Source code

001package com.nimbusds.jose.crypto.factories;
002
003
004import java.security.Key;
005import java.security.interfaces.ECPublicKey;
006import java.security.interfaces.RSAPublicKey;
007import java.util.Collections;
008import java.util.LinkedHashSet;
009import java.util.Set;
010import javax.crypto.SecretKey;
011
012import com.nimbusds.jose.*;
013import com.nimbusds.jose.crypto.ECDSAVerifier;
014import com.nimbusds.jose.crypto.MACVerifier;
015import com.nimbusds.jose.crypto.RSASSAVerifier;
016import com.nimbusds.jose.jca.JCAContext;
017import com.nimbusds.jose.proc.JWSVerifierFactory;
018import net.jcip.annotations.ThreadSafe;
019
020
021/**
022 * Default JSON Web Signature (JWS) verifier factory.
023 *
024 * <p>Supports all standard JWS algorithms implemented in the
025 * {@link com.nimbusds.jose.crypto} package.
026 *
027 * @author Vladimir Dzhuvinov
028 * @version 2015-11-16
029 */
030@ThreadSafe
031public class DefaultJWSVerifierFactory implements JWSVerifierFactory {
032
033
034        /**
035         * The supported JWS algorithms.
036         */
037        public static final Set<JWSAlgorithm> SUPPORTED_ALGORITHMS;
038
039
040        static {
041                Set<JWSAlgorithm> algs = new LinkedHashSet<>();
042                algs.addAll(MACVerifier.SUPPORTED_ALGORITHMS);
043                algs.addAll(RSASSAVerifier.SUPPORTED_ALGORITHMS);
044                algs.addAll(ECDSAVerifier.SUPPORTED_ALGORITHMS);
045                SUPPORTED_ALGORITHMS = Collections.unmodifiableSet(algs);
046        }
047
048
049        /**
050         * The JCA context.
051         */
052        private final JCAContext jcaContext = new JCAContext();
053
054
055        @Override
056        public Set<JWSAlgorithm> supportedJWSAlgorithms() {
057
058                return SUPPORTED_ALGORITHMS;
059        }
060
061
062        @Override
063        public JCAContext getJCAContext() {
064
065                return jcaContext;
066        }
067
068
069        @Override
070        public JWSVerifier createJWSVerifier(final JWSHeader header, final Key key)
071                throws JOSEException {
072
073                JWSVerifier verifier;
074
075                if (MACVerifier.SUPPORTED_ALGORITHMS.contains(header.getAlgorithm())) {
076
077                        if (!(key instanceof SecretKey)) {
078                                throw new KeyTypeException(SecretKey.class);
079                        }
080
081                        SecretKey macKey = (SecretKey)key;
082
083                        verifier = new MACVerifier(macKey);
084
085                } else if (RSASSAVerifier.SUPPORTED_ALGORITHMS.contains(header.getAlgorithm())) {
086
087                        if (!(key instanceof RSAPublicKey)) {
088                                throw new KeyTypeException(RSAPublicKey.class);
089                        }
090
091                        RSAPublicKey rsaPublicKey = (RSAPublicKey)key;
092
093                        verifier = new RSASSAVerifier(rsaPublicKey);
094
095                } else if (ECDSAVerifier.SUPPORTED_ALGORITHMS.contains(header.getAlgorithm())) {
096
097                        if (!(key instanceof ECPublicKey)) {
098                                throw new KeyTypeException(ECPublicKey.class);
099                        }
100
101                        ECPublicKey ecPublicKey = (ECPublicKey)key;
102
103                        verifier = new ECDSAVerifier(ecPublicKey);
104
105                } else {
106
107                        throw new JOSEException("Unsupported JWS algorithm: " + header.getAlgorithm());
108                }
109
110                // Apply JCA context
111                verifier.getJCAContext().setSecureRandom(jcaContext.getSecureRandom());
112                verifier.getJCAContext().setProvider(jcaContext.getProvider());
113
114                return verifier;
115        }
116}