Class SignedJwt


  • public final class SignedJwt
    extends Object
    The JWT used to transfer content across network - e.g. the base64 parts concatenated with a dot.
    • Method Detail

      • sign

        public static SignedJwt sign​(Jwt jwt,
                                     JwkKeys jwks)
                              throws JwtException
        Sign a jwt using a key obtained based on kid from JwkKeys. In case the kid is not provided and alg is none, Jwk.ALG_NONE is used - e.g. no signature is generated.
        Parameters:
        jwt - jwt to sign
        jwks - keys to find the correct key to sign
        Returns:
        a new instance of this class with signature
        Throws:
        JwtException - in case the algorithm is missing, the algorithms of JWK and JWT do not match, or in case of other mis-matches
      • sign

        public static SignedJwt sign​(Jwt jwt,
                                     Jwk jwk)
                              throws JwtException
        Sign a jwt using an explicit jwk.
        Parameters:
        jwt - jwt to sign
        jwk - key used to sign the JWT
        Returns:
        a new instance of this class with signature
        Throws:
        JwtException - in case the algorithm is missing, the algorithms of JWK and JWT do not match, or in case of other mis-matches
      • parseToken

        public static SignedJwt parseToken​(String tokenContent)
        Parse a token received over network. The expected content is header_base64.payload_base64.signature_base64 where base64 is base64 URL encoding. This method does NO validation of content at all, only validates that the content is correctly formatted:
        • correct format of string (e.g. base64.base64.base64)
        • each base64 part is actually base64 URL encoded
        • header and payload are JSON objects
        Parameters:
        tokenContent - String with the token
        Returns:
        a signed JWT instance that can be used to obtain the instance and to verifySignature(JwkKeys) verify} the signature
        Throws:
        RuntimeException - in case of invalid content, see Errors.ErrorMessagesException
      • tokenContent

        public String tokenContent()
        The full token (header, payload, signature).
        Returns:
        token content
      • getSignedBytes

        public byte[] getSignedBytes()
        The bytes that were signed (payload bytes).
        Returns:
        signed bytes
      • getSignature

        public byte[] getSignature()
        Signature bytes.
        Returns:
        bytes of the signature
      • getJwt

        public Jwt getJwt()
        Return a Jwt instance from this signed JWT.
        Returns:
        Jwt instance
        Throws:
        RuntimeException - in case one of the fields has invalid content (e.g. timestamp is invalid)
      • verifySignature

        public Errors verifySignature​(JwkKeys keys)
        Verify signature against the provided keys (the kid of this JWT should be present in the JwkKeys provided).
        Parameters:
        keys - JwkKeys to obtain a key to verify signature
        Returns:
        Errors with collected messages, see Errors.isValid() and Errors.checkValid()
      • verifySignature

        public Errors verifySignature​(JwkKeys keys,
                                      Jwk defaultJwk)
        Verify signature against the provided keys (the kid of thisPrincipal JWT should be present in the JwkKeys provided).
        Parameters:
        keys - JwkKeys to obtain a key to verify signature
        defaultJwk - Default value of JWK
        Returns:
        Errors with collected messages, see Errors.isValid() and Errors.checkValid()