Java Code Examples for org.jose4j.jws.JsonWebSignature#setCompactSerialization()

Example 1
Source File:    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
 * Verify signature.
 * @param value the value
 * @return the value associated with the signature, which may have to
 * be decoded, or null.
private String verifySignature(@NotNull final String value) {
    try {
        final JsonWebSignature jws = new JsonWebSignature();
        final boolean verified = jws.verifySignature();
        if (verified) {
            logger.debug("Signature successfully verified. Payload is [{}]", jws.getPayload());
            return jws.getPayload();
        return null;
    } catch (final Exception e) {
        throw new RuntimeException(e);
Example 2
Source File:    From Jose4j with Apache License 2.0 6 votes vote down vote up
public void noKidTestNovJwksEndpoint() throws JoseException
    // JSON content from on Jan 8, 2015
    String json = "{\"keys\":[" +
            "{\"kty\":\"RSA\"," +
            "\"e\":\"AQAB\"," +
            "\"n\":\"pKybs0WaHU_y4cHxWbm8Wzj66HtcyFn7Fh3n-99qTXu5yNa30MRYIYfSDwe9JVc1JUoGw41yq2StdGBJ40HxichjE-Yopfu3B58QlgJvToUbWD4gmTDGgMGxQxtv1En2yedaynQ73sDpIK-12JJDY55pvf-PCiSQ9OjxZLiVGKlClDus44_uv2370b9IN2JiEOF-a7JBqaTEYLPpXaoKWDSnJNonr79tL0T7iuJmO1l705oO3Y0TQ-INLY6jnKG_RpsvyvGNnwP9pMvcP1phKsWZ10ofuuhJGRp8IxQL9RfzT87OvF0RBSO1U73h09YP-corWDsnKIi6TbzRpN5YDw\"" +

    JsonWebKeySet jwks = new JsonWebKeySet(json);

    VerificationJwkSelector verificationJwkSelector = new VerificationJwkSelector();
    JsonWebSignature jws = new JsonWebSignature();
    List<JsonWebKey> jsonWebKeys = jwks.getJsonWebKeys();
    List<JsonWebKey> selected = verificationJwkSelector.selectList(jws, jsonWebKeys);
    assertThat(1, equalTo(selected.size()));
    JsonWebKey jsonWebKey = selected.get(0);
Example 3
Source File:    From nano-framework with Apache License 2.0 6 votes vote down vote up
 * Verify signature.
 * @param value the value
 * @return the value associated with the signature, which may have to
 * be decoded, or null.
private String verifySignature(@NotNull final String value) {
    try {
        final JsonWebSignature jws = new JsonWebSignature();
        final boolean verified = jws.verifySignature();
        if (verified) {
            LOGGER.debug("Signature successfully verified. Payload is [{}]", jws.getPayload());
            return jws.getPayload();
        return null;
    } catch (final Exception e) {
        throw new RuntimeException(e);
Example 4
Source File:    From smallrye-jwt with Apache License 2.0 5 votes vote down vote up
private static JsonWebSignature getVerifiedJws(String jwt, Key key) throws Exception {
    JsonWebSignature jws = new JsonWebSignature();
    return jws;
Example 5
Source File:    From smallrye-jwt with Apache License 2.0 5 votes vote down vote up
private static void verifyJwt(String jwt, String customClaim, String customValue) throws Exception {
    JsonWebSignature jws = new JsonWebSignature();
    JwtClaims claims = JwtClaims.parse(jws.getPayload());
    Assert.assertEquals(4, claims.getClaimsMap().size());
    Assert.assertEquals(customValue, claims.getClaimValue(customClaim));
Example 6
Source File:    From smallrye-jwt with Apache License 2.0 5 votes vote down vote up
private static void verifyJwtWithIssuer(String jwt) throws Exception {
    JsonWebSignature jws = new JsonWebSignature();
    JwtClaims claims = JwtClaims.parse(jws.getPayload());
    Assert.assertEquals(4, claims.getClaimsMap().size());
    Assert.assertEquals("iss", claims.getIssuer());
Example 7
Source File:    From smallrye-jwt with Apache License 2.0 5 votes vote down vote up
private static void verifyJwtWithArray(String jwt, String customClaim, String customValue) throws Exception {
    JsonWebSignature jws = new JsonWebSignature();
    JwtClaims claims = JwtClaims.parse(jws.getPayload());
    Assert.assertEquals(4, claims.getClaimsMap().size());
    List<String> list = (List<String>) claims.getClaimValue(customClaim);
    Assert.assertEquals(1, list.size());
    Assert.assertEquals(customValue, list.get(0));
Example 8
Source File:    From smallrye-jwt with Apache License 2.0 5 votes vote down vote up
private static JsonWebSignature getVerifiedJws(String jwt, Key key) throws Exception {
    JsonWebSignature jws = new JsonWebSignature();
    if (key == null) {
    return jws;
Example 9
Source File:    From java with Apache License 2.0 5 votes vote down vote up
public boolean isExpired(Map<String, Object> config) {
  String idToken = (String) config.get(OIDC_ID_TOKEN);

  if (idToken == null) {
    return true;
  } else {
    JsonWebSignature jws = new JsonWebSignature();
    try {
      // we don't care if its valid or not cryptographicly as the only way to verify is to query
      // the remote identity provider's configuration url which is the same chanel as the token
      // request.  If there is a malicious proxy there's no way for the client to know.  Also,
      // the client doesn't need to trust the, token, only bear it to the server which will verify
      // it.

      String jwt = jws.getUnverifiedPayload();
      JwtClaims claims = JwtClaims.parse(jwt);

      // expired now is >= expiration AND exp is present
      return claims.getExpirationTime() == null
    } catch (JoseException | InvalidJwtException | MalformedClaimException e) {
      throw new RuntimeException(e);
Example 10
Source File:    From Jose4j with Apache License 2.0 5 votes vote down vote up
public void jwsVerificationExample() throws JoseException
    // An example of signature verification using JSON Web Signature (JWS)

    // The complete JWS representation, or compact serialization, is string consisting of
    // three dot ('.') separated base64url-encoded parts in the form Header.Payload.Signature
    String compactSerialization = "eyJhbGciOiJFUzI1NiJ9." +
            "VGhpcyBpcyBzb21lIHRleHQgdGhhdCBpcyB0byBiZSBzaWduZWQu." +

    // Create a new JsonWebSignature
    JsonWebSignature jws = new JsonWebSignature();

    // Set the compact serialization on the JWS

    // Set the verification key
    // Note that your application will need to determine where/how to get the key
    // Here we use an example from the JWS spec
    PublicKey publicKey = ExampleEcKeysFromJws.PUBLIC_256;

    // Check the signature
    boolean signatureVerified = jws.verifySignature();

    // Do something useful with the result of signature verification
    System.out.println("JWS Signature is valid: " + signatureVerified);

    // Get the payload, or signed content, from the JWS
    String payload = jws.getPayload();

    // Do something useful with the content
    System.out.println("JWS payload: " + payload);
Example 11
Source File:    From Jose4j with Apache License 2.0 4 votes vote down vote up
public void parseJwksAndVerifyJwsExample() throws JoseException
    // An example of signature verification using JSON Web Signature (JWS)
    // where the verification key is obtained from a JSON Web Key Set document.

    // A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a
    // cryptographic key (often but not always a public key). A JSON Web Key Set (JWK Set) document
    // is a JSON data structure for representing one or more JSON Web Keys (JWK). A JWK Set might,
    // for example, be obtained from an HTTPS endpoint controlled by the signer but this example
    // presumes the JWK Set JSONhas already been acquired by some secure/trusted means.
    String jsonWebKeySetJson = "{\"keys\":[" +
            "{\"kty\":\"EC\",\"use\":\"sig\"," +
             "\"kid\":\"the key\"," +
             "\"x\":\"amuk6RkDZi-48mKrzgBN_zUZ_9qupIwTZHJjM03qL-4\"," +
             "\"y\":\"ZOESj6_dpPiZZR-fJ-XVszQta28Cjgti7JudooQJ0co\",\"crv\":\"P-256\"}," +
            "{\"kty\":\"EC\",\"use\":\"sig\"," +
            " \"kid\":\"other key\"," +
             "\"x\":\"eCNZgiEHUpLaCNgYIcvWzfyBlzlaqEaWbt7RFJ4nIBA\"," +

    // The complete JWS representation, or compact serialization, is string consisting of
    // three dot ('.') separated base64url-encoded parts in the form Header.Payload.Signature
    String compactSerialization = "eyJhbGciOiJFUzI1NiIsImtpZCI6InRoZSBrZXkifQ." +

    // Create a new JsonWebSignature object
    JsonWebSignature jws = new JsonWebSignature();

    // Set the compact serialization on the JWS

    // Create a new JsonWebKeySet object with the JWK Set JSON
    JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(jsonWebKeySetJson);

    // The JWS header contains information indicating which key was used to secure the JWS.
    // In this case (as will hopefully often be the case) the JWS Key ID
    // corresponds directly to the Key ID in the JWK Set.
    // The VerificationJwkSelector looks at Key ID, Key Type, designated use (signatures vs. encryption),
    // and the designated algorithm in order to select the appropriate key for verification from
    // a set of JWKs.
    VerificationJwkSelector jwkSelector = new VerificationJwkSelector();
    JsonWebKey jwk =, jsonWebKeySet.getJsonWebKeys());

    // The verification key on the JWS is the public key from the JWK we pulled from the JWK Set.

    // Check the signature
    boolean signatureVerified = jws.verifySignature();

    // Do something useful with the result of signature verification
    System.out.println("JWS Signature is valid: " + signatureVerified);

    // Get the payload, or signed content, from the JWS
    String payload = jws.getPayload();

    // Do something useful with the content
    System.out.println("JWS payload: " + payload);
Example 12
Source File:    From Jose4j with Apache License 2.0 4 votes vote down vote up
public void verifySignedRequestObject() throws Exception
    // OpenID Connect Core 1.0 - draft 15
    // 5.1.  Passing a Request Object by Value has a JWS JWT with a JWK
    String requestObject = 
            "eyJhbGciOiJSUzI1NiJ9.ew0KICJyZXNwb25zZV90eXBlIjogImNvZGUgaWRfdG9rZW" +
            "4iLA0KICJjbGllbnRfaWQiOiAiczZCaGRSa3F0MyIsDQogInJlZGlyZWN0X3VyaSI6I" +
            "CJodHRwczovL2NsaWVudC5leGFtcGxlLm9yZy9jYiIsDQogInNjb3BlIjogIm9wZW5p" +
            "ZCIsDQogInN0YXRlIjogImFmMGlmanNsZGtqIiwNCiAibm9uY2UiOiAibi0wUzZfV3p" +
            "BMk1qIiwNCiAibWF4X2FnZSI6IDg2NDAwLA0KICJjbGFpbXMiOiANCiAgew0KICAgIn" +
            "VzZXJpbmZvIjogDQogICAgew0KICAgICAiZ2l2ZW5fbmFtZSI6IHsiZXNzZW50aWFsI" +
            "jogdHJ1ZX0sDQogICAgICJuaWNrbmFtZSI6IG51bGwsDQogICAgICJlbWFpbCI6IHsi" +
            "ZXNzZW50aWFsIjogdHJ1ZX0sDQogICAgICJlbWFpbF92ZXJpZmllZCI6IHsiZXNzZW5" +
            "0aWFsIjogdHJ1ZX0sDQogICAgICJwaWN0dXJlIjogbnVsbA0KICAgIH0sDQogICAiaW" +
            "RfdG9rZW4iOiANCiAgICB7DQogICAgICJnZW5kZXIiOiBudWxsLA0KICAgICAiYmlyd" +
            "GhkYXRlIjogeyJlc3NlbnRpYWwiOiB0cnVlfSwNCiAgICAgImFjciI6IHsidmFsdWVz" +
            "IjogWyIyIl19DQogICAgfQ0KICB9DQp9.bOD4rUiQfzh4QPIs_f_R2GVBhNHcc1p2cQ" +
            "TgixB1tsYRs52xW4TO74USgb-nii3RPsLdfoPlsEbJLmtbxG8-TQBHqGAyZxMDPWy3p" +
            "hjeRt9ApDRnLQrjYuvsCj6byu9TVaKX9r1KDFGT-HLqUNlUTpYtCyM2B2rLkWM08ufB" +
            "q9JBCEzzaLRzjevYEPMaoLAOjb8LPuYOYTBqshRMUxy4Z380-FJ2Lc7VSfSu6HcB2nL" +
            "SjiKrrfI35xkRJsaSSmjasMYeDZarYCl7r4o17rFclk5KacYMYgAs-JYFkwab6Dd56Z" +

    String jwkJson = "{" +
            "   \"kty\":\"RSA\"," +
            "   \"n\":\"y9Lqv4fCp6Ei-u2-ZCKq83YvbFEk6JMs_pSj76eMkddWRuWX2aBKGHAtKlE5P" +
            "        7_vn__PCKZWePt3vGkB6ePgzAFu08NmKemwE5bQI0e6kIChtt_6KzT5OaaXDF" +
            "        I6qCLJmk51Cc4VYFaxgqevMncYrzaW_50mZ1yGSFIQzLYP8bijAHGVjdEFgZa" +
            "        ZEN9lsn_GdWLaJpHrB3ROlS50E45wxrlg9xMncVb8qDPuXZarvghLL0HzOuYR" +
            "        adBJVoWZowDNTpKpk2RklZ7QaBO7XDv3uR7s_sf2g-bAjSYxYUGsqkNA9b3xV" +
            "        W53am_UZZ3tZbFTIh557JICWKHlWj5uzeJXaw\"," +
            "   \"e\":\"AQAB\"" +
            "  }";

    JsonWebKey jwk = JsonWebKey.Factory.newJwk(jwkJson);

    JsonWebSignature jws = new JsonWebSignature();
    assertThat(jws.verifySignature(), is(true));

    JwtConsumer jwtConsumer = new JwtConsumerBuilder()

    JwtClaims jwtClaims = jwtConsumer.processToClaims(requestObject);
    assertThat("", equalTo(jwtClaims.getStringClaimValue("redirect_uri")));
Example 13
Source File:    From Jose4j with Apache License 2.0 4 votes vote down vote up
public void verifyIdTokens() throws JoseException, InvalidJwtException, MalformedClaimException
    // OpenID Connect Core 1.0 - draft 15
    // Appendix A.  Authorization Examples has several singed ID Tokens and a JWK
    String idTokenA2 = "eyJhbGciOiJSUzI1NiJ9.ew0KICJpc3MiOiAiaHR0cDovL3Nlc" +
            "nZlci5leGFtcGxlLmNvbSIsDQogInN1YiI6ICIyNDgyODk3NjEwMDEiLA0KI" +
            "CJhdWQiOiAiczZCaGRSa3F0MyIsDQogIm5vbmNlIjogIm4tMFM2X1d6QTJNa" +
            "iIsDQogImV4cCI6IDEzMTEyODE5NzAsDQogImlhdCI6IDEzMTEyODA5NzAsD" +
            "QogIm5hbWUiOiAiSmFuZSBEb2UiLA0KICJnaXZlbl9uYW1lIjogIkphbmUiL" +
            "A0KICJmYW1pbHlfbmFtZSI6ICJEb2UiLA0KICJnZW5kZXIiOiAiZmVtYWxlI" +
            "iwNCiAiYmlydGhkYXRlIjogIjAwMDAtMTAtMzEiLA0KICJlbWFpbCI6ICJqY" +
            "W5lZG9lQGV4YW1wbGUuY29tIiwNCiAicGljdHVyZSI6ICJodHRwOi8vZXhhb" +
            "XBsZS5jb20vamFuZWRvZS9tZS5qcGciDQp9.Bgdr1pzosIrnnnpIekmJ7ooe" +
            "DbXuA2AkwfMf90Po2TrMcl3NQzUE_9dcr9r8VOuk4jZxNpV5kCu0RwqqF11-" +
            "6pQ2KQx_ys2i0arLikdResxvJlZzSm_UG6-21s97IaXC97vbnTCcpAkokSe8" +
            "Uik6f8-U61zVmCBMJnpvnxEJllfV8fYldo8lWCqlOngScEbFQUh4fzRsH8O3" +
            "Znr20UZib4V4mGZqYPtPDVGTeu8xkty1t0aK-wEhbm6Hi-TQTi4kltJlw47M" +
            "cSVgF_8SswaGcW6Bf_954ir_ddi4Nexo9RBiWu4n3JMNcQvZU5xMPhu-EF-6" +

    String idTokenA3 = "eyJhbGciOiJSUzI1NiJ9.ew0KICJpc3MiOiAiaHR0cDovL3NlcnZlc" +
            "i5leGFtcGxlLmNvbSIsDQogInN1YiI6ICIyNDgyODk3NjEwMDEiLA0KICJhdWQiO" +
            "iAiczZCaGRSa3F0MyIsDQogIm5vbmNlIjogIm4tMFM2X1d6QTJNaiIsDQogImV4c" +
            "CI6IDEzMTEyODE5NzAsDQogImlhdCI6IDEzMTEyODA5NzAsDQogImF0X2hhc2giO" +
            "iAiNzdRbVVQdGpQZnpXdEYyQW5wSzlSUSINCn0.g7UR4IDBNIjoPFV8exQCosUNV" +
            "eh8bNUTeL4wdQp-2WXIWnly0_4ZK0sh4A4uddfenzo4Cjh4wuPPrSw6lMeujYbGy" +
            "zKspJrRYL3iiYWc2VQcl8RKdHPz_G-7yf5enut1YE8v7PhKucPJCRRoobMjqD73f" +
            "1nJNwQ9KBrfh21Ggbx1p8hNqQeeLLXb9b63JD84hVOXwyHmmcVgvZskge-wExwnh" +
            "Ivv_cxTzxIXsSxcYlh3d9hnu0wdxPZOGjT0_nNZJxvdIwDD4cAT_LE5Ae447qB90" +

    String idTokenA4 = "eyJhbGciOiJSUzI1NiJ9.ew0KICJpc3MiOiAiaHR0cDovL3NlcnZlc" +
            "i5leGFtcGxlLmNvbSIsDQogInN1YiI6ICIyNDgyODk3NjEwMDEiLA0KICJhdWQiO" +
            "iAiczZCaGRSa3F0MyIsDQogIm5vbmNlIjogIm4tMFM2X1d6QTJNaiIsDQogImV4c" +
            "CI6IDEzMTEyODE5NzAsDQogImlhdCI6IDEzMTEyODA5NzAsDQogImNfaGFzaCI6I" +
            "CJMRGt0S2RvUWFrM1BrMGNuWHhDbHRBIg0KfQ.dAVXerlNOJ_tqMUysD_k1Q_bRX" +
            "RJbLkTOsCPVxpKUis5V6xMRvtjfRg8gUfPuAMYrKQMEqZZmL87Hxkv6cFKavb4ft" +
            "BUrY2qUnrvqe_bNjVEz89QSdxGmdFwSTgFVGWkDf5dV5eIiRxXfIkmlgCltPNocR" +
            "AyvdNrsWC661rHz5F9MzBho2vgi5epUa_KAl6tK4ksgl68pjZqlBqsWfTbGEsWQX" +
            "Efu664dJkdXMLEnsPUeQQLjMhLH7qpZk2ry0nRx0sS1mRwOM_Q0Xmps0vOkNn284" +

    String idTokenA6 = "eyJhbGciOiJSUzI1NiJ9.ew0KICJpc3MiOiAiaHR0cDovL3NlcnZlc" +
            "i5leGFtcGxlLmNvbSIsDQogInN1YiI6ICIyNDgyODk3NjEwMDEiLA0KICJhdWQiO" +
            "iAiczZCaGRSa3F0MyIsDQogIm5vbmNlIjogIm4tMFM2X1d6QTJNaiIsDQogImV4c" +
            "CI6IDEzMTEyODE5NzAsDQogImlhdCI6IDEzMTEyODA5NzAsDQogImF0X2hhc2giO" +
            "iAiNzdRbVVQdGpQZnpXdEYyQW5wSzlSUSIsDQogImNfaGFzaCI6ICJMRGt0S2RvU" +
            "WFrM1BrMGNuWHhDbHRBIg0KfQ.JQthrBsOirujair9aD5gj1Yd5qEv0j4fhLgl8h" +
            "3RaH3soYhwPOiN2Iy_yb7wMCO6I3bPoGJc3zCkpjgUtdB4O2eEhFqXHdwnE4c0oV" +
            "TaTHJi_PdV2ox9g-1ikDB0ckWk0f0SzBd7yM2RoYYxJCiGBQlsSSRQz6ehykonI3" +
            "hLAhXFdpfbK-3_a3HBNKOv_9Mr_JJrz2pqSygk5IBNvwzf1ouVeM91KKvr7EdriK" +
            "N8ysk68fctbFAga1p8rE3cfBOX7Acn4p9QSNpUx0i_x4WHktyKDvH_hLdUw91Fql" +

    String jwkJson = "  {" +
            "   \"kty\":\"RSA\"," +
            "   \"n\":\"zhEWTBJVTfcUeqnMzOQFMCEVQWOyOUZwP8LrBWh88tKrZyPGCvBkTDp-E2Bzy" +
            "        HMQV4pK51Uys2YOwzL9se5THDWMda9rtsCJVcj1V7WaE7wPgl-kIIdWWf4o2g" +
            "       6ZszOy_Fp4q0nG3OTtDRCkBu2iEP21j82pRSRrkCBxnzaChflA7KZbI1n_yhK" +
            "       txyA7FdA480LaSVZyKApvrKiYhocACSwf0y6CQ-wkEi6mVXRJt1aBSywlLYA0" +
            "       8ojp5hkZQ39eCM2k1EdXdhbar998Q9PZTwXA1cfvuGTZbDWxEKLjMKVuKrT1Y" +
            "        vs-2NTXhZAW1KjFS_3UwLkDk-w4dVN-x5tDnw\"," +
            "   \"e\":\"AQAB\"" +
            "  }";

    JsonWebKey jwk = JsonWebKey.Factory.newJwk(jwkJson);

    for (String idToken : new String[] {idTokenA2, idTokenA3, idTokenA4, idTokenA6})
        JsonWebSignature jws = new JsonWebSignature();
        assertThat(jws.verifySignature(), is(true));

        JwtConsumer jwtConsumer = new JwtConsumerBuilder()

        JwtClaims jwtClaims = jwtConsumer.processToClaims(idToken);
        assertThat("248289761001", equalTo(jwtClaims.getSubject()));
Example 14
Source File:    From Jose4j with Apache License 2.0 4 votes vote down vote up
public void ecdsaSignature_4_3() throws JoseException
    String jwkJson = 
            "{\n" +
            "  \"kty\": \"EC\",\n" +
            "  \"kid\": \"bilbo.baggins@hobbiton.example\",\n" +
            "  \"use\": \"sig\",\n" +
            "  \"crv\": \"P-521\",\n" +
            "  \"x\": \"AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9\n" +
            "      A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt\",\n" +
            "  \"y\": \"AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy\n" +
            "      SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1\",\n" +
            "  \"d\": \"AAhRON2r9cqXX1hg-RoI6R1tX5p2rUAYdmpHZoC1XNM56KtscrX6zb\n" +
            "      KipQrCW9CGZH3T4ubpnoTKLDYJ_fF3_rJt\"\n" +

    String jwsCompactSerialization =
            "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX" +
            "hhbXBsZSJ9" +
            "." +
            "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH" +
            "lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk" +
            "b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm" +
            "UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4" +
            "." +
            "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb" +
            "u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv" +

    String alg = AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512;

    // verify consuming the JWS
    JsonWebSignature jws = new JsonWebSignature();
    JsonWebKey jwk = JsonWebKey.Factory.newJwk(jwkJson);

    assertThat(jws.getUnverifiedPayload(), equalTo(jwsPayload));

    assertThat(jws.verifySignature(), is(true));
    assertThat(jws.getPayload(), equalTo(jwsPayload));

    assertThat(jws.getKeyIdHeaderValue(), equalTo(jwk.getKeyId()));
    assertThat(alg, equalTo(jws.getAlgorithmHeaderValue()));

    // can't really verify reproducing ECDSA