Class JwsHeader

java.lang.Object
org.springframework.security.oauth2.jwt.JwsHeader
public final class JwsHeader extends Object
The JSON Web Signature (JWS) header is a JSON object representing the header parameters of a JSON Web Token, that describe the cryptographic operations used to digitally sign or create a MAC of the contents of the JWS Protected Header and JWS Payload.
Since:
5.6
See Also:

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    static final class 
    JwsHeader.Builder
    A builder for JwsHeader.

  • Method Summary

    Modifier and Type
    Method
    Description
    static JwsHeader.Builder
    from(JwsHeader headers)
    Returns a new JwsHeader.Builder, initialized with the provided headers.
    JwsAlgorithm
    getAlgorithm()
    Returns the JWA algorithm used to digitally sign the JWS or encrypt the JWE.
    @Nullable String
    getContentType()
    Returns the content type header that declares the media type of the secured content (the payload).
    @Nullable Set<String>
    getCritical()
    Returns the critical headers that indicates which extensions to the JWS/JWE/JWA specifications are being used that MUST be understood and processed.
    <T> @Nullable T
    getHeader(String name)
    Returns the header value.
    Map<String,Object>
    getHeaders()
    Returns the headers.
    @Nullable Map<String,Object>
    getJwk()
    Returns the JSON Web Key which is the public key that corresponds to the key used to digitally sign the JWS or encrypt the JWE.
    @Nullable URL
    getJwkSetUrl()
    Returns the JWK Set URL that refers to the resource of a set of JSON-encoded public keys, one of which corresponds to the key used to digitally sign the JWS or encrypt the JWE.
    @Nullable String
    getKeyId()
    Returns the key ID that is a hint indicating which key was used to secure the JWS or JWE.
    @Nullable String
    getType()
    Returns the type header that declares the media type of the JWS/JWE.
    @Nullable List<String>
    getX509CertificateChain()
    Returns the X.509 certificate chain that contains the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE.
    @Nullable String
    getX509SHA1Thumbprint()
    Deprecated.
    The SHA-1 algorithm has been proven to be vulnerable to collision attacks and should not be used.
    @Nullable String
    getX509SHA256Thumbprint()
    Returns the X.509 certificate SHA-256 thumbprint that is a base64url-encoded SHA-256 thumbprint (a.k.a.
    @Nullable URL
    getX509Url()
    Returns the X.509 URL that refers to the resource for the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE.
    static JwsHeader.Builder
    with(JwsAlgorithm jwsAlgorithm)
    Returns a new JwsHeader.Builder, initialized with the provided JwsAlgorithm.

    Methods inherited from class Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Method Details

    • getAlgorithm

      public JwsAlgorithm getAlgorithm()
      Returns the JWA algorithm used to digitally sign the JWS or encrypt the JWE.
      Returns:
      the JwaAlgorithm

    • with

      public static JwsHeader.Builder with(JwsAlgorithm jwsAlgorithm)
      Returns a new JwsHeader.Builder, initialized with the provided JwsAlgorithm.
      Parameters:
      jwsAlgorithm - the JwsAlgorithm
      Returns:
      the JwsHeader.Builder

    • from

      public static JwsHeader.Builder from(JwsHeader headers)
      Returns a new JwsHeader.Builder, initialized with the provided headers.
      Parameters:
      headers - the headers
      Returns:
      the JwsHeader.Builder

    • getJwkSetUrl

      public @Nullable URL getJwkSetUrl()
      Returns the JWK Set URL that refers to the resource of a set of JSON-encoded public keys, one of which corresponds to the key used to digitally sign the JWS or encrypt the JWE.
      Returns:
      the JWK Set URL, or null if the header is absent

    • getJwk

      public @Nullable Map<String,Object> getJwk()
      Returns the JSON Web Key which is the public key that corresponds to the key used to digitally sign the JWS or encrypt the JWE.
      Returns:
      the JSON Web Key, or null if the header is absent

    • getKeyId

      public @Nullable String getKeyId()
      Returns the key ID that is a hint indicating which key was used to secure the JWS or JWE.
      Returns:
      the key ID, or null if the header is absent

    • getX509Url

      public @Nullable URL getX509Url()
      Returns the X.509 URL that refers to the resource for the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE.
      Returns:
      the X.509 URL, or null if the header is absent

    • getX509CertificateChain

      public @Nullable List<String> getX509CertificateChain()
      Returns the X.509 certificate chain that contains the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE. The certificate or certificate chain is represented as a List of certificate value Strings. Each String in the List is a Base64-encoded DER PKIX certificate value.
      Returns:
      the X.509 certificate chain, or null if the header is absent

    • getX509SHA1Thumbprint

      @Deprecated public @Nullable String getX509SHA1Thumbprint()
      Deprecated.
      The SHA-1 algorithm has been proven to be vulnerable to collision attacks and should not be used. See the Google Security Blog for more info.
      Returns the X.509 certificate SHA-1 thumbprint that is a base64url-encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of the X.509 certificate corresponding to the key used to digitally sign the JWS or encrypt the JWE.
      Returns:
      the X.509 certificate SHA-1 thumbprint, or null if the header is absent
      See Also:

    • getX509SHA256Thumbprint

      public @Nullable String getX509SHA256Thumbprint()
      Returns the X.509 certificate SHA-256 thumbprint that is a base64url-encoded SHA-256 thumbprint (a.k.a. digest) of the DER encoding of the X.509 certificate corresponding to the key used to digitally sign the JWS or encrypt the JWE.
      Returns:
      the X.509 certificate SHA-256 thumbprint, or null if the header is absent

    • getType

      public @Nullable String getType()
      Returns the type header that declares the media type of the JWS/JWE.
      Returns:
      the type header, or null if the header is absent

    • getContentType

      public @Nullable String getContentType()
      Returns the content type header that declares the media type of the secured content (the payload).
      Returns:
      the content type header, or null if the header is absent

    • getCritical

      public @Nullable Set<String> getCritical()
      Returns the critical headers that indicates which extensions to the JWS/JWE/JWA specifications are being used that MUST be understood and processed.
      Returns:
      the critical headers, or null if the header is absent

    • getHeaders

      public Map<String,Object> getHeaders()
      Returns the headers.
      Returns:
      the headers

    • getHeader

      public <T> @Nullable T getHeader(String name)
      Returns the header value.
      Type Parameters:
      T - the type of the header value
      Parameters:
      name - the header name
      Returns:
      the header value, or null if the header is absent