com.ebasetech.xi.api

Interface JWS

All Known Subinterfaces:

JWT

public interface JWS

JWS represents a parsed JWS (JSON Web Signature) Object.

A JWS consists of three sections:

Header

The header consist of two parts:

• declaring the type, which is JWT
• the hashing algorithm used, e.g HMAC SHA256

An example header:

 {
  "type": "JWT",
  "alg": "HS256"
 }
 

Payload

The payload contains the data for the JWS.This can be any string representation or JSON formatted string
An example payload:

 {
  "iss": "ebasetech.com",
  "exp": 1300819380,
  "name": "John Doe",
  "admin": true
 }
 

Signature The third and final part of our JSON Web Token is going to be the signature. The signature is omitted if the algorithm in the header is set to none. The signature is created by signing the concatenated base64Encoded header and payload:

Example of a HS256 signature:

 
 var encodedString = base64UrlEncode(header) + "." + base64UrlEncode(payload);
 
 HMACSHA256(encodedString, 'secret');
 

Since:

V5.7

Method Summary

Modifier and Type	Method and Description
JWSHeader	getHeader() Return the JWS header for the JWS
java.lang.String	getPayload() Return payload as a string.
java.lang.String	getSignature() Return the signature for the JWS or JWT
boolean	isSigned() Return true if the specified JWT compact string represents a signed JWS, false otherwise.
boolean	verifyFileJWKSet(java.lang.String filename) The public RSA keys to validate the signatures will be sourced from the OAuth 2.0 server's JWK set, published at a well-known URL
boolean	verifyFromKeyStore(java.lang.String keystore, java.lang.String password) Validates the signature using a specified KeyStore location and password.
boolean	verifyHMAC(javax.crypto.SecretKey secret) Verify HMAC signature with a specified SecretKey
boolean	verifyInputStreamJWKSet(java.io.InputStream is) The public RSA keys to validate the signatures will be sourced from the OAuth 2.0 server's JWK set, published at a well-known URL
boolean	verifyPublicKey(java.security.PublicKey publickKey) Verify RSA signature with a specified PublicKey
boolean	verifyRemoteJWKSet(java.lang.String url) Verify the signature using the OAuth 2.0 server's JSON Web Key Set (JWKS) endpoint.

Method Detail

getHeader

JWSHeader getHeader()

Return the JWS header for the JWS

Since:

V5.7

getSignature

java.lang.String getSignature()

Return the signature for the JWS or JWT

Since:

V5.7

isSigned

boolean isSigned()

Return true if the specified JWT compact string represents a signed JWS, false otherwise.

Since:

V5.7

getPayload

java.lang.String getPayload()
                     throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException

Return payload as a string.

Throws:

com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException - thrown if the payload is invalid

Since:

V5.7

verifyHMAC

boolean verifyHMAC(javax.crypto.SecretKey secret)
            throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException

Verify HMAC signature with a specified SecretKey

Returns:

true if token signature is verified

Throws:

com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException - thrown if the payload is invalid

Since:

V5.7

verifyPublicKey

boolean verifyPublicKey(java.security.PublicKey publickKey)
                 throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException

Verify RSA signature with a specified PublicKey

Returns:

true if token signature is verified

Throws:

com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException - thrown if the payload is invalid

Since:

V5.7

verifyRemoteJWKSet

boolean verifyRemoteJWKSet(java.lang.String url)
                    throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException

Verify the signature using the OAuth 2.0 server's JSON Web Key Set (JWKS) endpoint. Example URL: http://YOUR_DOMAIN/oauth/.well-known/openid-configuration

Returns:

true if token signature is verified

Throws:

com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException - thrown if the payload is invalid

Since:

V5.7

verifyFromKeyStore

boolean verifyFromKeyStore(java.lang.String keystore,
                           java.lang.String password)
                    throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException

Validates the signature using a specified KeyStore location and password.

Returns:

true if token signature is verified

Throws:

com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException - thrown if the payload is invalid

Since:

V5.7

verifyFileJWKSet

boolean verifyFileJWKSet(java.lang.String filename)
                  throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException

The public RSA keys to validate the signatures will be sourced from the OAuth 2.0 server's JWK set, published at a well-known URL

Returns:

true if token signature is verified

Throws:

com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException - thrown if the payload is invalid

Since:

V5.7

verifyInputStreamJWKSet

boolean verifyInputStreamJWKSet(java.io.InputStream is)
                         throws com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException

The public RSA keys to validate the signatures will be sourced from the OAuth 2.0 server's JWK set, published at a well-known URL

Returns:

true if token signature is verified

Throws:

com.ebasetech.ufs.runtime.security.jwt.InvalidJWTokenException - thrown if the payload is invalid

Since:

V5.7