Module io.inverno.mod.security.jose
Package io.inverno.mod.security.jose.internal.jwk

Class AbstractX509JWK<A extends PublicKey,B extends PrivateKey>

java.lang.Object
io.inverno.mod.security.jose.internal.jwk.AbstractJWK
io.inverno.mod.security.jose.internal.jwk.AbstractX509JWK<A,B>
Type Parameters:
A - the public key type
B - the private key type
All Implemented Interfaces:
AsymmetricJWK<A,B>, JWK, X509JWK<A,B>
Direct Known Subclasses:
AbstractOKPJWK, GenericECJWK, GenericRSAJWK
public abstract class AbstractX509JWK<A extends PublicKey,B extends PrivateKey> extends AbstractJWK implements X509JWK<A,B>

Base X.509 JSON Web Key implementation.

Since:
1.5
Author:
Jeremy Kuhn

  • Field Details

  • Constructor Details

    • AbstractX509JWK

      protected AbstractX509JWK(String kty) throws JWKProcessingException

      Creates an untrusted X.509 JWK.

      Parameters:
      kty - the key type
      Throws:
      JWKProcessingException - if the key type is blank

    • AbstractX509JWK

      protected AbstractX509JWK(String kty, PrivateKey key, boolean trusted) throws JWKProcessingException

      Creates a private X.509 JWK with the specified private key.

      Parameters:
      kty - the key type
      key - a private key
      trusted - true to create a trusted JWK, false otherwise
      Throws:
      JWKProcessingException - if the key type is blank

    • AbstractX509JWK

      protected AbstractX509JWK(String kty, X509Certificate certificate) throws JWKProcessingException

      Creates a public X.509 JWK with the specified X.509 certificate.

      The JWK is considered trusted if the specified certificate, which is assumed to be validated, is not null.

      Parameters:
      kty - the key type
      certificate - an X.509 certificate
      Throws:
      JWKProcessingException - if the key type is blank

    • AbstractX509JWK

      protected AbstractX509JWK(String kty, PrivateKey key, X509Certificate certificate, boolean trusted) throws JWKProcessingException

      Creates an X.509 JWK with the specified private key and X.509 certificate.

      Parameters:
      kty - the key type
      key - a private key
      certificate - an X.509 certificate
      trusted - true to create a trusted JWK, false otherwise
      Throws:
      JWKProcessingException - if the key type is blank

  • Method Details

    • getX509CertificateURL

      public URI getX509CertificateURL()
      Description copied from interface: X509JWK

      Returns the X.509 certificate or certificates chain URL parameter as defined by RFC7517 Section 4.6.

      The certificates chain located at the URL must be in PEM format. The certificate containing the public key must be the first certificate. The key in the first certificate MUST match the public key represented by other members of the JWK.

      Specified by:
      getX509CertificateURL in interface X509JWK<A extends PublicKey,B extends PrivateKey>
      Returns:
      the X.509 URI or null

    • setX509CertificateURL

      public void setX509CertificateURL(URI x5u)

      Sets the X.509 certificate or certificates chain URL.

      The URI must point to a resource which provides a PEM-encoded representation of the certificate or certificate chain. The key in the first certificate must correspond to the JWK public key.

      Parameters:
      x5u - a URI

    • getX509CertificateChain

      public String[] getX509CertificateChain()
      Description copied from interface: X509JWK

      Returns the X.509 certificate chain as defined by RFC7517 Section 4.7.

      Each certificate is encoded in Base64 DER PKIX certificate value. The certificate containing the public key must be the first certificate. The key in the first certificate MUST match the public key represented by other members of the JWK.

      Specified by:
      getX509CertificateChain in interface X509JWK<A extends PublicKey,B extends PrivateKey>
      Returns:
      the X.509 certificate chain or null

    • setX509CertificateChain

      public void setX509CertificateChain(String[] x5c)

      Sets the X.509 certificate chain.

      The elements of the array must be Base64URL encoded DER PKIX certificate values. The key in the first certificate must correspond to the JWK public key.

      Parameters:
      x5c - an array of X.509 certificate

    • getX509CertificateSHA1Thumbprint

      public String getX509CertificateSHA1Thumbprint()
      Description copied from interface: X509JWK

      Returns the X.509 SHA1 certificate thumbprint as defined by RFC7517 Section 4.8.

      This fingerprint can be used to identify the actual certificate which must MUST match the public key represented by other members of the JWK.

      Specified by:
      getX509CertificateSHA1Thumbprint in interface X509JWK<A extends PublicKey,B extends PrivateKey>
      Returns:
      the X.509 SHA1 thumbprint or null

    • setX509CertificateSHA1Thumbprint

      public void setX509CertificateSHA1Thumbprint(String x5t)

      Sets the X.509 SHA1 certificate thumbprint used to identify the key.

      Parameters:
      x5t - an X.509 SHA1 certificate thumbprint

    • getX509CertificateSHA256Thumbprint

      public String getX509CertificateSHA256Thumbprint()
      Description copied from interface: X509JWK

      Returns the X.509 SHA256 certificate thumbprint as defined by RFC7517 Section 4.9.

      This fingerprint can be used to identify the actual certificate which must MUST match the public key represented by other members of the JWK.

      Specified by:
      getX509CertificateSHA256Thumbprint in interface X509JWK<A extends PublicKey,B extends PrivateKey>
      Returns:
      the X.509 SHA1 thumbprint or null

    • setX509CertificateSHA256Thumbprint

      public void setX509CertificateSHA256Thumbprint(String x5t_S256)

      Sets the X.509 SHA256 certificate thumbprint used to identify the key.

      Parameters:
      x5t_S256 - an X.509 SHA256 certificate thumbprint

    • getX509Certificate

      public Optional<X509Certificate> getX509Certificate()
      Description copied from interface: X509JWK

      Returns the resolved certificate defining the public key.

      Specified by:
      getX509Certificate in interface X509JWK<A extends PublicKey,B extends PrivateKey>
      Returns:
      an optional containing the resolved certificate or an empty certificate if no certificate could have been resolve when building or reading the key

    • hashCode

      public int hashCode()
      Specified by:
      hashCode in interface JWK
      Overrides:
      hashCode in class AbstractJWK

    • equals

      public boolean equals(Object obj)
      Specified by:
      equals in interface JWK
      Overrides:
      equals in class AbstractJWK

    • toString

      public String toString()
      Overrides:
      toString in class AbstractJWK