Swift
Swift
Validate a JWS Using ECDSA P-256 SHA-256
See more JSON Web Signatures (JWS) Examples
Validates a JSON Web Signature (JWS) that uses ECDSA P-256 SHA-256Chilkat Swift Downloads
func chilkatTest() {
var success: Bool = false
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// This example takes a JSON signature in compact serialization format,
// and uses an ECDSA public key to validate and recover the protected header and payload.
// We only need a public key for signature validation. This is the ECDSA public key
// that is used:
// {"kty":"EC",
// "crv":"P-256",
// "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU",
// "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0"
// }
let sbPubKey = CkoStringBuilder()!
sbPubKey.append(value: "{\"kty\":\"EC\",")
sbPubKey.append(value: "\"crv\":\"P-256\",")
sbPubKey.append(value: "\"x\":\"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU\",")
sbPubKey.append(value: "\"y\":\"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0\"")
sbPubKey.append(value: "}")
let pubKey = CkoPublicKey()!
success = pubKey.load(fromString: sbPubKey.getAsString())
if success == false {
print("\(pubKey.lastErrorText!)")
return
}
let jws = CkoJws()!
// Set the ECC public key:
var signatureIndex: Int = 0
jws.setPublicKey(index: signatureIndex, pubKey: pubKey)
// Load the JWS.
let sbJws = CkoStringBuilder()!
sbJws.append(value: "eyJhbGciOiJFUzI1NiJ9")
sbJws.append(value: ".")
sbJws.append(value: "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt")
sbJws.append(value: "cGxlLmNvbS9pc19yb290Ijp0cnVlfQ")
sbJws.append(value: ".")
sbJws.append(value: "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSA")
sbJws.append(value: "pmWQxfKTUJqPP3-Kg6NU1Q")
success = jws.loadSb(sbJws: sbJws)
if success == false {
print("\(jws.lastErrorText!)")
return
}
// Validate the 1st (and only) signature at index 0..
var v: Int = jws.validate(index: signatureIndex).intValue
if v < 0 {
// Perhaps Chilkat was not unlocked or the trial expired..
print("Method call failed for some other reason.")
print("\(jws.lastErrorText!)")
return
}
if v == 0 {
print("Invalid signature. The ECC key was incorrect, the JWS was invalid, or both.")
return
}
// If we get here, the signature was validated..
print("Signature validated.")
print("--")
// Recover the original content:
print("Recovered content:")
print("\(jws.getPayload(charset: "utf-8")!)")
print("--")
// Examine the protected header:
let joseHeader = CkoJsonObject()!
success = jws.getProtectedH(index: signatureIndex, json: joseHeader)
if success == false {
print("\(jws.lastErrorText!)")
return
}
joseHeader.emitCompact = false
print("Protected (JOSE) header:")
print("\(joseHeader.emit()!)")
// Output:
// Signature validated.
// --
// Recovered content:
// {"iss":"joe",
// "exp":1300819380,
// "http://example.com/is_root":true}
// --
// Protected (JOSE) header:
// {
// "alg": "ES256"
// }
}