Package com.google.api.client.json.webtoken

Class JsonWebSignature

  • public class JsonWebSignature
extends JsonWebToken
    JSON Web Signature (JWS).

    Sample usage: 

      public static void printPayload(JsonFactory jsonFactory, String tokenString) throws IOException {
    JsonWebSignature jws = JsonWebSignature.parse(jsonFactory, tokenString);
    System.out.println(jws.getPayload());
  }

    Implementation is not thread-safe.

    Since:
    1.14 (since 1.7 as com.google.api.client.auth.jsontoken.JsonWebSignature)

    • Field Detail

      • signatureBytes

        private final byte[] signatureBytes
        Bytes of the signature.

      • signedContentBytes

        private final byte[] signedContentBytes
        Bytes of the signature content.

    • Constructor Detail

      • JsonWebSignature

        public JsonWebSignature​(JsonWebSignature.Header header,
                        JsonWebToken.Payload payload,
                        byte[] signatureBytes,
                        byte[] signedContentBytes)
        Parameters:
        header - header
        payload - payload
        signatureBytes - bytes of the signature
        signedContentBytes - bytes of the signature content

    • Method Detail

      • getHeader

        public JsonWebSignature.Header getHeader()
        Description copied from class: JsonWebToken
        Returns the header.

        Overriding is only supported for the purpose of calling the super implementation and changing the return type, but nothing else.

        Overrides:
        getHeader in class JsonWebToken

      • verifySignature

        public final boolean verifySignature​(java.security.PublicKey publicKey)
                              throws java.security.GeneralSecurityException
        Verifies the signature of the content.

        Currently only "RS256" algorithm is verified, but others may be added in the future. For any other algorithm it returns false.

        Parameters:
        publicKey - public key
        Returns:
        whether the algorithm is recognized and it is verified
        Throws:
        java.security.GeneralSecurityException

      • verifySignature

        @Beta
public final java.security.cert.X509Certificate verifySignature​(javax.net.ssl.X509TrustManager trustManager)
                                                         throws java.security.GeneralSecurityException
        Beta
        Verifies the signature of the content using the certificate chain embedded in the signature.

        Currently only "RS256" algorithm is verified, but others may be added in the future. For any other algorithm it returns null.

        The leaf certificate of the certificate chain must be an SSL server certificate.

        Parameters:
        trustManager - Trust manager used to verify the X509 certificate chain embedded in this message.
        Returns:
        The signature certificate if the signature could be verified, null otherwise.
        Throws:
        java.security.GeneralSecurityException
        Since:
        1.19.1.

      • verifySignature

        @Beta
public final java.security.cert.X509Certificate verifySignature()
                                                         throws java.security.GeneralSecurityException
        Beta
        Verifies the signature of the content using the certificate chain embedded in the signature.

        Currently only "RS256" algorithm is verified, but others may be added in the future. For any other algorithm it returns null.

        The certificate chain is verified using the system default trust manager.

        The leaf certificate of the certificate chain must be an SSL server certificate.

        Returns:
        The signature certificate if the signature could be verified, null otherwise.
        Throws:
        java.security.GeneralSecurityException
        Since:
        1.19.1.

      • getDefaultX509TrustManager

        private static javax.net.ssl.X509TrustManager getDefaultX509TrustManager()

      • getSignatureBytes

        public final byte[] getSignatureBytes()
        Returns the modifiable array of bytes of the signature.

      • getSignedContentBytes

        public final byte[] getSignedContentBytes()
        Returns the modifiable array of bytes of the signature content.

      • parse

        public static JsonWebSignature parse​(JsonFactory jsonFactory,
                                     java.lang.String tokenString)
                              throws java.io.IOException
        Parses the given JWS token string and returns the parsed JsonWebSignature.
        Parameters:
        jsonFactory - JSON factory
        tokenString - JWS token string
        Returns:
        parsed JWS
        Throws:
        java.io.IOException

      • signUsingRsaSha256

        public static java.lang.String signUsingRsaSha256​(java.security.PrivateKey privateKey,
                                                  JsonFactory jsonFactory,
                                                  JsonWebSignature.Header header,
                                                  JsonWebToken.Payload payload)
                                           throws java.security.GeneralSecurityException,
                                                  java.io.IOException
        Signs a given JWS header and payload based on the given private key using RSA and SHA-256 as described in JWS using RSA SHA-256.
        Parameters:
        privateKey - private key
        jsonFactory - JSON factory
        header - JWS header
        payload - JWS payload
        Returns:
        signed JWS string
        Throws:
        java.security.GeneralSecurityException
        java.io.IOException
        Since:
        1.14 (since 1.7 as com.google.api.client.auth.jsontoken.RsaSHA256Signer)