Versions Compared

Old Version 26

changes.mady.by.user Sergey Beryozkin

Saved on

compared with

New Version 27

changes.mady.by.user Sergey Beryozkin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

AlgorithmJWS Header 'alg'JwsSignatureProviderJwsSignatureVerifier
HMACHS256, HS384, HS512
HmacJwsSignatureProvider
HmacJwsSignatureVerifier
RSASSA-PKCS1-v1_5RS256, RS384, RS512PrivateKeyJwsSignatureProviderPublicKeyJwsSignatureVerifier
ECDSAES256, ES384, ES512EcDsaJwsSignatureProviderEcDsaJwsSignatureVerifier
RSASSA-PSSPS256, PS384, PS512PrivateKeyJwsSignatureProviderPublicKeyJwsSignatureVerifier
None noneNoneJwsSignatureProviderNoneJwsSignatureVerifier

...

Code Block
languagejava
titleCXF JWS Compact HMac
// Sign
// Algorithm properties are set in the headers
JoseHeaders headers = new JoseHeaders();
headers.setAlgorithm(SignatureAlgorithm.HS256);

// This is the actual data content, JWT in this case, but can be an arbitrary JSON or non-JSON data
JwtClaims claims = new JwtClaims();
claims.setIssuer("joe");
claims.setExpiryTime(1300819380L);
claims.setClaim("http://example.com/is_root", Boolean.TRUE);
JwtToken token = new JwtToken(headers, claims);

JwsCompactProducer jws = new JwsJwtCompactProducer(token);

jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256));
assertEquals(ENCODED_TOKEN_SIGNED_BY_MAC, jws.getSignedEncodedJws());

// validate
JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_MAC);
assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
                                      SignatureAlgorithm.HS256)));
JwtToken token = jws.getJwtToken();
JoseHeaders headers = token.getHeaders();
assertEquals(SignatureAlgorithm.HS256, headers.getAlgorithm());
validateClaims(token.getClaims());

JWS JSON

While JWS Compact is optimized and represents a concatenation of up to 3 Base64URL values, JWS JSON is an open JSON container, see Appendix 6.

The most interesting feature of JWS JSON is that allows a content be signed for multiple recipients. For example,  the immediate consumer will validate a signature with one key, forward the payload to the next consumer which will also validate the content with another key, etc.  

JwsJsonProducer and JwsJsonConsumer support producing and consuming JWS JSON sequences.

 

Code Block
languagejava
titleCXF JWS JSON
JwsJsonProducer producer = new JwsJsonProducer(UNSIGNED_PLAIN_JSON_DOCUMENT);
JwsHeaders headerEntries = new JwsHeaders(SignatureAlgorithm.HS256);
              
producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_1, SignatureAlgorithm.HS256),
                  headerEntries);
producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_2, SignatureAlgorithm.HS256),
                  headerEntries);
assertEquals(DUAL_SIGNED_JWS_JSON_DOCUMENT, producer.getJwsJsonSignedDocument());

JwsJsonConsumer consumer = new JwsJsonConsumer(DUAL_SIGNED_DOCUMENT); 
JsonWebKeys jwks = readKeySet("jwkPublicJsonConsumerSet.txt");
        
List<JwsJsonSignatureEntry> sigEntries = consumer.getSignatureEntries();
assertEquals(2, sigEntries.size());

// 1st signature
String firstKid = (String)sigEntries.get(0).getKeyId();
JsonWebKey rsaKey = jwks.getKey(firstKid);
assertTrue(sigEntries.get(0).verifySignatureWith(rsaKey));
// 2nd signature
String secondKid = (String)sigEntries.get(1).getKeyId();
JsonWebKey ecKey = jwks.getKey(secondKid);
assertTrue(sigEntries.get(1).verifySignatureWith(ecKey));

   

JWS with Detached Content

...