com.google.api.client.json.webtoken

Class JsonWebSignature


  • public class JsonWebSignature
extends JsonWebToken
    JSON Web Signature (JWS).

    Sample usage: 

      public static void printPayload(JsonFactory jsonFactory, String tokenString) throws IOException {
    JsonWebSignature jws = JsonWebSignature.parse(jsonFactory, tokenString);
    System.out.println(jws.getPayload());
  }

    Implementation is not thread-safe.

    Since:
    1.14 (since 1.7 as com.google.api.client.auth.jsontoken.JsonWebSignature)

    • Constructor Detail

      • JsonWebSignature

        public JsonWebSignature(JsonWebSignature.Header header,
                        JsonWebToken.Payload payload,
                        byte[] signatureBytes,
                        byte[] signedContentBytes)
        Parameters:
        header - header
        payload - payload
        signatureBytes - bytes of the signature
        signedContentBytes - bytes of the signature content

    • Method Detail

      • getHeader

        public JsonWebSignature.Header getHeader()
        Description copied from class: JsonWebToken
        Returns the header.

        Overriding is only supported for the purpose of calling the super implementation and changing the return type, but nothing else.

      • verifySignature

        public final boolean verifySignature(PublicKey publicKey)
                              throws GeneralSecurityException
        Verifies the signature of the content.

        Currently only "RS256" algorithm is verified, but others may be added in the future. For any other algorithm it returns false.

        Parameters:
        publicKey - public key
        Returns:
        whether the algorithm is recognized and it is verified
        Throws:
        GeneralSecurityException -

      • verifySignature

        @Beta
public final X509Certificate verifySignature(X509TrustManager trustManager)
                                            throws GeneralSecurityException
        Beta
        Verifies the signature of the content using the certificate chain embedded in the signature.

        Currently only "RS256" algorithm is verified, but others may be added in the future. For any other algorithm it returns null.

        The leaf certificate of the certificate chain must be an SSL server certificate.

        Parameters:
        trustManager - Trust manager used to verify the X509 certificate chain embedded in this message.
        Returns:
        The signature certificate if the signature could be verified, null otherwise.
        Throws:
        GeneralSecurityException -
        Since:
        1.19.1.

      • verifySignature

        @Beta
public final X509Certificate verifySignature()
                                            throws GeneralSecurityException
        Beta
        Verifies the signature of the content using the certificate chain embedded in the signature.

        Currently only "RS256" algorithm is verified, but others may be added in the future. For any other algorithm it returns null.

        The certificate chain is verified using the system default trust manager.

        The leaf certificate of the certificate chain must be an SSL server certificate.

        Returns:
        The signature certificate if the signature could be verified, null otherwise.
        Throws:
        GeneralSecurityException -
        Since:
        1.19.1.

      • getSignatureBytes

        public final byte[] getSignatureBytes()
        Returns the modifiable array of bytes of the signature.

      • getSignedContentBytes

        public final byte[] getSignedContentBytes()
        Returns the modifiable array of bytes of the signature content.