|
214 | 214 | </p> |
215 | 215 | <p class="section"> |
216 | 216 | JSON Web Keys are JSON data structures representing cryptographic keys. The RFC 7517 (JSON Web Key) defines only the common parameters such like the mandatory |
217 | | - "kty" (the key type identifying the cryptographic family of the key) or the optional "kid" (the key id which may be used by applications to look up, for instance, the key |
| 217 | + "kty" (the key type identifying the cryptographic family of the key) or the optional "kid" (the key id which may be used by an application to look up, for instance, the key |
218 | 218 | required to validate a digital signature) and leaves the parameters specific to certain cryptographic algorithms to RFC 7518 (JSON Web Algorithms). |
219 | 219 | There are further RFCs describing the usage of additional algorithms like EdDSA and their respective specific keys not covered by RFC 7518. |
220 | 220 | </p> |
|
431 | 431 | scenario the authenticity of a particular Open ID Connect Provider can be established by HTTPS and accompanying certificate chains. |
432 | 432 | </p> |
433 | 433 | <p class="section"> |
434 | | - You don't have to consult the <span class="code">JOSEHeader</span> class if you use the Fluent API to create JSON Web Signatures because then the JOSE Header will be inferred |
435 | | - from your input. But it might be useful if you must provide a custom JOSE header, e.g. by directly using the <span class="code">JWSSigner</span>. |
| 434 | + You don't have to consult the <span class="code">JOSEHeader</span> class if you use the <aclass="content" href="#fluent-api">Fluent API</a> to create JSON Web Signatures because then |
| 435 | + the JOSE Header will be inferred from your input. But it might be useful if you must provide a custom JOSE header, e.g. by directly using the <span class="code">JWSSigner</span>. |
436 | 436 | </p> |
437 | 437 | <p class="section"> |
438 | 438 | This distribution presently supports the following JOSE header parameter |
|
606 | 606 | .payload(payload) |
607 | 607 | .sign();</p> |
608 | 608 | <p class="section"> |
609 | | - The textual representation of the JWS Compact Serialization are three Base64Url encoded parts separated by two dots, e.g.: |
| 609 | + The textual representation of the JWS Compact Serialization are three Base64-URL encoded parts separated by two dots, e.g.: |
610 | 610 | </p> |
611 | 611 | <p class="code">eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlOGQyOTA3LTk5YjAtNDQ5Zi04MzVjLTY5ZWZhNjc1YjBiNSIsImp3ayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6ImhjTUF3X0JxUXN2NDU3RHh2UnprQVJXRDl4MWVsTm9EX3RTREwtcmVlUTAiLCJ5IjoiVmFjM0M4ejlscXdDNmdxbTl1bVNLb0tfRnE0OGU1MnJyd2xqeF81SFloMCJ9fQ.eyJpc3MiOiJPcGVuSURDb25uZWN0LVByb3ZpZGVyIiwiZXhwIjoxNzQ0NzMyOTk2LCJhdWQiOiJQcm90ZWN0ZWQgQXBwIiwianRpIjoiZTU3NWZhNjgtNGQyNC00Mzk4LWEyYzgtODc0MzJkOGFhNTdiIiwibmFtZSI6IlRpbmEgVGVzdGVyIiwiZW1haWwiOiJ0aW5hLXRlc3RlckB4eXouYWJjIiwicm9sZXMiOlsiYXBwLXVzZXIiLCJhcHAtdGVzdGVyIl19.XvBeAVcUHMvZj1f2xw4WRB52_Ii721u5DpGGqbRwpim4xkXWcppVdhYMb3xyLbJzK9ZoR3mgTJ8ZFx_eNpui9A</p> |
612 | 612 | <p class="section"> |
|
829 | 829 | } |
830 | 830 | }""";</p> |
831 | 831 | <p class="section"> |
832 | | - The JSON string referenced by <span class="code">secret</span> contains the Base64Url encoded key bytes: |
| 832 | + The JSON string referenced by <span class="code">secret</span> contains the Base64-URL encoded key bytes: |
833 | 833 | </p> |
834 | 834 | <p class="code">JsonObject keyMaterial; |
835 | 835 | try (StringReader stringReader = new StringReader(strKeyMaterial); |
|
942 | 942 | <p class="section"> |
943 | 943 | Both <span class="code">r</span> and <span class="code">s</span> can be appended and then Base64-URL encoded to obtain the actual signature: |
944 | 944 | </p> |
945 | | - <p class="code">System.arraycopy(r, 0, signature, 0, r.length); |
| 945 | + <p class="code">byte[] signature = new byte[64]; |
| 946 | +System.arraycopy(r, 0, signature, 0, r.length); |
946 | 947 | System.arraycopy(s, 0, signature, 32, s.length); |
947 | 948 | String encodedSignature = JWSBase.encode(signature); |
948 | 949 | assert Objects.equals(encodedSignature, "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSApmWQxfKTUJqPP3-Kg6NU1Q");</p> |
|
0 commit comments