Module io.inverno.mod.security.jose
Package io.inverno.mod.security.jose.internal.jwk.ec

Class GenericECJWK

java.lang.Object
io.inverno.mod.security.jose.internal.jwk.AbstractJWK
io.inverno.mod.security.jose.internal.jwk.AbstractX509JWK<ECPublicKey,ECPrivateKey>
io.inverno.mod.security.jose.internal.jwk.ec.GenericECJWK
All Implemented Interfaces:
AsymmetricJWK<ECPublicKey,ECPrivateKey>, ECJWK, JWK, X509JWK<ECPublicKey,ECPrivateKey>
public class GenericECJWK extends AbstractX509JWK<ECPublicKey,ECPrivateKey> implements ECJWK

Generic Elliptic Curve JSON Web Key implementation.

It supports the following algorithms:

  • ES256
  • ES384
  • ES512
  • ES256K (deprecated)
  • ECDH-ES with elliptic curve P-256, P-384 or P-521
  • ECDH-ES+A128KW with elliptic curve P-256, P-384 or P-521
  • ECDH-ES+A192KW with elliptic curve P-256, P-384 or P-521
  • ECDH-ES+A256KW with elliptic curve P-256, P-384 or P-521
Since:
1.5
Author:
Jeremy Kuhn

  • Constructor Details

    • GenericECJWK

      public GenericECJWK(ECCurve curve, String x, String y)

      Creates an untrusted public generic EC JWK with the specified curve and public coordinates.

      Parameters:
      curve - an elliptic curve
      x - the x coordinate encoded as Base64URL without padding
      y - the y coordinate encoded as Base64URL without padding

    • GenericECJWK

      public GenericECJWK(ECCurve curve, String x, String y, X509Certificate certificate)

      Creates a public generic EC JWK with the specified curve, public coordinates and certificate.

      The JWK is considered trusted if the specified certificate, which is assumed to be validated, is not null.

      Parameters:
      curve - an elliptic curve
      x - the x coordinate encoded as Base64URL without padding
      y - the y coordinate encoded as Base64URL without padding
      certificate - an X.509 certificate

    • GenericECJWK

      public GenericECJWK(ECCurve curve, String x, String y, String d)

      Creates an untrusted private generic EC JWK with the specified curve, public coordinates and private key value.

      Parameters:
      curve - an elliptic curve
      x - the x coordinate encoded as Base64URL without padding
      y - the y coordinate encoded as Base64URL without padding
      d - the private key value encoded as Base64URL without padding

    • GenericECJWK

      public GenericECJWK(ECCurve curve, String x, String y, String d, ECPrivateKey key, boolean trusted)

      Creates a private generic EC JWK with the specified curve, public coordinates, private key value and EC private key.

      Parameters:
      curve - an elliptic curve
      x - the x coordinate encoded as Base64URL without padding
      y - the y coordinate encoded as Base64URL without padding
      d - the private key value encoded as Base64URL without padding
      key - an EC private key
      trusted - true to create a trusted JWK, false otherwise

    • GenericECJWK

      public GenericECJWK(ECCurve curve, String x, String y, String d, X509Certificate certificate)

      Creates a public generic EC JWK with the specified curve, public coordinates, private key value and certificate.

      The JWK is considered trusted if the specified certificate, which is assumed to be validated, is not null.

      Parameters:
      curve - an elliptic curve
      x - the x coordinate encoded as Base64URL without padding
      y - the y coordinate encoded as Base64URL without padding
      d - the private key value encoded as Base64URL without padding
      certificate - an X.509 certificate

    • GenericECJWK

      public GenericECJWK(ECCurve curve, String x, String y, String d, ECPrivateKey key, X509Certificate certificate, boolean trusted)

      Creates a private generic EC JWK with the specified curve, public coordinates, private key value, EC private key and certificate.

      Parameters:
      curve - an elliptic curve
      x - the x coordinate encoded as Base64URL without padding
      y - the y coordinate encoded as Base64URL without padding
      d - the private key value encoded as Base64URL without padding
      key - an EC private key
      certificate - an X.509 certificate
      trusted - true to create a trusted JWK, false otherwise

  • Method Details

    • setAlgorithm

      public void setAlgorithm(ECAlgorithm ecAlg)

      Sets the Elliptic Curve JWA algorithm.

      Parameters:
      ecAlg - an EC algorithm

    • setAlgorithm

      public void setAlgorithm(String alg)
      Description copied from class: AbstractJWK

      Sets the algorithm intended for use with the key.

      Overrides:
      setAlgorithm in class AbstractJWK
      Parameters:
      alg - the JWA algorithm

    • getCurve

      public String getCurve()
      Description copied from interface: ECJWK

      Returns the JWA Elliptic curve name.

      Specified by:
      getCurve in interface ECJWK
      Returns:
      the Elliptic curve name

    • getXCoordinate

      public String getXCoordinate()
      Description copied from interface: ECJWK

      Returns the X coordinate encoded as Base64URL.

      Specified by:
      getXCoordinate in interface ECJWK
      Returns:
      the Base64URL encoded X coordinate with no padding.

    • getYCoordinate

      public String getYCoordinate()
      Description copied from interface: ECJWK

      Returns the Y coordinate encoded as Base64URL.

      Specified by:
      getYCoordinate in interface ECJWK
      Returns:
      the Base64URL encoded Y coordinate with no padding.

    • getEccPrivateKey

      public String getEccPrivateKey()
      Description copied from interface: ECJWK

      Returns the ECC private key encoded as Base64URL.

      Specified by:
      getEccPrivateKey in interface ECJWK
      Returns:
      the Base64URL encoded ECC private key with no padding.

    • trust

      public ECJWK trust()
      Description copied from interface: JWK

      Trusts the key explicitly.

      This should be used with care when the authenticity of an untrusted key has been established through external means.

      Specified by:
      trust in interface AsymmetricJWK<ECPublicKey,ECPrivateKey>
      Specified by:
      trust in interface ECJWK
      Specified by:
      trust in interface JWK
      Specified by:
      trust in interface X509JWK<ECPublicKey,ECPrivateKey>
      Returns:
      this JWK

    • toPublicKey

      public ECPublicKey toPublicKey() throws JWKProcessingException
      Description copied from interface: AsymmetricJWK

      Converts the JWK to its corresponding public key.

      Specified by:
      toPublicKey in interface AsymmetricJWK<ECPublicKey,ECPrivateKey>
      Returns:
      a public key
      Throws:
      JWKProcessingException - if there was an error converting the JWK to a public key

    • toPrivateKey

      public Optional<ECPrivateKey> toPrivateKey() throws JWKProcessingException
      Description copied from interface: AsymmetricJWK

      Converts the JWK to its corresponding private key.

      Specified by:
      toPrivateKey in interface AsymmetricJWK<ECPublicKey,ECPrivateKey>
      Returns:
      an optional containing the private key or an empty optional if the key does not contain private information
      Throws:
      JWKProcessingException - if there was an error converting the JWK to a private key

    • toPublicJWK

      public ECJWK toPublicJWK()
      Description copied from interface: JWK

      Returns a public and safe to share representation of the key.

      Specified by:
      toPublicJWK in interface AsymmetricJWK<ECPublicKey,ECPrivateKey>
      Specified by:
      toPublicJWK in interface ECJWK
      Specified by:
      toPublicJWK in interface JWK
      Specified by:
      toPublicJWK in interface X509JWK<ECPublicKey,ECPrivateKey>
      Returns:
      a public representation of this JWK

    • minify

      public ECJWK minify()
      Description copied from interface: JWK

      Returns a minified representation of the key only containing required data.

      Note that the returned JWK may contain private data.

      Specified by:
      minify in interface ECJWK
      Specified by:
      minify in interface JWK
      Returns:
      a minified representation of this JWK

    • toJWKThumbprint

      public String toJWKThumbprint(MessageDigest digest)
      Description copied from interface: JWK

      Generates and returns the JWK thumbprint using the specified digest.

      Specified by:
      toJWKThumbprint in interface JWK
      Parameters:
      digest - the message digest to use
      Returns:
      the JWK thumbprint

    • supportsAlgorithm

      public boolean supportsAlgorithm(String alg)
      Description copied from interface: JWK

      Determines whether the JWK supports the specified JWA algorithm.

      Specified by:
      supportsAlgorithm in interface JWK
      Parameters:
      alg - a JWA algorithm
      Returns:
      true if the algorithm is supported, false otherwise

    • signer

      public JWASigner signer() throws JWKProcessingException
      Description copied from interface: JWK

      Returns a signer using this JWK.

      Specified by:
      signer in interface JWK
      Overrides:
      signer in class AbstractJWK
      Returns:
      a signer
      Throws:
      JWKProcessingException - if the JWK does not support signature operations (i.e. missing algorithm, algorithm is not a signature algorithm...)

    • signer

      public JWASigner signer(String alg)
      Description copied from interface: JWK

      Returns a signer using this JWK and the specified algorithm.

      Specified by:
      signer in interface JWK
      Overrides:
      signer in class AbstractJWK
      Parameters:
      alg - a JWA signature algorithm
      Returns:
      a signer

    • checkSignature

      protected void checkSignature(JWAAlgorithm<?> algorithm) throws JWKProcessingException
      Description copied from class: AbstractJWK

      Checks that the key and the specified algorithm supports signature operations.

      Overrides:
      checkSignature in class AbstractJWK
      Parameters:
      algorithm - a JWA algorithm
      Throws:
      JWKProcessingException - if the key and/or the specified algorithm do not support signature operations

    • keyManager

      public JWAKeyManager keyManager() throws JWKProcessingException
      Description copied from interface: JWK

      Returns a key manager using this JWK.

      Specified by:
      keyManager in interface JWK
      Overrides:
      keyManager in class AbstractJWK
      Returns:
      a key manager
      Throws:
      JWKProcessingException - if the JWK does not support key management operations (i.e. missing algorithm, algorithm is not a key management algorithm...)

    • keyManager

      public JWAKeyManager keyManager(String alg) throws JWKProcessingException
      Description copied from interface: JWK

      Returns a key manager using this JWK and the specified algorithm.

      Specified by:
      keyManager in interface JWK
      Overrides:
      keyManager in class AbstractJWK
      Parameters:
      alg - a JWA key management algorithm
      Returns:
      a key manager
      Throws:
      JWKProcessingException - if the JWK does not support key management operations or if the specified algorithm is not a supported key management algorithm

    • hashCode

      public int hashCode()
      Specified by:
      hashCode in interface JWK
      Overrides:
      hashCode in class AbstractX509JWK<ECPublicKey,ECPrivateKey>

    • equals

      public boolean equals(Object obj)
      Specified by:
      equals in interface JWK
      Overrides:
      equals in class AbstractX509JWK<ECPublicKey,ECPrivateKey>