@Override public boolean verify(final JWSHeader header, final byte[] signedContent, final Base64URL signature) throws JOSEException { if (! critPolicy.headerPasses(header)) { return false; } final Signature verifier = RSASSA.getSignerAndVerifier(header.getAlgorithm(), getJCAContext().getProvider()); try { verifier.initVerify(publicKey); } catch (InvalidKeyException e) { throw new JOSEException("Invalid public RSA key: " + e.getMessage(), e); } try { verifier.update(signedContent); return verifier.verify(signature.decode()); } catch (SignatureException e) { return false; } } }