dw.crypto
Class JWS
dw.crypto.JWS
This class represents a JSON Web Signature (JWS) object.
Note: this class handles sensitive security-related data.
Pay special attention to PCI DSS v3 requirements 2, 4, and 12.
Properties
algorithm
:
String
(Read Only)
Get the algorithm (
alg
) from the header.
header
:
JWSHeader
(Read Only)
Get a copy of the JWS header.
headerMap
:
Map
(Read Only)
Get a copy of the JWS header as a Map.
payload
:
String
(Read Only)
Get the payload from this object.
This is available even if the signature has not been verified.
Constructor Summary
Method Summary
getAlgorithm()
:
String
Get the algorithm (
alg
) from the header.
getHeaderMap()
:
Map
Get a copy of the JWS header as a Map.
getPayload()
:
String
Get the payload from this object.
static parse(jws
:
String)
:
JWS
Parse a JSON Web Signature (JWS) object from its compact serialization format.
static parse(jws
:
String, payload
:
String)
:
JWS
Parse a JSON Web Signature (JWS) object from its compact serialization format.
static parse(jws
:
String, payload
:
Bytes)
:
JWS
Parse a JSON Web Signature (JWS) object from its compact serialization format.
verify(certificateRef
:
CertificateRef)
:
boolean
Verifies the signature of the payload.
Methods inherited from class
Object
assign, create, create, defineProperties, defineProperty, entries, freeze, fromEntries, getOwnPropertyDescriptor, getOwnPropertyNames, getOwnPropertySymbols, getPrototypeOf, hasOwnProperty, is, isExtensible, isFrozen, isPrototypeOf, isSealed, keys, preventExtensions, propertyIsEnumerable, seal, setPrototypeOf, toLocaleString, toString, valueOf, values
Constructor Detail
JWS
Construct a new JWS for signing.
Parameters:
header
-
JWS header. This must include a valid algorithm (
alg
). See verify(CertificateRef) for a list of supported algorithms.
payload
-
Content that will be signed.
JWS
Construct a new JWS for signing.
Parameters:
header
-
JWS header. This must include a valid algorithm (
alg
). See verify(CertificateRef) for a list of supported algorithms.
payload
-
Content that will be signed.
Method Detail
getAlgorithm
getAlgorithm()
:
String
Get the algorithm (
alg
) from the header.
Returns:
Value of the algorithm or null if missing.
getHeaderMap
getHeaderMap()
:
Map
Get a copy of the JWS header as a Map.
Returns:
Copy of the JWS header.
getPayload
getPayload()
:
String
Get the payload from this object.
This is available even if the signature has not been verified.
Returns:
UTF-8 encoded payload.
parse
Parse a JSON Web Signature (JWS) object from its compact serialization format.
Parameters:
jws
-
JWS in compact serialization format.
Returns:
JWS object.
parse
Parse a JSON Web Signature (JWS) object from its compact serialization format.
Parameters:
jws
-
JWS without a payload in compact serialization format.
payload
-
Detached payload
Returns:
JWS object.
parse
Parse a JSON Web Signature (JWS) object from its compact serialization format.
Parameters:
jws
-
JWS without a payload in compact serialization format.
payload
-
Detached payload
Returns:
JWS object.
serialize
serialize(detachPayload
:
boolean)
:
String
Get this JWS in compact serialization form.
Parameters:
detachPayload
-
true for a detached payload compliant with RFC-7797, or false to serialize the payload too.
Returns:
Compact serialized object.
sign
sign(keyRef
:
KeyRef)
:
void
Sign the payload using the given private key.
The key type and size must match the algorithm given in the JWS header.
Parameters:
keyRef
-
Reference to the private key.
Throws:
Exception
-
if there is an error while signing the payload.
verify
verify(certificateRef
:
CertificateRef)
:
boolean
Verifies the signature of the payload.
If the
x5c
header parameter is present, then that certificate chain will be used to verify the
signature and the given certificateRef
must be its root certificate. If this parameter is not
present then the given certificateRef
will be used to directly verify the signature.
The following algorithms are supported:
- ES256
- ES256K
- ES384
- ES512
- RS256
- RS384
- RS512
- PS256
- PS384
- PS512
Parameters:
certificateRef
-
Reference to the certificate to use for verification.
Returns:
a boolean indicating success (true) or failure (false).
Throws:
Exception
-
if there is an error while processing the certificate (for example if the
x5c
is not signed by the given certificate) or the algorithm is unsupported.