Class JsonWebSignature

java.lang.Object
com.google.api.client.json.webtoken.JsonWebToken
com.google.api.client.json.webtoken.JsonWebSignature

public class JsonWebSignature extends JsonWebToken
JSON Web Signature (JWS).

Sample usage:

  public static void printPayload(JsonFactory jsonFactory, String tokenString) throws IOException {
    JsonWebSignature jws = JsonWebSignature.parse(jsonFactory, tokenString);
    System.out.println(jws.getPayload());
  }
 

Implementation is not thread-safe.

Since:
1.14 (since 1.7 as com.google.api.client.auth.jsontoken.JsonWebSignature)
  • Field Details

    • signatureBytes

      private final byte[] signatureBytes
      Bytes of the signature.
    • signedContentBytes

      private final byte[] signedContentBytes
      Bytes of the signature content.
  • Constructor Details

    • JsonWebSignature

      public JsonWebSignature(JsonWebSignature.Header header, JsonWebToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)
      Parameters:
      header - header
      payload - payload
      signatureBytes - bytes of the signature
      signedContentBytes - bytes of the signature content
  • Method Details

    • getHeader

      public JsonWebSignature.Header getHeader()
      Description copied from class: JsonWebToken
      Returns the header.

      Overriding is only supported for the purpose of calling the super implementation and changing the return type, but nothing else.

      Overrides:
      getHeader in class JsonWebToken
    • verifySignature

      public final boolean verifySignature(PublicKey publicKey) throws GeneralSecurityException
      Verifies the signature of the content.

      Currently only "RS256" algorithm is verified, but others may be added in the future. For any other algorithm it returns false.

      Parameters:
      publicKey - public key
      Returns:
      whether the algorithm is recognized and it is verified
      Throws:
      GeneralSecurityException
    • verifySignature

      @Beta public final X509Certificate verifySignature(X509TrustManager trustManager) throws GeneralSecurityException
      Beta
      Verifies the signature of the content using the certificate chain embedded in the signature.

      Currently only "RS256" algorithm is verified, but others may be added in the future. For any other algorithm it returns null.

      The leaf certificate of the certificate chain must be an SSL server certificate.

      Parameters:
      trustManager - Trust manager used to verify the X509 certificate chain embedded in this message.
      Returns:
      The signature certificate if the signature could be verified, null otherwise.
      Throws:
      GeneralSecurityException
      Since:
      1.19.1.
    • verifySignature

      @Beta public final X509Certificate verifySignature() throws GeneralSecurityException
      Beta
      Verifies the signature of the content using the certificate chain embedded in the signature.

      Currently only "RS256" algorithm is verified, but others may be added in the future. For any other algorithm it returns null.

      The certificate chain is verified using the system default trust manager.

      The leaf certificate of the certificate chain must be an SSL server certificate.

      Returns:
      The signature certificate if the signature could be verified, null otherwise.
      Throws:
      GeneralSecurityException
      Since:
      1.19.1.
    • getDefaultX509TrustManager

      private static X509TrustManager getDefaultX509TrustManager()
    • getSignatureBytes

      public final byte[] getSignatureBytes()
      Returns the modifiable array of bytes of the signature.
    • getSignedContentBytes

      public final byte[] getSignedContentBytes()
      Returns the modifiable array of bytes of the signature content.
    • parse

      public static JsonWebSignature parse(JsonFactory jsonFactory, String tokenString) throws IOException
      Parses the given JWS token string and returns the parsed JsonWebSignature.
      Parameters:
      jsonFactory - JSON factory
      tokenString - JWS token string
      Returns:
      parsed JWS
      Throws:
      IOException
    • parser

      public static JsonWebSignature.Parser parser(JsonFactory jsonFactory)
      Returns a new instance of a JWS parser.
    • signUsingRsaSha256

      public static String signUsingRsaSha256(PrivateKey privateKey, JsonFactory jsonFactory, JsonWebSignature.Header header, JsonWebToken.Payload payload) throws GeneralSecurityException, IOException
      Signs a given JWS header and payload based on the given private key using RSA and SHA-256 as described in JWS using RSA SHA-256.
      Parameters:
      privateKey - private key
      jsonFactory - JSON factory
      header - JWS header
      payload - JWS payload
      Returns:
      signed JWS string
      Throws:
      GeneralSecurityException
      IOException
      Since:
      1.14 (since 1.7 as com.google.api.client.auth.jsontoken.RsaSHA256Signer)