Script: Class dw.crypto.JWS

Class JWS

This class represents a JSON Web Signature (JWS) object.

Note: this class handles sensitive security-related data. Pay special attention to PCI DSS v3 requirements 2, 4, and 12.

Properties

algorithm : String Read Only

Get the algorithm (alg) from the header.

header : JWSHeader Read Only

Get a copy of the JWS header.

headerMap : Map Read Only

Get a copy of the JWS header as a Map.

payload : String Read Only

Get the payload from this object.

This is available even if the signature has not been verified.

Constructor Summary

JWS(header : JWSHeader, payload : String)

Construct a new JWS for signing.

JWS(header : JWSHeader, payload : Bytes)

Construct a new JWS for signing.

Method Summary

getAlgorithm() : String

Get the algorithm (alg) from the header.

getHeader() : JWSHeader

Get a copy of the JWS header.

getHeaderMap() : Map

Get a copy of the JWS header as a Map.

getPayload() : String

Get the payload from this object.

static parse(jws : String) : JWS

Parse a JSON Web Signature (JWS) object from its compact serialization format.

static parse(jws : String, payload : String) : JWS

Parse a JSON Web Signature (JWS) object from its compact serialization format.

static parse(jws : String, payload : Bytes) : JWS

Parse a JSON Web Signature (JWS) object from its compact serialization format.

serialize(detachPayload : boolean) : String

Get this JWS in compact serialization form.

sign(keyRef : KeyRef) : void

Sign the payload using the given private key.

verify(certificateRef : CertificateRef) : boolean

Verifies the signature of the payload.

Methods inherited from class Object

assign, create, create, defineProperties, defineProperty, entries, freeze, fromEntries, getOwnPropertyDescriptor, getOwnPropertyNames, getOwnPropertySymbols, getPrototypeOf, hasOwnProperty, is, isExtensible, isFrozen, isPrototypeOf, isSealed, keys, preventExtensions, propertyIsEnumerable, seal, setPrototypeOf, toLocaleString, toString, valueOf, values

Constructor Detail

JWS

publicJWS(header : JWSHeader, payload : String)

Construct a new JWS for signing.

Parameters:

header - JWS header. This must include a valid algorithm (alg). See verify(CertificateRef) for a list of supported algorithms.

payload - Content that will be signed.


JWS

publicJWS(header : JWSHeader, payload : Bytes)

Construct a new JWS for signing.

Parameters:

header - JWS header. This must include a valid algorithm (alg). See verify(CertificateRef) for a list of supported algorithms.

payload - Content that will be signed.


Method Detail

getAlgorithm

getAlgorithm() : String

Get the algorithm (alg) from the header.

Returns:

Value of the algorithm or null if missing.

getHeader

getHeader() : JWSHeader

Get a copy of the JWS header.

Returns:

Copy of the JWS header.


getHeaderMap

getHeaderMap() : Map

Get a copy of the JWS header as a Map.

Returns:

Copy of the JWS header.


getPayload

getPayload() : String

Get the payload from this object.

This is available even if the signature has not been verified.

Returns:

UTF-8 encoded payload.


parse

static parse(jws : String) : JWS

Parse a JSON Web Signature (JWS) object from its compact serialization format.

Parameters:

jws - JWS in compact serialization format.

Returns:

JWS object.


parse

static parse(jws : String, payload : String) : JWS

Parse a JSON Web Signature (JWS) object from its compact serialization format.

Parameters:

jws - JWS without a payload in compact serialization format.

payload - Detached payload

Returns:

JWS object.


parse

static parse(jws : String, payload : Bytes) : JWS

Parse a JSON Web Signature (JWS) object from its compact serialization format.

Parameters:

jws - JWS without a payload in compact serialization format.

payload - Detached payload

Returns:

JWS object.


serialize

serialize(detachPayload : boolean) : String

Get this JWS in compact serialization form.

Parameters:

detachPayload - true for a detached payload compliant with RFC-7797, or false to serialize the payload too.

Returns:

Compact serialized object.


sign

sign(keyRef : KeyRef) : void

Sign the payload using the given private key.

The key type and size must match the algorithm given in the JWS header.

Parameters:

keyRef - Reference to the private key.

Throws:

Exception - if there is an error while signing the payload.


verify

verify(certificateRef : CertificateRef) : boolean

Verifies the signature of the payload.

If the x5c header parameter is present, then that certificate chain will be used to verify the signature and the given certificateRef must be its root certificate. If this parameter is not present then the given certificateRef will be used to directly verify the signature.

The following algorithms are supported:

  • ES256
  • ES256K
  • ES384
  • ES512
  • RS256
  • RS384
  • RS512
  • PS256
  • PS384
  • PS512

Parameters:

certificateRef - Reference to the certificate to use for verification.

Returns:

a boolean indicating success (true) or failure (false).

Throws:

Exception - if there is an error while processing the certificate (for example if the x5c is not signed by the given certificate) or the algorithm is unsupported.