Module io.inverno.mod.security.jose

Package io.inverno.mod.security.jose.internal.jwk.okp

Class GenericEdECJWK

java.lang.Object

io.inverno.mod.security.jose.internal.jwk.AbstractJWK

io.inverno.mod.security.jose.internal.jwk.AbstractX509JWK<A,B>

io.inverno.mod.security.jose.internal.jwk.okp.AbstractOKPJWK<EdECPublicKey,EdECPrivateKey>

io.inverno.mod.security.jose.internal.jwk.okp.GenericEdECJWK

All Implemented Interfaces:

AsymmetricJWK<EdECPublicKey,EdECPrivateKey>, JWK, EdECJWK, OKPJWK<EdECPublicKey,EdECPrivateKey>, X509JWK<EdECPublicKey,EdECPrivateKey>

public class GenericEdECJWK
extends AbstractOKPJWK<EdECPublicKey,EdECPrivateKey>
implements EdECJWK

Generic Edward-Curve JSON Web Key implementation.

It supports the following algorithms:

• EdDSA with elliptic curve Ed25519 and Ed448.

Since:

1.5

Author:

Jeremy Kuhn

Field Summary

Fields

Modifier and Type	Field	Description
static final Set<OKPCurve>	SUPPORTED_CURVES	The set of curves supported by the JWK.

Fields inherited from class io.inverno.mod.security.jose.internal.jwk.okp.AbstractOKPJWK

curve, d, privateKey, publicKey, x

Fields inherited from class io.inverno.mod.security.jose.internal.jwk.AbstractX509JWK

certificate, x5c, x5t, x5t_S256, x5u

Fields inherited from class io.inverno.mod.security.jose.internal.jwk.AbstractJWK

alg, key, key_ops, kid, kty, trusted, use

Fields inherited from interface io.inverno.mod.security.jose.jwk.JWK

DEFAULT_THUMBPRINT_DIGEST, KEY_OP_DECRYPT, KEY_OP_DERIVE_BITS, KEY_OP_DERIVE_KEY, KEY_OP_ENCRYPT, KEY_OP_SIGN, KEY_OP_UNWRAP_KEY, KEY_OP_VERIFY, KEY_OP_WRAP_KEY, USE_ENC, USE_SIG

Fields inherited from interface io.inverno.mod.security.jose.jwk.okp.OKPJWK

KEY_TYPE

Constructor Summary

Constructors

Constructor	Description
GenericEdECJWK(OKPCurve curve, String x)	Creates an untrusted public generic EdEC JWK with the specified curve and public key value.
GenericEdECJWK(OKPCurve curve, String x, String d)	Creates an untrusted private generic EdEC JWK with the specified curve, public key value and private key value.
GenericEdECJWK(OKPCurve curve, String x, String d, X509Certificate certificate)	Creates a public generic EdEC JWK with the specified curve, public key value, private key value and certificate.
GenericEdECJWK(OKPCurve curve, String x, String d, EdECPrivateKey key, boolean trusted)	Creates a private generic EdEC JWK with the specified curve, public key value, private key value and private key.
GenericEdECJWK(OKPCurve curve, String x, String d, EdECPrivateKey key, X509Certificate certificate, boolean trusted)	Creates a private generic EdEC JWK with the specified curve, public coordinates, private key value, OKP private key and certificate.
GenericEdECJWK(OKPCurve curve, String x, X509Certificate certificate)	Creates a public generic EdEC JWK with the specified curve, public key value and certificate.

Method Summary

Modifier and Type	Method	Description
protected void	checkSignature(JWAAlgorithm<?> algorithm)	Checks that the key and the specified algorithm supports signature operations.
EdECJWK	minify()	Returns a minified representation of the key only containing required data.
void	setAlgorithm(EdECAlgorithm edecAlg)	Sets the Edward-Curve JWA algorithm.
void	setAlgorithm(String alg)	Sets the algorithm intended for use with the key.
JWASigner	signer()	Returns a signer using this JWK.
JWASigner	signer(String alg)	Returns a signer using this JWK and the specified algorithm.
boolean	supportsAlgorithm(String alg)	Determines whether the JWK supports the specified JWA algorithm.
Optional<EdECPrivateKey>	toPrivateKey()	Converts the JWK to its corresponding private key.
EdECJWK	toPublicJWK()	Returns a public and safe to share representation of the key.
EdECPublicKey	toPublicKey()	Converts the JWK to its corresponding public key.
EdECJWK	trust()	Trusts the key explicitly.

Methods inherited from class io.inverno.mod.security.jose.internal.jwk.okp.AbstractOKPJWK

equals, getCurve, getPrivateKey, getPublicKey, hashCode, reverse, swap, toJWKThumbprint

Methods inherited from class io.inverno.mod.security.jose.internal.jwk.AbstractX509JWK

getX509Certificate, getX509CertificateChain, getX509CertificateSHA1Thumbprint, getX509CertificateSHA256Thumbprint, getX509CertificateURL, setX509CertificateChain, setX509CertificateSHA1Thumbprint, setX509CertificateSHA256Thumbprint, setX509CertificateURL, toString

Methods inherited from class io.inverno.mod.security.jose.internal.jwk.AbstractJWK

checkEncryption, checkKeyManagement, cipher, cipher, getAlgorithm, getDefaultThumbprintDigest, getKey, getKeyId, getKeyOperations, getKeyType, getPublicKeyUse, isTrusted, keyManager, keyManager, setKeyId, setKeyOperations, setPublicKeyUse

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface io.inverno.mod.security.jose.jwk.JWK

cipher, cipher, equals, getAlgorithm, getKeyId, getKeyOperations, getKeyType, getPublicKeyUse, hashCode, isTrusted, keyManager, keyManager, toJWKThumbprint, toJWKThumbprint

Methods inherited from interface io.inverno.mod.security.jose.jwk.okp.OKPJWK

getCurve, getPrivateKey, getPublicKey

Methods inherited from interface io.inverno.mod.security.jose.jwk.X509JWK

getX509Certificate, getX509CertificateChain, getX509CertificateSHA1Thumbprint, getX509CertificateSHA256Thumbprint, getX509CertificateURL

Field Details

SUPPORTED_CURVES

public static final Set<OKPCurve> SUPPORTED_CURVES

The set of curves supported by the JWK.

Constructor Details

GenericEdECJWK

public GenericEdECJWK(OKPCurve curve,
 String x)

Creates an untrusted public generic EdEC JWK with the specified curve and public key value.

Parameters:

curve - an elliptic curve

x - the public key value encoded as Base64URL without padding

GenericEdECJWK

public GenericEdECJWK(OKPCurve curve,
 String x,
 X509Certificate certificate)

Creates a public generic EdEC JWK with the specified curve, public key value and certificate.

The JWK is considered trusted if the specified certificate, which is assumed to be validated, is not null.

Parameters:

curve - an elliptic curve

x - the public key encoded as Base64URL without padding

certificate - an X.509 certificate

GenericEdECJWK

public GenericEdECJWK(OKPCurve curve,
 String x,
 String d)

Creates an untrusted private generic EdEC JWK with the specified curve, public key value and private key value.

Parameters:

curve - an elliptic curve

x - the public key value encoded as Base64URL without padding

d - the private key value encoded as Base64URL without padding

GenericEdECJWK

public GenericEdECJWK(OKPCurve curve,
 String x,
 String d,
 EdECPrivateKey key,
 boolean trusted)

Creates a private generic EdEC JWK with the specified curve, public key value, private key value and private key.

Parameters:

curve - an elliptic curve

x - the public key value encoded as Base64URL without padding

d - the private key value encoded as Base64URL without padding

key - a private key

trusted - true to create a trusted JWK, false otherwise

GenericEdECJWK

public GenericEdECJWK(OKPCurve curve,
 String x,
 String d,
 X509Certificate certificate)

Creates a public generic EdEC JWK with the specified curve, public key value, private key value and certificate.

The JWK is considered trusted if the specified certificate, which is assumed to be validated, is not null.

Parameters:

curve - an elliptic curve

x - the public key value encoded as Base64URL without padding

d - the private key value encoded as Base64URL without padding

certificate - an X.509 certificate

GenericEdECJWK

public GenericEdECJWK(OKPCurve curve,
 String x,
 String d,
 EdECPrivateKey key,
 X509Certificate certificate,
 boolean trusted)

Creates a private generic EdEC JWK with the specified curve, public coordinates, private key value, OKP private key and certificate.

Parameters:

curve - an elliptic curve

x - the public key value encoded as Base64URL without padding

d - the private key value encoded as Base64URL without padding

key - a private key

certificate - an X.509 certificate

trusted - true to create a trusted JWK, false otherwise

Method Details

setAlgorithm

public void setAlgorithm(EdECAlgorithm edecAlg)

Sets the Edward-Curve JWA algorithm.

Parameters:

edecAlg - an EdEC algorithm

setAlgorithm

public void setAlgorithm(String alg)

Description copied from class: AbstractJWK

Sets the algorithm intended for use with the key.

Overrides:

setAlgorithm in class AbstractJWK

Parameters:

alg - the JWA algorithm

trust

public EdECJWK trust()

Description copied from interface: JWK

Trusts the key explicitly.

This should be used with care when the authenticity of an untrusted key has been established through external means.

Specified by:

trust in interface AsymmetricJWK<EdECPublicKey,EdECPrivateKey>

Specified by:

trust in interface EdECJWK

Specified by:

trust in interface JWK

Specified by:

trust in interface OKPJWK<EdECPublicKey,EdECPrivateKey>

Specified by:

trust in interface X509JWK<EdECPublicKey,EdECPrivateKey>

Returns:

this JWK

toPublicKey

public EdECPublicKey toPublicKey()
                          throws JWKProcessingException

Description copied from interface: AsymmetricJWK

Converts the JWK to its corresponding public key.

Specified by:

toPublicKey in interface AsymmetricJWK<EdECPublicKey,EdECPrivateKey>

Returns:

a public key

Throws:

JWKProcessingException - if there was an error converting the JWK to a public key

toPrivateKey

public Optional<EdECPrivateKey> toPrivateKey()
                                      throws JWKProcessingException

Description copied from interface: AsymmetricJWK

Converts the JWK to its corresponding private key.

Specified by:

toPrivateKey in interface AsymmetricJWK<EdECPublicKey,EdECPrivateKey>

Returns:

an optional containing the private key or an empty optional if the key does not contain private information

Throws:

JWKProcessingException - if there was an error converting the JWK to a private key

toPublicJWK

public EdECJWK toPublicJWK()

Description copied from interface: JWK

Returns a public and safe to share representation of the key.

Specified by:

toPublicJWK in interface AsymmetricJWK<EdECPublicKey,EdECPrivateKey>

Specified by:

toPublicJWK in interface EdECJWK

Specified by:

toPublicJWK in interface JWK

Specified by:

toPublicJWK in interface OKPJWK<EdECPublicKey,EdECPrivateKey>

Specified by:

toPublicJWK in interface X509JWK<EdECPublicKey,EdECPrivateKey>

Returns:

a public representation of this JWK

minify

public EdECJWK minify()

Description copied from interface: JWK

Returns a minified representation of the key only containing required data.

Note that the returned JWK may contain private data.

Specified by:

minify in interface EdECJWK

Specified by:

minify in interface JWK

Specified by:

minify in interface OKPJWK<EdECPublicKey,EdECPrivateKey>

Returns:

a minified representation of this JWK

supportsAlgorithm

public boolean supportsAlgorithm(String alg)

Description copied from interface: JWK

Determines whether the JWK supports the specified JWA algorithm.

Specified by:

supportsAlgorithm in interface JWK

Parameters:

alg - a JWA algorithm

Returns:

true if the algorithm is supported, false otherwise

signer

public JWASigner signer()
                 throws JWKProcessingException

Description copied from interface: JWK

Returns a signer using this JWK.

Specified by:

signer in interface JWK

Overrides:

signer in class AbstractJWK

Returns:

a signer

Throws:

JWKProcessingException - if the JWK does not support signature operations (i.e. missing algorithm, algorithm is not a signature algorithm...)

signer

public JWASigner signer(String alg)
                 throws JWKProcessingException

Description copied from interface: JWK

Returns a signer using this JWK and the specified algorithm.

Specified by:

signer in interface JWK

Overrides:

signer in class AbstractJWK

Parameters:

alg - a JWA signature algorithm

Returns:

a signer

Throws:

JWKProcessingException - if the JWK does not support signature operations or if the specified algorithm is not a supported signature algorithm

checkSignature

protected void checkSignature(JWAAlgorithm<?> algorithm)
                       throws JWKProcessingException

Description copied from class: AbstractJWK

Checks that the key and the specified algorithm supports signature operations.

Overrides:

checkSignature in class AbstractJWK

Parameters:

algorithm - a JWA algorithm

Throws:

JWKProcessingException - if the key and/or the specified algorithm do not support signature operations