...
Code Block | ||||
---|---|---|---|---|
| ||||
JwsCompactProducer jwsProducer = new JwsCompactProducer("Hello World"); // Load private RSA key from the JWK Key set stored on the disk InputStream is = JsonWebKeyTest.class.getResourceAsStream(fileName); JsonWebKeys keySet = JwkUtils.readJwkSet(is); JsonWebKey jwkPrivateRsaKey = keySet.getKey("Private RSA Key"); // Sign String jwsSequence = jwsProducer.signWith(jwkPrivateRsaKey); // Validate JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(jwsSequence); // Load Public RSA Key from Java JKS Store PublicKey publicRsaKey = CryptoUtils.loadPublicKey(keyStoreLocation, keyStorePassword, keyAlias, KeyStore.getDefaultType()); jws.verifySignatureWith(publicRsaKey); // Get the data String helloWorldString = jwsConsumer.getDecodedJwsPayload(); |
...
Code Block | ||||
---|---|---|---|---|
| ||||
JwsJsonProducer producer = new JwsJsonProducer(UNSIGNED_PLAIN_JSON_DOCUMENT); JwsHeaders headerEntries = new JwsHeaders(SignatureAlgorithm.HS256); producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_1, SignatureAlgorithm.HS256), headerEntries); producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_2, SignatureAlgorithm.HS256), headerEntries); assertEquals(DUAL_SIGNED_JWS_JSON_DOCUMENT, producer.getJwsJsonSignedDocument()); JwsJsonConsumer consumer = new JwsJsonConsumer(DUAL_SIGNED_DOCUMENT); // Validate both signatures, see below how to validate and produce JsonWebKeys jwks = readKeySet("jwkSet.txt"); List<JwsJsonSignatureEntry> sigEntries = consumer.getSignatureEntries(); assertEquals(2, sigEntries.size()); // 1st signature String firstKid = (String)sigEntries.get(0).getKeyId(); JsonWebKey firstKey = jwks.getKey(firstKid); assertTrue(sigEntries.get(0).verifySignatureWith(firstKey)); // 2nd signature String secondKid = (String)sigEntries.get(1).getKeyId(); JsonWebKey secondKey = jwks.getKey(secondKid); assertTrue(sigEntries.get(1).verifySignatureWith(secondKey)); // or if you wish to validate (ex with the firstKey loaded above) and forward it to the next consumer, do: JwsSignatureProvider provider = JwsUtils.getSignatureProvider(firstKey); String nextJwsJson = consumer.validateAndProduce(Collections.singletonList(provider)); // use WebClient to post nextJwsJson to the next consumer, with nextJwsJson being nearly identical to the original // double-signed JWS JSON signature, minus the signature which was already validated, in this case nextJwsJson will // only have a single // signature |
Does it make sense to use JWS JSON if you do not plan to do multiple signatures ? Indeed, if it is only a single signature then using JWS Compact is a good alternative, likely to be used most often.
...
JWS with Detached Content
JWS with a Detached Content provides a way to integrity-protect some data without actually having these data included in the resulting JWS sequence.
For example, if the producer and consumer can both access the same shared piece of data, then the producer can sign these data, post the JWS sequence (without the data) to the consumer. The consumer will validate this JWS sequence and assert the data have not been modified by the time it has received and started validating the sequence. You fill find JWS Compact and JWS JSON Producer and Consumer providers accepting an optional 'detached' flag in cases were it is required.
JWS with Clear Payload
JWE Encryption
...