Package org.springframework.security.oauth2.jwt

Class JwsHeader

java.lang.Object

org.springframework.security.oauth2.jwt.JwsHeader

public final class JwsHeader
extends Object

The JSON Web Signature (JWS) header is a JSON object representing the header parameters of a JSON Web Token, that describe the cryptographic operations used to digitally sign or create a MAC of the contents of the JWS Protected Header and JWS Payload.

Since:

5.6

See Also:

• JWS JOSE Header

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	JwsHeader.Builder	A builder for JwsHeader.

Method Summary

Modifier and Type	Method	Description
static JwsHeader.Builder	from(JwsHeader headers)	Returns a new JwsHeader.Builder, initialized with the provided headers.
JwsAlgorithm	getAlgorithm()	Returns the JWA algorithm used to digitally sign the JWS or encrypt the JWE.
String	getContentType()	Returns the content type header that declares the media type of the secured content (the payload).
Set<String>	getCritical()	Returns the critical headers that indicates which extensions to the JWS/JWE/JWA specifications are being used that MUST be understood and processed.
<T> T	getHeader(String name)	Returns the header value.
Map<String,Object>	getHeaders()	Returns the headers.
Map<String,Object>	getJwk()	Returns the JSON Web Key which is the public key that corresponds to the key used to digitally sign the JWS or encrypt the JWE.
URL	getJwkSetUrl()	Returns the JWK Set URL that refers to the resource of a set of JSON-encoded public keys, one of which corresponds to the key used to digitally sign the JWS or encrypt the JWE.
String	getKeyId()	Returns the key ID that is a hint indicating which key was used to secure the JWS or JWE.
String	getType()	Returns the type header that declares the media type of the JWS/JWE.
List<String>	getX509CertificateChain()	Returns the X.509 certificate chain that contains the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE.
String	getX509SHA1Thumbprint()	Deprecated. The SHA-1 algorithm has been proven to be vulnerable to collision attacks and should not be used.
String	getX509SHA256Thumbprint()	Returns the X.509 certificate SHA-256 thumbprint that is a base64url-encoded SHA-256 thumbprint (a.k.a.
URL	getX509Url()	Returns the X.509 URL that refers to the resource for the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE.
static JwsHeader.Builder	with(JwsAlgorithm jwsAlgorithm)	Returns a new JwsHeader.Builder, initialized with the provided JwsAlgorithm.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

getAlgorithm

public JwsAlgorithm getAlgorithm()

Returns the JWA algorithm used to digitally sign the JWS or encrypt the JWE.

Returns:

the JwaAlgorithm

with

public static JwsHeader.Builder with(JwsAlgorithm jwsAlgorithm)

Returns a new JwsHeader.Builder, initialized with the provided JwsAlgorithm.

Parameters:

jwsAlgorithm - the JwsAlgorithm

Returns:

the JwsHeader.Builder

from

public static JwsHeader.Builder from(JwsHeader headers)

Returns a new JwsHeader.Builder, initialized with the provided headers.

Parameters:

headers - the headers

Returns:

the JwsHeader.Builder

getJwkSetUrl

public URL getJwkSetUrl()

Returns the JWK Set URL that refers to the resource of a set of JSON-encoded public keys, one of which corresponds to the key used to digitally sign the JWS or encrypt the JWE.

Returns:

the JWK Set URL

getJwk

public Map<String,Object> getJwk()

Returns the JSON Web Key which is the public key that corresponds to the key used to digitally sign the JWS or encrypt the JWE.

Returns:

the JSON Web Key

getKeyId

public String getKeyId()

Returns the key ID that is a hint indicating which key was used to secure the JWS or JWE.

Returns:

the key ID

getX509Url

public URL getX509Url()

Returns the X.509 URL that refers to the resource for the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE.

Returns:

the X.509 URL

getX509CertificateChain

public List<String> getX509CertificateChain()

Returns the X.509 certificate chain that contains the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE. The certificate or certificate chain is represented as a List of certificate value Strings. Each String in the List is a Base64-encoded DER PKIX certificate value.

Returns:

the X.509 certificate chain

getX509SHA1Thumbprint

@Deprecated
public String getX509SHA1Thumbprint()

Deprecated.

The SHA-1 algorithm has been proven to be vulnerable to collision attacks and should not be used. See the Google Security Blog for more info.

Returns the X.509 certificate SHA-1 thumbprint that is a base64url-encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of the X.509 certificate corresponding to the key used to digitally sign the JWS or encrypt the JWE.

Returns:

the X.509 certificate SHA-1 thumbprint

See Also:

• Announcing the first SHA1 collision

getX509SHA256Thumbprint

public String getX509SHA256Thumbprint()

Returns the X.509 certificate SHA-256 thumbprint that is a base64url-encoded SHA-256 thumbprint (a.k.a. digest) of the DER encoding of the X.509 certificate corresponding to the key used to digitally sign the JWS or encrypt the JWE.

Returns:

the X.509 certificate SHA-256 thumbprint

getType

public String getType()

Returns the type header that declares the media type of the JWS/JWE.

Returns:

the type header

getContentType

public String getContentType()

Returns the content type header that declares the media type of the secured content (the payload).

Returns:

the content type header

getCritical

public Set<String> getCritical()

Returns the critical headers that indicates which extensions to the JWS/JWE/JWA specifications are being used that MUST be understood and processed.

Returns:

the critical headers

getHeaders

public Map<String,Object> getHeaders()

Returns the headers.

Returns:

the headers

getHeader

public <T> T getHeader(String name)

Returns the header value.

Type Parameters:

T - the type of the header value

Parameters:

name - the header name

Returns:

the header value