaderParams()
Returns the names of the critical (crit
) header parameters that are understood and processed by the JWS verifier / JWE decrypter.ECPublicKey
getPublicKey()
Returns the public EC key.boolean
verify(JWSHeader header, byte[] signedContent, Base64URL signature)
Verifies the specifiedsignature
of aJWS object
.-
Methods inherited from class com.nimbusds.jose.crypto.impl.ECDSAProvider
supportedECDSAAlgorithm
-
Methods inherited from class com.nimbusds.jose.crypto.impl.BaseJWSProvider
getJCAContext, supportedJWSAlgorithms
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.nimbusds.jose.jca.JCAAware
getJCAContext
-
Methods inherited from interface com.nimbusds.jose.JWSProvider
supportedJWSAlgorithms
-
-
-
-
Constructor Detail
-
ECDSAVerifier
public ECDSAVerifier(ECPublicKey publicKey) throws JOSEException
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.- Parameters:
publicKey
- The public EC key. Must not benull
.- Throws:
JOSEException
- If the elliptic curve of key is not supported.
-
ECDSAVerifier
public ECDSAVerifier(ECKey ecJWK) throws JOSEException
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.- Parameters:
ecJWK
- The EC JSON Web Key (JWK). Must not benull
.- Throws:
JOSEException
- If the elliptic curve of key is not supported.
-
ECDSAVerifier
public ECDSAVerifier(ECPublicKey publicKey, Set<String> defCritHeaders) throws JOSEException
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) verifier.- Parameters:
publicKey
- The public EC key. Must not benull
.defCritHeaders
- The names of the critical header parameters that are deferred to the application for processing, empty set ornull
if none.- Throws:
JOSEException
- If the elliptic curve of key is not supported.
-
-
Method Detail
-
getPublicKey
public ECPublicKey getPublicKey()
Returns the public EC key.- Returns:
- The public EC key.
-
getProcessedCriticalHeaderParams
public Set<String> getProcessedCriticalHeaderParams()
Description copied from interface:CriticalHeaderParamsAware
Returns the names of the critical (crit
) header parameters that are understood and processed by the JWS verifier / JWE decrypter.- Specified by:
getProcessedCriticalHeaderParams
in interfaceCriticalHeaderParamsAware
- Returns:
- The names of the critical header parameters that are understood and processed, empty set if none.
-
getDeferredCriticalHeaderParams
public Set<String> getDeferredCriticalHeaderParams()
Description copied from interface:CriticalHeaderParamsAware
Returns the names of the critical (crit
) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.- Specified by:
getDeferredCriticalHeaderParams
in interfaceCriticalHeaderParamsAware
- Returns:
- The names of the critical header parameters that are deferred to the application for processing, empty set if none.
-
verify
public boolean verify(JWSHeader header, byte[] signedContent, Base64URL signature) throws JOSEException
Description copied from interface:JWSVerifier
Verifies the specifiedsignature
of aJWS object
.- Specified by:
verify
in interfaceJWSVerifier
- Parameters:
header
- The JSON Web Signature (JWS) header. Must specify a supported JWS algorithm and must not benull
.signedContent
- The signing input. Must not benull
.signature
- The signature part of the JWS object. Must not benull
.- Returns:
true
if the signature was successfully verified,false
if the signature is invalid or if a critical header is neither supported nor marked for deferral to the application.- Throws:
JOSEException
- If the JWS algorithm is not supported, or if signature verification failed for some other internal reason.
-
-