001 package com.nimbusds.jose;
002
003
004 import com.nimbusds.jose.util.Base64URL;
005
006
007 /**
008 * Interface for verifying JSON Web Signature (JWS) objects.
009 *
010 * <p>Callers can query the verifier to determine its algorithm capabilities as
011 * well as the JWS algorithms and header parameters that are accepted for
012 * processing.
013 *
014 * @author Vladimir Dzhuvinov
015 * @version $version$ (2012-10-23)
016 */
017 public interface JWSVerifier extends JWSAlgorithmProvider {
018
019
020 /**
021 * Gets the JWS header filter associated with the verifier. Specifies the
022 * names of those {@link #supportedAlgorithms supported JWS algorithms} and
023 * header parameters that the verifier is configured to accept.
024 *
025 * <p>Attempting to {@link #verify verify} a JWS object signature with an
026 * algorithm or header parameter that is not accepted must result in a
027 * {@link JOSEException}.
028 *
029 * @return The JWS header filter.
030 */
031 public JWSHeaderFilter getJWSHeaderFilter();
032
033
034 /**
035 * Verifies the specified {@link JWSObject#getSignature signature} of a
036 * {@link JWSObject JWS object}.
037 *
038 * @param header The JSON Web Signature (JWS) header. Must
039 * specify an accepted JWS algorithm, must contain
040 * only accepted header parameters, and must not be
041 * {@code null}.
042 * @param signedContent The signed content. Must not be {@code null}.
043 * @param signature The signature part of the JWS object. Must not
044 * be {@code null}.
045 *
046 * @return {@code true} if the signature was successfully verified, else
047 * {@code false}.
048 *
049 * @throws JOSEException If the JWS algorithm is not accepted, if a header
050 * parameter is not accepted, or if signature
051 * verification failed for some other reason.
052 */
053 public boolean verify(final ReadOnlyJWSHeader header,
054 final byte[] signedContent,
055 final Base64URL signature)
056 throws JOSEException;
057 }