JWS PS256 with the BouncyCastle FIPS provider

The Nimbus JOSE+JWT library received an update in version 9.6 to handle the BouncyCastle FIPS algorithm names required to instantiate PS256, PS384 and PS512 JWS signers and verifiers.

Example Java code for creating a PS256 signer and verifier with the BouncyCastle FIPS provider:

import java.security.PrivateKey;
import java.security.interfaces.RSAPublicKey;
import com.nimbusds.jose.*;
import com.nimbusds.jose.crypto.*;
import com.nimbusds.jose.crypto.bc.BouncyCastleFIPSProviderSingleton;

// Create RSA signer and set BC FIPS provider
JWSSigner signer = new RSASSASigner(privateKey);
signer.getJCAContext().setProvider(BouncyCastleFIPSProviderSingleton.getInstance());

// Sign
JWSObject jwsObject = new JWSObject(
    new JWSHeader.Builder(JWSAlgorithm.PS256).build(),
    new Payload("Some payload"));
jwsObject.sign(signer);

// Create RSA verifier and set BC FIPS provider
JWSVerifier verifier = new RSASSAVerifier(publicKey);
verifier.getJCAContext().setProvider(BouncyCastleFIPSProviderSingleton.getInstance());

// Verify signature
assertTrue(jwsObject.verify(verifier));