JsonWebSignature jws = new JsonWebSignature(); jws.setHeader("cty", "jwt");
// That other party, the receiver, can then use JsonWebEncryption to decrypt the message. JsonWebEncryption receiverJwe = new JsonWebEncryption(); // Set the compact serialization on new Json Web Encryption object //This is the received payload JWE payload receiverJwe.setCompactSerialization(result.toString()); // Symmetric encryption, like we are doing here, requires that both parties have the same key. // The key will have had to have been securely exchanged out-of-band somehow. receiverJwe.setKey(secretKeySpec); // Set the "alg" header, which indicates the key management mode for this JWE. // In this example we are using the direct key management mode, which means // the given key will be used directly as the content encryption key. //receiverJwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.DIRECT); //receiverJwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256); // Get the message that was encrypted in the JWE. This step performs the actual decryption steps. String jwsPayload = receiverJwe.getPlaintextString(); // And do whatever you need to do with the clear text message. System.out.println("plaintext: " + jwsPayload); // Create a new JsonWebSignature object JsonWebSignature jws = new JsonWebSignature(); jws.setCompactSerialization(jwsPayload); jws.setKey(secretKeySpec); boolean signatureVerified = jws.verifySignature(); // Do something useful with the result of signature verification System.out.println("JWS Signature is valid: " + signatureVerified); // Get the payload, or signed content, from the JWS String payload = jws.getPayload(); // Do something useful with the content System.out.println("JWS payload: " + payload);
Key key = new HmacKey(secret.getBytes("UTF-8")); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA256);
JsonWebSignature jws = new JsonWebSignature();