001package com.nimbusds.jose.proc; 002 003 004import java.security.Key; 005import java.security.interfaces.ECPublicKey; 006import java.security.interfaces.RSAPublicKey; 007 008import javax.crypto.SecretKey; 009 010import com.nimbusds.jose.KeyTypeException; 011import net.jcip.annotations.ThreadSafe; 012 013import com.nimbusds.jose.JOSEException; 014import com.nimbusds.jose.JWSHeader; 015import com.nimbusds.jose.JWSVerifier; 016import com.nimbusds.jose.crypto.ECDSAVerifier; 017import com.nimbusds.jose.crypto.MACVerifier; 018import com.nimbusds.jose.crypto.RSASSAVerifier; 019 020 021/** 022 * Default JSON Web Signature (JWS) verifier factory. 023 * 024 * <p>Supports all standard JWS algorithms implemented in the 025 * {@link com.nimbusds.jose.crypto} package. 026 * 027 * @author Vladimir Dzhuvinov 028 * @version 2015-06-08 029 */ 030@ThreadSafe 031public class DefaultJWSVerifierFactory implements JWSVerifierFactory { 032 033 034 @Override 035 public JWSVerifier createJWSVerifier(final JWSHeader header, final Key key) 036 throws JOSEException { 037 038 if (MACVerifier.SUPPORTED_ALGORITHMS.contains(header.getAlgorithm())) { 039 040 if (!(key instanceof SecretKey)) { 041 throw new KeyTypeException(SecretKey.class); 042 } 043 044 SecretKey macKey = (SecretKey)key; 045 046 return new MACVerifier(macKey); 047 048 } else if (RSASSAVerifier.SUPPORTED_ALGORITHMS.contains(header.getAlgorithm())) { 049 050 if (!(key instanceof RSAPublicKey)) { 051 throw new KeyTypeException(RSAPublicKey.class); 052 } 053 054 RSAPublicKey rsaPublicKey = (RSAPublicKey)key; 055 056 return new RSASSAVerifier(rsaPublicKey); 057 058 } else if (ECDSAVerifier.SUPPORTED_ALGORITHMS.contains(header.getAlgorithm())) { 059 060 if (!(key instanceof ECPublicKey)) { 061 throw new KeyTypeException(ECPublicKey.class); 062 } 063 064 ECPublicKey ecPublicKey = (ECPublicKey)key; 065 066 return new ECDSAVerifier(ecPublicKey); 067 068 } else { 069 070 throw new JOSEException("Unsupported JWS algorithm: " + header.getAlgorithm()); 071 } 072 } 073}