001package com.nimbusds.jose; 002 003 004import com.nimbusds.jose.util.Base64URL; 005 006 007/** 008 * Interface for verifying JSON Web Signature (JWS) objects. 009 * 010 * <p>Callers can query the verifier to determine its algorithm capabilities as 011 * well as the JWS algorithms and header parameters that are accepted for 012 * processing. 013 * 014 * @author Vladimir Dzhuvinov 015 * @version $version$ (2012-10-23) 016 */ 017public interface JWSVerifier extends JWSAlgorithmProvider { 018 019 020 /** 021 * Gets the JWS header filter associated with the verifier. Specifies the 022 * names of those {@link #supportedAlgorithms supported JWS algorithms} and 023 * header parameters that the verifier is configured to accept. 024 * 025 * <p>Attempting to {@link #verify verify} a JWS object signature with an 026 * algorithm or header parameter that is not accepted must result in a 027 * {@link JOSEException}. 028 * 029 * @return The JWS header filter. 030 */ 031 public JWSHeaderFilter getJWSHeaderFilter(); 032 033 034 /** 035 * Verifies the specified {@link JWSObject#getSignature signature} of a 036 * {@link JWSObject JWS object}. 037 * 038 * @param header The JSON Web Signature (JWS) header. Must 039 * specify an accepted JWS algorithm, must contain 040 * only accepted header parameters, and must not be 041 * {@code null}. 042 * @param signedContent The signed content. Must not be {@code null}. 043 * @param signature The signature part of the JWS object. Must not 044 * be {@code null}. 045 * 046 * @return {@code true} if the signature was successfully verified, else 047 * {@code false}. 048 * 049 * @throws JOSEException If the JWS algorithm is not accepted, if a header 050 * parameter is not accepted, or if signature 051 * verification failed for some other reason. 052 */ 053 public boolean verify(final ReadOnlyJWSHeader header, 054 final byte[] signedContent, 055 final Base64URL signature) 056 throws JOSEException; 057}