Class JWS

java.lang.Object

de.christofreichardt.json.websignature.JWS

public class JWS
extends Object

This class provides a Fluent API for generating and validating JSON Web Signatures.

Example 1: Signing

Firstly, we create a keypair:

JsonWebKeyPair jsonWebKeyPair = JsonWebKeyPair.of()
         .build();

Secondly, we need a payload:

String strSepaTransfer = """
         {
           "sepa-transfer": {
             "originator": {
               "iban": "DE02300606010002474689",
               "name": "Max Mustermann"
             },
             "date-time": "2025-05-28T13:32:07.1821996+02:00[Europe/Berlin]",
             "transfer-amount": 123.45,
             "purpose": "Rechnung-1234",
             "recipient": {
               "iban": "AT022040400040102634",
               "name": "Muster-Hotel"
             }
           }
         }
         """;
JsonObject sepaTransfer;
try (StringReader stringReader = new StringReader(strSepaTransfer);
      JsonReader jsonReader = Json.createReader(stringReader)) {
     sepaTransfer = jsonReader.readObject();
}

Please note that all bank accounts are fictitious. Now we can sign the sepaTransfer using the Fluent API:

String kid = UUID.randomUUID().toString();
JWSCompactSerialization compactSerialization = JWS.createSignature()
         .webkey(jsonWebKeyPair)
         .typ("JOSE")
         .kid(kid)
         .payload(sepaTransfer)
         .sign(new PrettyStringConverter());

This will create the following JOSE header within the first part of the JWS Compact Serialization:

{
     "alg": "ES256",
     "typ": "JOSE",
     "kid": "2973fb0a-3a6b-48b9-ad5f-c1c9ef1bc79e",
     "jwk": {
         "kty": "EC",
         "crv": "P-256",
         "x": "RV9KxZnDewjiQjoalsYUpjT3n1bbt-62b6HcDOt0lCE",
         "y": "Y7wtjOBdD9nPW-DMdUw0qL-PCBn4031vA-TMvGMVBe8"
     }
 }

(You will get other x,y coordinates with virtual certainty).

Example 2: Validating

Firstly, we need a JsonWebPublicKey. For this example we simply create one from the given "jwk" header parameter:

JsonWebPublicKey jsonWebPublicKey = JsonWebPublicKey.fromJson(compactSerialization.joseHeader().getJsonObject("jwk"));

In the real world, however, you would need to verify at least if the "kid" parameter checks, that is it refers to the authentic key (pair). Now we can validate the signature:

boolean validated = JWS.createValidator()
         .compactSerialization(compactSerialization)
         .webkey(jsonWebPublicKey)
         .validate();
assert validated;

Author:

Christof Reichardt

See Also:

• JsonWebPublicKey
• JWSCompactSerialization
• Section 3.1 of RFC 7515

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
protected static class	JWS.Signature	Implements all interfaces of the Fluent API related to creating signatures.
protected static class	JWS.Validator	Implements all interfaces of the Fluent API related to validating signatures.

Method Summary

Modifier and Type	Method	Description
static SignatureBegin	createSignature()	Entry point for creating signatures.
static ValidationBegin	createValidator()	Entry point for validating signatures.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

createSignature

public static SignatureBegin createSignature()

Entry point for creating signatures.

Returns:

a SignatureBegin instance, an interface of the Fluent API.

createValidator

public static ValidationBegin createValidator()

Entry point for validating signatures.

Returns:

a ValidationBegin instance, an interface of the Fluent API.