This class provides methods to sign and validate JSON Web Signatures, as defined in RFC 7515. More...

Inheritance diagram for JWS:

[legend]

Collaboration diagram for JWS:

[legend]

Static Public Member Functions
_.Library.Status	Sign (_.Library.DynamicObject protectedHeader, _.Library.DynamicObject unprotectedHeader, _.Library.String payload, _.Library.String serialization, _.Library.String JWKS, _.Library.String JWS)
	This method signs a header and payload to make a JWS. More...

_.Library.Boolean	Validate (_.Library.String JWS, _.Library.String JWKS, _.Library.Boolean acceptUnsecured, _.Library.DynamicArray validations)
	This method validates a JWS. More...

Static Private Member Functions
_.Library.Status	__CreateSignature (_.Library.DynamicObject algInfo, _.Library.DynamicObject JWK, _.Library.String signingInput, _.Library.String signature)
	This class provides methods to sign and validate JSON Web Signatures, as defined in RFC 7515. More...

_.Library.Status	__ECSigASN1toJWA (_.Library.String ASN1Sig, _.Library.Integer curveSize, _.Library.String JWASig)
	This private helper method converts the given ASN.1-format signature output by the kernel code into the JWA-format signature. More...

_.Library.Status	__ECSigJWAtoASN1 (_.Library.String JWASig, _.Library.Integer curveSize, _.Library.String ASN1Sig)
	This private helper method converts the given JWA-format signature into the ASN.1-format signature required by the kernel code.

_.Library.Integer	__ExtractAllSignatures (_.Library.DynamicObject JWSObj, signatureArray)
	This private helper method retrieves all of the signatures and protected and unprotected headers. More...

_.Library.Integer	__ExtractFlattenedFormat (_.Library.DynamicObject JWSObj, signatureArray)
	This private helper method retrieves the signature and protected and unprotected header from a. More...

_.Library.Integer	__ExtractGeneralFormat (_.Library.DynamicObject JWSObj, signatureArray)
	This private helper method retrieves all of the signatures and protected and unprotected headers from a. More...

_.Library.Status	__SignCompact (_.Library.DynamicObject header, _.Library.String payload, _.Library.String JWKS, _.Library.String JWS)
	This private method signs and creates a compact serialized JWS. More...

_.Library.Status	__SignJSON (_.Library.DynamicObject protectedHeader, _.Library.DynamicObject unprotectedHeader, _.Library.String payload, _.Library.String JWKS, _.Library.String JWS)
	This private method signs and creates a JSON serialized JWS with flattened syntax. More...

_.Library.Boolean	__ValidateCompact (_.Library.String JWS, _.Library.String JWKS, _.Library.Boolean acceptUnsecured, _.Library.DynamicArray validations)
	This private method validates a compact serialized JWS and returns an object containing information on the validation status of the. More...

_.Library.Boolean	__ValidateJSON (_.Library.String JWS, _.Library.String JWKS, _.Library.Boolean acceptUnsecured, _.Library.DynamicArray validations)
	This private method validates a JSON serialized JWS and returns an object containing information on the validation status of each. More...

_.Library.Status	__VerifySignature (_.Library.DynamicObject algInfo, _.Library.DynamicObject JWK, _.Library.String signingInput, _.Library.String signature, _.Library.Boolean acceptUnsecured)
	This private helper method verifies the given JWS signature using the provided algorithm information and JSON Web Key.

Additional Inherited Members
Public Member Functions inherited from RegisteredObject
_.Library.Status	OnAddToSaveSet (_.Library.Integer depth, _.Library.Integer insert, _.Library.Integer callcount)
	This callback method is invoked when the current object is added to the SaveSet,. More...

_.Library.Status	OnClose ()
	This callback method is invoked by the <METHOD>Close</METHOD> method to. More...

_.Library.Status	OnConstructClone (_.Library.RegisteredObject object, _.Library.Boolean deep, _.Library.String cloned)
	This callback method is invoked by the <METHOD>ConstructClone</METHOD> method to. More...

_.Library.Status	OnNew ()
	This callback method is invoked by the <METHOD>New</METHOD> method to. More...

_.Library.Status	OnValidateObject ()
	This callback method is invoked by the <METHOD>ValidateObject</METHOD> method to. More...

Static Public Attributes inherited from RegisteredObject
	CAPTION = None
	Optional name used by the Form Wizard for a class when generating forms. More...

	JAVATYPE = None
	The Java type to be used when exported.

	PROPERTYVALIDATION = None
	This parameter controls the default validation behavior for the object. More...

Detailed Description

This class provides methods to sign and validate JSON Web Signatures, as defined in RFC 7515.

Member Function Documentation

◆ __CreateSignature()

_.Library.Status __CreateSignature	(	_.Library.DynamicObject	algInfo,
		_.Library.DynamicObject	JWK,
		_.Library.String	signingInput,
		_.Library.String	signature
	)

staticprivate

This class provides methods to sign and validate JSON Web Signatures, as defined in RFC 7515.

This private helper method makes the actual signature for the JWS using the provided algorithm information and JSON Web Key.

◆ __ECSigASN1toJWA()

_.Library.Status __ECSigASN1toJWA	(	_.Library.String	ASN1Sig,
		_.Library.Integer	curveSize,
		_.Library.String	JWASig
	)

staticprivate

This private helper method converts the given ASN.1-format signature output by the kernel code into the JWA-format signature.

required by the JWS specs.

◆ __ExtractAllSignatures()

_.Library.Integer __ExtractAllSignatures	(	_.Library.DynamicObject	JWSObj,
			signatureArray
	)

staticprivate

This private helper method retrieves all of the signatures and protected and unprotected headers.

from a JSON serialized JWS. It returns the number of signatures found and outputs an array of all of the signatures, protected headers, and unprotected headers found.

◆ __ExtractFlattenedFormat()

_.Library.Integer __ExtractFlattenedFormat	(	_.Library.DynamicObject	JWSObj,
			signatureArray
	)

staticprivate

This private helper method retrieves the signature and protected and unprotected header from a.

JSON serialized JWS that uses flattened syntax. In order to ensure compatibility with the general syntax of JSON serialized JWSs, this method populates a two-dimensional array to store the signature alongside the protected and unprotected header. It then returns the number of signatures found (which will always either be 0 or 1).

◆ __ExtractGeneralFormat()

_.Library.Integer __ExtractGeneralFormat	(	_.Library.DynamicObject	JWSObj,
			signatureArray
	)

staticprivate

This private helper method retrieves all of the signatures and protected and unprotected headers from a.

JSON serialized JWS that uses general syntax. It populates a two-dimensional array to store each signature alongside the corresponding protected and unprotected header and then returns the number of signatures found.

◆ Sign()

_.Library.Status Sign	(	_.Library.DynamicObject	protectedHeader,
		_.Library.DynamicObject	unprotectedHeader,
		_.Library.String	payload,
		_.Library.String	serialization,
		_.Library.String	JWKS,
		_.Library.String	JWS
	)

static

This method signs a header and payload to make a JWS.

Input parameters:

protectedHeader - The JOSE Protected Header to use.
unprotectedHeader - The JOSE Unprotected Header to use.
payload - The message being signed.
serialization - The JWS Serialization format to use. Accepted serialization formats are "compact" and "json". The format type determines the structure of the JWS that is created. This defaults to "compact"
JWKS - The JSON Web Key Set that contains the key that will be used to sign this JWS. This defaults to the null string.

Output parameters:

JWS - The JSON Web Signature that is created. If json serialization is used, this will be a valid JSON string. If compact serialization is used it will be a non-JSON string.

Return value:

A status indicating whether or not a JWS was created from the inputs. If this method is unable to create a JWS from the inputs it will return an error indicating why this is.

Notes:

This method will fail if provided an empty payload.
If none of the provided headers contains a kid but in the process of creating the JWS a JWK with a kid is used, that kid will be added to the protected header before the JWS is created.
If the "compact" serialization format is used, the protected header MUST be present and the unprotected header MUST be absent. If the "json" format is used, at least one of the protected header and unprotected header MUST be present and they both CAN be present.
Only the JWS Compact Serialization and the flattened syntax of the JWS JSON Serialization are supported for signing (not the general format of the JWS JSON Serialization).
Using the default JWKS (which is null) will result in an error in all cases except for when the algorithm "none" is used.

◆ __SignCompact()

_.Library.Status __SignCompact	(	_.Library.DynamicObject	header,
		_.Library.String	payload,
		_.Library.String	JWKS,
		_.Library.String	JWS
	)

staticprivate

This private method signs and creates a compact serialized JWS.

It is a helper method for Sign() above and

should never be called on its own. See Sign() for information on the inputs and outputs.

◆ __SignJSON()

_.Library.Status __SignJSON	(	_.Library.DynamicObject	protectedHeader,
		_.Library.DynamicObject	unprotectedHeader,
		_.Library.String	payload,
		_.Library.String	JWKS,
		_.Library.String	JWS
	)

staticprivate

This private method signs and creates a JSON serialized JWS with flattened syntax.

It is a helper method for

Sign() above and should never be called on its own. See Sign() for information on the inputs and outputs.

◆ Validate()

_.Library.Boolean Validate	(	_.Library.String	JWS,
		_.Library.String	JWKS,
		_.Library.Boolean	acceptUnsecured,
		_.Library.DynamicArray	validations
	)

static

This method validates a JWS.

Input parameters:

JWS - The JSON Web Signature to be validated.
JWKS - The JSON Web Key Set that contains the key that will be used to validate this JWS. This defaults to the null string.
acceptUnsecured - A boolean value indicating whether or not to accept JWSs that use the algorithm "none". This defaults to false.

Output parameters:

validations - A dynamic array containing information about the validity of the signatures in the JWS. The validations array contains one DynamicObject for each signature in the JWS, each containing the following fields:
- "signature": The signature this DynamicObject contains information about.
- "valid": A boolean indicating whether or not the signature is valid.
- "error": A string containing any error message that was generating during the checking of the signature.
</ul
Return value:
- A boolean indicator of whether or not validation succeeded. If the JWS contains multiple signatures, this method will return true as long as at least one of the signatures is valid.
Notes:
- This method will not accept an empty JWS. If provided one, it will return false and the validations array will be null.
- This method supports validation for the JWS Compact Serialization and both the flattened and general syntax of the JWS JSON Serialization.
- Using the default JWKS (which is null) will result in an error in all cases except for when the algorithm "none" was used (and unsecured JWSs are accepted).
- Some applications may only want to consider a JWS with multiple signatures valid if all of the signatures are valid. Since this method only needs one signature to be valid in order to return true, applications that require all signatures to be valid should use the error field of each signature in the validations array to meet their needs. Specifically, they should check to see if any signature's error field is not null. Any signature whose error field is not null failed to validate (which is why it has an error message), so the presence of any non-null error fields means that at least one signature failed to validate.

◆ __ValidateCompact()

_.Library.Boolean __ValidateCompact	(	_.Library.String	JWS,
		_.Library.String	JWKS,
		_.Library.Boolean	acceptUnsecured,
		_.Library.DynamicArray	validations
	)

staticprivate

This private method validates a compact serialized JWS and returns an object containing information on the validation status of the.

signature in the JWS. It is a helper method for Validate() above and should never be called on its own. See Validate() for information on the inputs and outputs.

◆ __ValidateJSON()

_.Library.Boolean __ValidateJSON	(	_.Library.String	JWS,
		_.Library.String	JWKS,
		_.Library.Boolean	acceptUnsecured,
		_.Library.DynamicArray	validations
	)

staticprivate

This private method validates a JSON serialized JWS and returns an object containing information on the validation status of each.

signature in the JWS. It is a helper method for Validate() above and should never be called on its own. See Validate() for information on the inputs and outputs.

Static Public Member Functions

Static Private Member Functions

Additional Inherited Members

Detailed Description

Member Function Documentation

◆ __CreateSignature()

◆ __ECSigASN1toJWA()

◆ __ExtractAllSignatures()

◆ __ExtractFlattenedFormat()

◆ __ExtractGeneralFormat()

◆ Sign()

◆ __SignCompact()

◆ __SignJSON()

◆ Validate()

◆ __ValidateCompact()

◆ __ValidateJSON()