Java Code Examples for org.jose4j.jws.JsonWebSignature#setKey()
The following examples show how to use
org.jose4j.jws.JsonWebSignature#setKey() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: Jose4jJoseImpl.java From thorntail with Apache License 2.0 | 6 votes |
|
@Override
public String sign(SignatureInput input) {
JsonWebSignature jws = new JsonWebSignature();
jws.setPayload(input.getData());
for (Map.Entry<String, Object> entry : input.getHeaders().entrySet()) {
jws.getHeaders().setObjectHeaderValue(entry.getKey(), entry.getValue());
}
jws.setAlgorithmHeaderValue(config.signatureAlgorithm());
if (!config.signatureDataEncoding()) {
jws.getHeaders().setObjectHeaderValue(HeaderParameterNames.BASE64URL_ENCODE_PAYLOAD, false);
jws.setCriticalHeaderNames(HeaderParameterNames.BASE64URL_ENCODE_PAYLOAD);
}
if (config.includeSignatureKeyAlias()) {
jws.setKeyIdHeaderValue(signatureKeyAlias());
}
jws.setKey(getSignatureKey(jws, JoseOperation.SIGN));
try {
return config.signatureDataDetached()
? jws.getDetachedContentCompactSerialization() : jws.getCompactSerialization();
} catch (org.jose4j.lang.JoseException ex) {
throw new JoseException(ex.getMessage(), ex);
}
}
Example 2
| Source File: X509VerificationKeyResolver.java From Jose4j with Apache License 2.0 | 6 votes |
|
private Key attemptAll(JsonWebSignature jws) throws UnresolvableKeyException
{
for (X509Certificate certificate : x5tMap.values())
{
PublicKey publicKey = certificate.getPublicKey();
jws.setKey(publicKey);
try
{
if (jws.verifySignature())
{
return publicKey;
}
}
catch (JoseException e)
{
log.debug("Verify signature didn't work: {}", ExceptionHelp.toStringWithCauses(e));
}
}
StringBuilder sb = new StringBuilder();
sb.append("Unable to verify the signature with any of the provided keys - SHA-1 thumbs of provided certificates: ");
sb.append(x5tMap.keySet());
sb.append(".");
throw new UnresolvableKeyException(sb.toString());
}
Example 3
| Source File: JwtCachingAuthenticatorTest.java From dropwizard-auth-jwt with Apache License 2.0 | 6 votes |
|
private JwtContext tokenOne() {
final JwtClaims claims = new JwtClaims();
claims.setSubject("good-guy");
claims.setIssuer("Issuer");
claims.setAudience("Audience");
final JsonWebSignature jws = new JsonWebSignature();
jws.setPayload(claims.toJson());
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA512);
jws.setKey(new HmacKey(SECRET.getBytes(UTF_8)));
jws.setDoKeyValidation(false);
try {
return consumer.process(jws.getCompactSerialization());
}
catch (Exception e) { throw Throwables.propagate(e); }
}
Example 4
| Source File: JwtConsumerTest.java From Jose4j with Apache License 2.0 | 6 votes |
|
@Test
public void testNpeWithNonExtractableKeyDataHS256() throws Exception
{
byte[] raw = Base64Url.decode("hup76LcA9B7pqrEtqyb4EBg6XCcr9r0iOCFF1FeZiJM");
FakeHsmNonExtractableSecretKeySpec key = new FakeHsmNonExtractableSecretKeySpec(raw, "HmacSHA256");
JwtClaims claims = new JwtClaims();
claims.setExpirationTimeMinutesInTheFuture(5);
claims.setSubject("subject");
claims.setIssuer("issuer");
JsonWebSignature jws = new JsonWebSignature();
jws.setPayload(claims.toJson());
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA256);
jws.setKey(key);
String jwt = jws.getCompactSerialization();
JwtConsumerBuilder jwtConsumerBuilder = new JwtConsumerBuilder();
jwtConsumerBuilder.setAllowedClockSkewInSeconds(60);
jwtConsumerBuilder.setRequireSubject();
jwtConsumerBuilder.setExpectedIssuer("issuer");
jwtConsumerBuilder.setVerificationKey(key);
JwtConsumer jwtConsumer = jwtConsumerBuilder.build();
JwtClaims processedClaims = jwtConsumer.processToClaims(jwt);
System.out.println(processedClaims);
}
Example 5
| Source File: Http2ClientTest.java From light-4j with Apache License 2.0 | 5 votes |
|
public static String getJwt(JwtClaims claims) throws JoseException {
String jwt;
RSAPrivateKey privateKey = (RSAPrivateKey) getPrivateKey(
"/config/primary.jks", "password", "selfsigned");
// A JWT is a JWS and/or a JWE with JSON claims as the payload.
// In this example it is a JWS nested inside a JWE
// So we first create a JsonWebSignature object.
JsonWebSignature jws = new JsonWebSignature();
// The payload of the JWS is JSON content of the JWT Claims
jws.setPayload(claims.toJson());
// The JWT is signed using the sender's private key
jws.setKey(privateKey);
jws.setKeyIdHeaderValue("100");
// Set the signature algorithm on the JWT/JWS that will integrity protect the claims
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
// Sign the JWS and produce the compact serialization, which will be the inner JWT/JWS
// representation, which is a string consisting of three dot ('.') separated
// base64url-encoded parts in the form Header.Payload.Signature
jwt = jws.getCompactSerialization();
return jwt;
}
Example 6
| Source File: Http2ClientIT.java From light-4j with Apache License 2.0 | 5 votes |
|
public static String getJwt(JwtClaims claims) throws JoseException {
String jwt;
RSAPrivateKey privateKey = (RSAPrivateKey) getPrivateKey(
"/config/primary.jks", "password", "selfsigned");
// A JWT is a JWS and/or a JWE with JSON claims as the payload.
// In this example it is a JWS nested inside a JWE
// So we first create a JsonWebSignature object.
JsonWebSignature jws = new JsonWebSignature();
// The payload of the JWS is JSON content of the JWT Claims
jws.setPayload(claims.toJson());
// The JWT is signed using the sender's private key
jws.setKey(privateKey);
jws.setKeyIdHeaderValue("100");
// Set the signature algorithm on the JWT/JWS that will integrity protect the claims
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
// Sign the JWS and produce the compact serialization, which will be the inner JWT/JWS
// representation, which is a string consisting of three dot ('.') separated
// base64url-encoded parts in the form Header.Payload.Signature
jwt = jws.getCompactSerialization();
return jwt;
}
Example 7
| Source File: ExamplesTest.java From Jose4j with Apache License 2.0 | 5 votes |
|
@Test
public void jwsSigningExample() throws JoseException
{
//
// An example of signing using JSON Web Signature (JWS)
//
// The content that will be signed
String examplePayload = "This is some text that is to be signed.";
// Create a new JsonWebSignature
JsonWebSignature jws = new JsonWebSignature();
// Set the payload, or signed content, on the JWS object
jws.setPayload(examplePayload);
// Set the signature algorithm on the JWS that will integrity protect the payload
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256);
// Set the signing key on the JWS
// Note that your application will need to determine where/how to get the key
// and here we just use an example from the JWS spec
PrivateKey privateKey = ExampleEcKeysFromJws.PRIVATE_256;
jws.setKey(privateKey);
// Sign the JWS and produce the compact serialization or complete JWS representation, which
// is a string consisting of three dot ('.') separated base64url-encoded
// parts in the form Header.Payload.Signature
String jwsCompactSerialization = jws.getCompactSerialization();
// Do something useful with your JWS
System.out.println(jwsCompactSerialization);
}
Example 8
| Source File: JwtAuthProviderTest.java From dropwizard-auth-jwt with Apache License 2.0 | 5 votes |
|
private String toToken(byte[] key, JwtClaims claims) {
final JsonWebSignature jws = new JsonWebSignature();
jws.setPayload(claims.toJson());
jws.setAlgorithmHeaderValue(HMAC_SHA512);
jws.setKey(new HmacKey(key));
jws.setDoKeyValidation(false);
try {
return jws.getCompactSerialization();
}
catch (JoseException e) { throw Throwables.propagate(e); }
}
Example 9
| Source File: TokenUtils.java From microprofile-jwt-auth with Apache License 2.0 | 5 votes |
|
/**
* Utility method to generate a JWT string from a JSON resource file that is signed by the private key
* using either RS256 or ES256 algorithm, possibly with invalid fields.
*
* @param pk - the private key to sign the token with
* @param kid - the kid claim to assign to the token
* @param jsonResName - name of test resources file
* @param invalidClaims - the set of claims that should be added with invalid values to test failure modes
* @param timeClaims - used to return the exp, iat, auth_time claims
* @return the JWT string
* @throws Exception on parse failure
*/
public static String signClaims(PrivateKey pk, String kid, String jsonResName,
Set<InvalidClaims> invalidClaims, Map<String, Long> timeClaims) throws Exception {
if (invalidClaims == null) {
invalidClaims = Collections.emptySet();
}
JwtClaims claims = createJwtClaims(jsonResName, invalidClaims, timeClaims);
JsonWebSignature jws = new JsonWebSignature();
jws.setPayload(claims.toJson());
if (kid != null) {
jws.setKeyIdHeaderValue(kid);
}
jws.setHeader("typ", "JWT");
if (invalidClaims.contains(InvalidClaims.ALG)) {
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA256);
jws.setKey(KeyGenerator.getInstance("HMACSHA256").generateKey());
}
else {
jws.setAlgorithmHeaderValue(pk instanceof RSAPrivateKey ? AlgorithmIdentifiers.RSA_USING_SHA256
: AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256);
if (invalidClaims.contains(InvalidClaims.SIGNER)) {
// Generate a new random private key to sign with to test invalid signatures
pk = generateKeyPair(2048).getPrivate();
}
jws.setKey(pk);
}
return jws.getCompactSerialization();
}
Example 10
| Source File: JWTVerificationkeyResolverTest.java From lucene-solr with Apache License 2.0 | 5 votes |
|
public JsonWebSignature getJws() {
JsonWebSignature jws = new JsonWebSignature();
jws.setPayload(JWTAuthPluginTest.generateClaims().toJson());
jws.setKey(getRsaKey().getPrivateKey());
jws.setKeyIdHeaderValue(getRsaKey().getKeyId());
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
return jws;
}
Example 11
| Source File: JwtSignatureImpl.java From smallrye-jwt with Apache License 2.0 | 5 votes |
|
private String signInternal(Key signingKey) {
JwtBuildUtils.setDefaultJwtClaims(claims);
JsonWebSignature jws = new JsonWebSignature();
for (Map.Entry<String, Object> entry : headers.entrySet()) {
jws.setHeader(entry.getKey(), entry.getValue());
}
if (!headers.containsKey("typ")) {
jws.setHeader("typ", "JWT");
}
String algorithm = (String) headers.get("alg");
if (algorithm == null) {
algorithm = keyAlgorithm(headers, signingKey);
jws.setAlgorithmHeaderValue(algorithm);
}
if ("none".equals(algorithm)) {
jws.setAlgorithmConstraints(AlgorithmConstraints.ALLOW_ONLY_NONE);
}
jws.setPayload(claims.toJson());
if (signingKey instanceof RSAPrivateKey && algorithm.startsWith("RS")
&& ((RSAPrivateKey) signingKey).getModulus().bitLength() < 2048) {
throw ImplMessages.msg.signKeySizeMustBeHigher(algorithm);
}
jws.setKey(signingKey);
try {
return jws.getCompactSerialization();
} catch (Exception ex) {
throw ImplMessages.msg.signJwtTokenFailed(ex.getMessage(), ex);
}
}
Example 12
| Source File: DefaultCipherExecutor.java From nano-framework with Apache License 2.0 | 5 votes |
|
/**
* Signs value based on the signing algorithm and the key length.
*
* @param value the value
* @return the signed value
*/
private String signValue(@NotNull final String value) {
try {
final JsonWebSignature jws = new JsonWebSignature();
jws.setPayload(value);
jws.setAlgorithmHeaderValue(this.signingAlgorithm);
jws.setKey(this.secretKeySigningKey);
return jws.getCompactSerialization();
} catch (final Exception e) {
throw new RuntimeException(e);
}
}
Example 13
| Source File: JwtGenerator.java From cloud-iot-core-androidthings with Apache License 2.0 | 5 votes |
|
@VisibleForTesting()
JwtGenerator(
@NonNull KeyPair keyPair,
@NonNull String jwtAudience,
@NonNull Duration tokenLifetime,
@NonNull Clock clock) {
checkNotNull(keyPair, "keypair");
checkNotNull(jwtAudience, "JWT audience");
checkNotNull(tokenLifetime, "Token lifetime");
checkNotNull(clock, "Clock");
String algorithm = keyPair.getPrivate().getAlgorithm();
if (!algorithm.equals(RSA_ALGORITHM) && !algorithm.equals(EC_ALGORITHM)) {
throw new IllegalArgumentException("Keys use unsupported algorithm.");
}
mTokenLifetime = tokenLifetime;
mClock = clock;
mJws = new JsonWebSignature();
mJws.setAlgorithmHeaderValue(algorithm.equals("RSA")
? AlgorithmIdentifiers.RSA_USING_SHA256
: AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256);
mJws.setHeader("typ", "JWT");
mJws.setKey(keyPair.getPrivate());
mClaims = new JwtClaims();
mClaims.setAudience(jwtAudience);
}
Example 14
| Source File: OauthHelperTest.java From light-4j with Apache License 2.0 | 5 votes |
|
public static String getJwt(JwtClaims claims) throws JoseException {
String jwt;
RSAPrivateKey privateKey = (RSAPrivateKey) getPrivateKey(
"/config/primary.jks", "password", "selfsigned");
// A JWT is a JWS and/or a JWE with JSON claims as the payload.
// In this example it is a JWS nested inside a JWE
// So we first create a JsonWebSignature object.
JsonWebSignature jws = new JsonWebSignature();
// The payload of the JWS is JSON content of the JWT Claims
jws.setPayload(claims.toJson());
// The JWT is signed using the sender's private key
jws.setKey(privateKey);
jws.setKeyIdHeaderValue("100");
// Set the signature algorithm on the JWT/JWS that will integrity protect the claims
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
// Sign the JWS and produce the compact serialization, which will be the inner JWT/JWS
// representation, which is a string consisting of three dot ('.') separated
// base64url-encoded parts in the form Header.Payload.Signature
jwt = jws.getCompactSerialization();
return jwt;
}
Example 15
| Source File: TokenUtils.java From thorntail with Apache License 2.0 | 5 votes |
|
public static String createToken(String groupName) throws Exception {
JwtClaims claims = new JwtClaims();
claims.setIssuer("http://testsuite-jwt-issuer.io");
claims.setSubject(SUBJECT);
claims.setStringListClaim("groups", groupName);
claims.setClaim("upn", "[email protected]");
claims.setExpirationTimeMinutesInTheFuture(1);
JsonWebSignature jws = new JsonWebSignature();
jws.setPayload(claims.toJson());
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
jws.setKey(getPrivateKey());
return jws.getCompactSerialization();
}
Example 16
| Source File: JwtSignTest.java From smallrye-jwt with Apache License 2.0 | 5 votes |
|
private static JsonWebSignature getVerifiedJws(String jwt, Key key) throws Exception {
JsonWebSignature jws = new JsonWebSignature();
jws.setKey(key);
jws.setCompactSerialization(jwt);
Assert.assertTrue(jws.verifySignature());
return jws;
}
Example 17
| Source File: TestUtils.java From java with Apache License 2.0 | 4 votes |
|
/**
* Utility for generating JWTs
*
* @param uid Maps to the sub claim
* @param issuer URL of the issuer
* @param signing Private key to sign the JWT
* @param dos Determines at what time point the JWT should be generated
* @return
* @throws Exception
*/
public static String generateJWT(String uid, String issuer, PrivateKey signing, DateOptions dos)
throws Exception {
JwtClaims claims = new JwtClaims();
claims.setIssuer(issuer);
ArrayList<String> audiences = new ArrayList<String>();
claims.setSubject(uid);
claims.setGeneratedJwtId();
claims.setGeneratedJwtId(); // a unique identifier for the token
if (dos == DateOptions.Now) {
claims.setIssuedAtToNow(); // when the token was issued/created (now)
claims.setNotBeforeMinutesInThePast(
60000 / 1000 / 60); // time before which the token is not yet valid (2 minutes ago)
claims.setExpirationTimeMinutesInTheFuture(
60000 / 1000 / 60); // time before which the token is not yet valid (2 minutes ago)
}
if (dos == DateOptions.Past) {
claims.setIssuedAt(NumericDate.fromMilliseconds(System.currentTimeMillis() - 120000L));
claims.setNotBeforeMinutesInThePast(
4); // time before which the token is not yet valid (2 minutes ago)
claims.setExpirationTimeMinutesInTheFuture(
-1); // time before which the token is not yet valid (2 minutes ago)
}
if (dos == DateOptions.Future) {
claims.setIssuedAt(NumericDate.fromMilliseconds(System.currentTimeMillis() + 120000L));
claims.setNotBeforeMinutesInThePast(
-1); // time before which the token is not yet valid (2 minutes ago)
claims.setExpirationTimeMinutesInTheFuture(
4); // time before which the token is not yet valid (2 minutes ago)
}
JsonWebSignature jws = new JsonWebSignature();
jws.setPayload(claims.toJson());
jws.setKey(signing);
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
return jws.getCompactSerialization();
}
Example 18
| Source File: JwtIssuer.java From light-4j with Apache License 2.0 | 4 votes |
|
/**
* A static method that generate JWT token from JWT claims object
*
* @param claims JwtClaims object
* @return A string represents jwt token
* @throws JoseException JoseException
*/
public static String getJwt(JwtClaims claims) throws JoseException {
String jwt;
RSAPrivateKey privateKey = (RSAPrivateKey) getPrivateKey(
jwtConfig.getKey().getFilename(), (String)secretConfig.get(JWT_PRIVATE_KEY_PASSWORD), jwtConfig.getKey().getKeyName());
// A JWT is a JWS and/or a JWE with JSON claims as the payload.
// In this example it is a JWS nested inside a JWE
// So we first create a JsonWebSignature object.
JsonWebSignature jws = new JsonWebSignature();
// The payload of the JWS is JSON content of the JWT Claims
jws.setPayload(claims.toJson());
// The JWT is signed using the sender's private key
jws.setKey(privateKey);
// Get provider from security config file, it should be two digit
// And the provider id will set as prefix for keyid in the token header, for example: 05100
// if there is no provider id, we use "00" for the default value
String provider_id = "";
if (jwtConfig.getProviderId() != null) {
provider_id = jwtConfig.getProviderId();
if (provider_id.length() == 1) {
provider_id = "0" + provider_id;
} else if (provider_id.length() > 2) {
logger.error("provider_id defined in the security.yml file is invalid; the length should be 2");
provider_id = provider_id.substring(0, 2);
}
}
jws.setKeyIdHeaderValue(provider_id + jwtConfig.getKey().getKid());
// Set the signature algorithm on the JWT/JWS that will integrity protect the claims
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
// Sign the JWS and produce the compact serialization, which will be the inner JWT/JWS
// representation, which is a string consisting of three dot ('.') separated
// base64url-encoded parts in the form Header.Payload.Signature
jwt = jws.getCompactSerialization();
return jwt;
}
Example 19
| Source File: JwtHelperTest.java From light-4j with Apache License 2.0 | 4 votes |
|
@Test
public void testVerifyJwtByJsonWebKeys() throws Exception {
Map<String, Object> secretConfig = Config.getInstance().getJsonMapConfig(JwtIssuer.SECRET_CONFIG);
JwtConfig jwtConfig = (JwtConfig) Config.getInstance().getJsonObjectConfig(JwtIssuer.JWT_CONFIG, JwtConfig.class);
String fileName = jwtConfig.getKey().getFilename();
String alias = jwtConfig.getKey().getKeyName();
KeyStore ks = loadKeystore(fileName, (String)secretConfig.get(JwtIssuer.JWT_PRIVATE_KEY_PASSWORD));
Key privateKey = ks.getKey(alias, ((String) secretConfig.get(JwtIssuer.JWT_PRIVATE_KEY_PASSWORD)).toCharArray());
JsonWebSignature jws = new JsonWebSignature();
String iss = "my.test.iss";
JwtClaims jwtClaims = JwtClaims.parse("{\n" +
" \"sub\": \"5745ed4b-0158-45ff-89af-4ce99bc6f4de\",\n" +
" \"iss\": \"" + iss +"\",\n" +
" \"subject_type\": \"client-id\",\n" +
" \"exp\": 1557419531,\n" +
" \"iat\": 1557419231,\n" +
" \"scope\": [\n" +
" \"my.test.scope.read\",\n" +
" \"my.test.scope.write\",\n" +
" ],\n" +
" \"consumer_application_id\": \"389\",\n" +
" \"request_transit\": \"63092\"\n" +
"}");
// The payload of the JWS is JSON content of the JWT Claims
jws.setPayload(jwtClaims.toJson());
// use private key to sign the JWT
jws.setKey(privateKey);
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
String jwt = jws.getCompactSerialization();
Assert.assertNotNull(jwt);
System.out.print("JWT = " + jwt);
JwtClaims claims = JwtHelper.verifyJwt(jwt, true, true, (kId, isToken) -> {
try {
// use public key to create the the JsonWebKey
Key publicKey = ks.getCertificate(alias).getPublicKey();
PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(publicKey);
List<JsonWebKey> jwkList = Arrays.asList(jwk);
return new JwksVerificationKeyResolver(jwkList);
} catch (JoseException | KeyStoreException e) {
throw new RuntimeException(e);
}
});
Assert.assertNotNull(claims);
Assert.assertEquals(iss, claims.getStringClaimValue("iss"));
}
Example 20
| Source File: JoseCookbookTest.java From Jose4j with Apache License 2.0 | 4 votes |
|
@Test
public void ecdsaSignature_4_3() throws JoseException
{
String jwkJson =
"{\n" +
" \"kty\": \"EC\",\n" +
" \"kid\": \"[email protected]\",\n" +
" \"use\": \"sig\",\n" +
" \"crv\": \"P-521\",\n" +
" \"x\": \"AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9\n" +
" A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt\",\n" +
" \"y\": \"AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy\n" +
" SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1\",\n" +
" \"d\": \"AAhRON2r9cqXX1hg-RoI6R1tX5p2rUAYdmpHZoC1XNM56KtscrX6zb\n" +
" KipQrCW9CGZH3T4ubpnoTKLDYJ_fF3_rJt\"\n" +
"}";
String jwsCompactSerialization =
"eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX" +
"hhbXBsZSJ9" +
"." +
"SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH" +
"lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk" +
"b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm" +
"UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4" +
"." +
"AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb" +
"u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv" +
"AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2";
String alg = AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512;
// verify consuming the JWS
JsonWebSignature jws = new JsonWebSignature();
jws.setCompactSerialization(jwsCompactSerialization);
JsonWebKey jwk = JsonWebKey.Factory.newJwk(jwkJson);
jws.setKey(jwk.getKey());
assertThat(jws.getUnverifiedPayload(), equalTo(jwsPayload));
assertThat(jws.verifySignature(), is(true));
assertThat(jws.getPayload(), equalTo(jwsPayload));
assertThat(jws.getKeyIdHeaderValue(), equalTo(jwk.getKeyId()));
assertThat(alg, equalTo(jws.getAlgorithmHeaderValue()));
// can't really verify reproducing ECDSA
}
