Poco::JWT

class Signer

File Information

Library: JWT
Package: JWT
Header: Poco/JWT/Signer.h

Description

This class signs and verifies the signature of JSON Web Tokens.

The following signing algorithms are supported:

  • HS256 (HMAC using SHA256)
  • HS384 (HMAC using SHA384)
  • HS512 (HMAC using SHA512)
  • RS256 (RSA SSA PKCS1 v1.5 using SHA256)
  • RS384 (RSA SSA PKCS1 v1.5 using SHA384)
  • RS512 (RSA SSA PKCS1 v1.5 using SHA512)
  • ES256 (ECDSA using P-256 and SHA-256)
  • ES384 (ECDSA using P-256 and SHA-384)
  • ES512 (ECDSA using P-256 and SHA-512)

Member Summary

Member Functions: addAlgorithm, addAllAlgorithms, decode, encode, getAlgorithms, getECKey, getHMACKey, getRSAKey, setAlgorithms, setECKey, setHMACKey, setRSAKey, sign, tryVerify, verify

Constructors

Signer

Signer();

Creates a Signer.

For signing and verification, a key must be set using the setHMACKey(), setRSAKey() or setECKey() methods.

Sets HS256 as the only allowed algorithm. Call setAlgorithms() or addAlgorithm() to allow additional algorithms for verification.

Signer

explicit Signer(
    const std::string & hmacKey
);

Creates the Signer using the given secret/key for HMAC-based signing and verification.

Sets HS256 as the only allowed algorithm. Call setAlgorithms() or addAlgorithm() to allow additional algorithms for verification.

Signer

explicit Signer(
    const Poco::SharedPtr < Poco::Crypto::RSAKey > & pRSAKey
);

Creates the Signer using the given secret/key for RSA-based signing and verification.

Sets HS256 as the only allowed algorithm. Call setAlgorithms() or addAlgorithm() to allow additional algorithms for verification.

Signer

explicit Signer(
    const Poco::SharedPtr < Poco::Crypto::ECKey > & pECKey
);

Creates the Signer using the given secret/key for EC-based signing and verification.

Sets HS256 as the only allowed algorithm. Call setAlgorithms() or addAlgorithm() to allow additional algorithms for verification.

Destructor

~Signer

~Signer();

Destroys the Signer.

Member Functions

addAlgorithm

Signer & addAlgorithm(
    const std::string & algorithm
);

Adds an algorithm to the set of allowed algorithms.

addAllAlgorithms

Signer & addAllAlgorithms();

Adds all supported algorithm to the set of allowed algorithms.

getAlgorithms inline

const std::set < std::string > & getAlgorithms() const;

Returns the allowed algorithms for signing.

getECKey inline

Poco::SharedPtr < Poco::Crypto::ECKey > getECKey() const;

Returns the key used for EC-based signing and verification.

getHMACKey inline

const std::string getHMACKey() const;

Returns the key used for HMAC-based signing and verification.

getRSAKey inline

Poco::SharedPtr < Poco::Crypto::RSAKey > getRSAKey() const;

Returns the key used for RSA-based signing and verification.

setAlgorithms

Signer & setAlgorithms(
    const std::set < std::string > & algorithms
);

Sets the allowed algorithms for signing.

When verifying JWTs, the algorithm used for signing must be one of the allowed algorithms.

setECKey

Signer & setECKey(
    const Poco::SharedPtr < Poco::Crypto::ECKey > & pKey
);

Sets the key used for EC-based signing and verification.

setHMACKey

Signer & setHMACKey(
    const std::string & key
);

Sets the key used for HMAC-based signing and verification.

setRSAKey

Signer & setRSAKey(
    const Poco::SharedPtr < Poco::Crypto::RSAKey > & pKey
);

Sets the key used for RSA-based signing and verification.

sign

std::string sign(
    Token & token,
    const std::string & algorithm
) const;

Signs the given token using the given algorithm.

An appropriate key must have been provided prior to calling sign().

Returns the serialized JWT including the signature.

tryVerify

bool tryVerify(
    const std::string & jwt,
    Token & token
) const;

Verifies the given serialized JSON Web Token and stores it in the given Token object.

An appropriate key must have been provided prior to calling verify().

If successful, returns true, otherwise false.

verify

Token verify(
    const std::string & jwt
) const;

Verifies the given serialized JSON Web Token.

An appropriate key must have been provided prior to calling verify().

If successful, returns a Token object. If not successful, throws a SignatureVerificationException.

decode protected static

static Poco::DigestEngine::Digest decode(
    const std::string & signature
);

encode protected static

static std::string encode(
    const Poco::DigestEngine::Digest & digest
);

Variables

ALGO_ES256 static

static const std::string ALGO_ES256;

ALGO_ES384 static

static const std::string ALGO_ES384;

ALGO_ES512 static

static const std::string ALGO_ES512;

ALGO_HS256 static

static const std::string ALGO_HS256;

ALGO_HS384 static

static const std::string ALGO_HS384;

ALGO_HS512 static

static const std::string ALGO_HS512;

ALGO_NONE static

static const std::string ALGO_NONE;

ALGO_RS256 static

static const std::string ALGO_RS256;

ALGO_RS384 static

static const std::string ALGO_RS384;

ALGO_RS512 static

static const std::string ALGO_RS512;

Securely control IoT edge devices from anywhere   Connect a Device