Module io.inverno.mod.security.jose

Package io.inverno.mod.security.jose.internal.jwk.okp

Class GenericXECJWK

java.lang.Object

io.inverno.mod.security.jose.internal.jwk.AbstractJWK

io.inverno.mod.security.jose.internal.jwk.AbstractX509JWK<A,B>

io.inverno.mod.security.jose.internal.jwk.okp.AbstractOKPJWK<XECPublicKey,XECPrivateKey>

io.inverno.mod.security.jose.internal.jwk.okp.GenericXECJWK

All Implemented Interfaces:

AsymmetricJWK<XECPublicKey,XECPrivateKey>, JWK, OKPJWK<XECPublicKey,XECPrivateKey>, XECJWK, X509JWK<XECPublicKey,XECPrivateKey>

public class GenericXECJWK
extends AbstractOKPJWK<XECPublicKey,XECPrivateKey>
implements XECJWK

Generic Extended Elliptic Curve JSON Web Key implementation.

It supports the following algorithms:

• ECDH-ES with extended elliptic curve X25519 or X448
• ECDH-ES+A128KW with extended elliptic curve X25519 or X448
• ECDH-ES+A192KW with extended elliptic curve X25519 or X448
• ECDH-ES+A256KW with extended elliptic curve X25519 or X448

Since:

1.5

Author:

Jeremy Kuhn

Field Summary

Fields

Modifier and Type	Field	Description
static final Set<OKPCurve>	SUPPORTED_CURVES	The set of curves supported by the JWK.

Fields inherited from class io.inverno.mod.security.jose.internal.jwk.okp.AbstractOKPJWK

curve, d, privateKey, publicKey, x

Fields inherited from class io.inverno.mod.security.jose.internal.jwk.AbstractX509JWK

certificate, x5c, x5t, x5t_S256, x5u

Fields inherited from class io.inverno.mod.security.jose.internal.jwk.AbstractJWK

alg, key, key_ops, kid, kty, trusted, use

Fields inherited from interface io.inverno.mod.security.jose.jwk.JWK

DEFAULT_THUMBPRINT_DIGEST, KEY_OP_DECRYPT, KEY_OP_DERIVE_BITS, KEY_OP_DERIVE_KEY, KEY_OP_ENCRYPT, KEY_OP_SIGN, KEY_OP_UNWRAP_KEY, KEY_OP_VERIFY, KEY_OP_WRAP_KEY, USE_ENC, USE_SIG

Fields inherited from interface io.inverno.mod.security.jose.jwk.okp.OKPJWK

KEY_TYPE

Constructor Summary

Constructors

Constructor	Description
GenericXECJWK(OKPCurve curve, String x)	Creates an untrusted public generic XEC JWK with the specified curve and public key value.
GenericXECJWK(OKPCurve curve, String x, String d)	Creates an untrusted private generic XEC JWK with the specified curve, public key value and private key value.
GenericXECJWK(OKPCurve curve, String x, String d, X509Certificate certificate)	Creates a public generic XEC JWK with the specified curve, public key value, private key value and certificate.
GenericXECJWK(OKPCurve curve, String x, String d, XECPrivateKey key, boolean trusted)	Creates a private generic XEC JWK with the specified curve, public key value, private key value and private key.
GenericXECJWK(OKPCurve curve, String x, String d, XECPrivateKey key, X509Certificate certificate, boolean trusted)	Creates a private generic XEC JWK with the specified curve, public coordinates, private key value, OKP private key and certificate.
GenericXECJWK(OKPCurve curve, String x, X509Certificate certificate)	Creates a public generic XEC JWK with the specified curve, public key value and certificate.

Method Summary

Modifier and Type	Method	Description
JWAKeyManager	keyManager()	Returns a key manager using this JWK.
JWAKeyManager	keyManager(String alg)	Returns a key manager using this JWK and the specified algorithm.
XECJWK	minify()	Returns a minified representation of the key only containing required data.
void	setAlgorithm(XECAlgorithm xecAlg)	Sets the extended Elliptic Curve JWA algorithm.
void	setAlgorithm(String alg)	Sets the algorithm intended for use with the key.
boolean	supportsAlgorithm(String alg)	Determines whether the JWK supports the specified JWA algorithm.
Optional<XECPrivateKey>	toPrivateKey()	Converts the JWK to its corresponding private key.
XECJWK	toPublicJWK()	Returns a public and safe to share representation of the key.
XECPublicKey	toPublicKey()	Converts the JWK to its corresponding public key.
XECJWK	trust()	Trusts the key explicitly.

Methods inherited from class io.inverno.mod.security.jose.internal.jwk.okp.AbstractOKPJWK

equals, getCurve, getPrivateKey, getPublicKey, hashCode, reverse, swap, toJWKThumbprint

Methods inherited from class io.inverno.mod.security.jose.internal.jwk.AbstractX509JWK

getX509Certificate, getX509CertificateChain, getX509CertificateSHA1Thumbprint, getX509CertificateSHA256Thumbprint, getX509CertificateURL, setX509CertificateChain, setX509CertificateSHA1Thumbprint, setX509CertificateSHA256Thumbprint, setX509CertificateURL, toString

Methods inherited from class io.inverno.mod.security.jose.internal.jwk.AbstractJWK

checkEncryption, checkKeyManagement, checkSignature, cipher, cipher, getAlgorithm, getDefaultThumbprintDigest, getKey, getKeyId, getKeyOperations, getKeyType, getPublicKeyUse, isTrusted, setKeyId, setKeyOperations, setPublicKeyUse, signer, signer

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface io.inverno.mod.security.jose.jwk.JWK

cipher, cipher, equals, getAlgorithm, getKeyId, getKeyOperations, getKeyType, getPublicKeyUse, hashCode, isTrusted, signer, signer, toJWKThumbprint, toJWKThumbprint

Methods inherited from interface io.inverno.mod.security.jose.jwk.okp.OKPJWK

getCurve, getPrivateKey, getPublicKey

Methods inherited from interface io.inverno.mod.security.jose.jwk.X509JWK

getX509Certificate, getX509CertificateChain, getX509CertificateSHA1Thumbprint, getX509CertificateSHA256Thumbprint, getX509CertificateURL

Field Details

SUPPORTED_CURVES

public static final Set<OKPCurve> SUPPORTED_CURVES

The set of curves supported by the JWK.

Constructor Details

GenericXECJWK

public GenericXECJWK(OKPCurve curve,
 String x)

Creates an untrusted public generic XEC JWK with the specified curve and public key value.

Parameters:

curve - an elliptic curve

x - the public key value encoded as Base64URL without padding

GenericXECJWK

public GenericXECJWK(OKPCurve curve,
 String x,
 X509Certificate certificate)

Creates a public generic XEC JWK with the specified curve, public key value and certificate.

The JWK is considered trusted if the specified certificate, which is assumed to be validated, is not null.

Parameters:

curve - an elliptic curve

x - the public key encoded as Base64URL without padding

certificate - an X.509 certificate

GenericXECJWK

public GenericXECJWK(OKPCurve curve,
 String x,
 String d)

Creates an untrusted private generic XEC JWK with the specified curve, public key value and private key value.

Parameters:

curve - an elliptic curve

x - the public key value encoded as Base64URL without padding

d - the private key value encoded as Base64URL without padding

GenericXECJWK

public GenericXECJWK(OKPCurve curve,
 String x,
 String d,
 XECPrivateKey key,
 boolean trusted)

Creates a private generic XEC JWK with the specified curve, public key value, private key value and private key.

Parameters:

curve - an elliptic curve

x - the public key value encoded as Base64URL without padding

d - the private key value encoded as Base64URL without padding

key - a private key

trusted - true to create a trusted JWK, false otherwise

GenericXECJWK

public GenericXECJWK(OKPCurve curve,
 String x,
 String d,
 X509Certificate certificate)

Creates a public generic XEC JWK with the specified curve, public key value, private key value and certificate.

The JWK is considered trusted if the specified certificate, which is assumed to be validated, is not null.

Parameters:

curve - an elliptic curve

x - the public key value encoded as Base64URL without padding

d - the private key value encoded as Base64URL without padding

certificate - an X.509 certificate

GenericXECJWK

public GenericXECJWK(OKPCurve curve,
 String x,
 String d,
 XECPrivateKey key,
 X509Certificate certificate,
 boolean trusted)

Creates a private generic XEC JWK with the specified curve, public coordinates, private key value, OKP private key and certificate.

Parameters:

curve - an elliptic curve

x - the public key value encoded as Base64URL without padding

d - the private key value encoded as Base64URL without padding

key - a private key

certificate - an X.509 certificate

trusted - true to create a trusted JWK, false otherwise

Method Details

setAlgorithm

public void setAlgorithm(XECAlgorithm xecAlg)

Sets the extended Elliptic Curve JWA algorithm.

Parameters:

xecAlg - an XEC algorithm

setAlgorithm

public void setAlgorithm(String alg)

Description copied from class: AbstractJWK

Sets the algorithm intended for use with the key.

Overrides:

setAlgorithm in class AbstractJWK

Parameters:

alg - the JWA algorithm

trust

public XECJWK trust()

Description copied from interface: JWK

Trusts the key explicitly.

This should be used with care when the authenticity of an untrusted key has been established through external means.

Specified by:

trust in interface AsymmetricJWK<XECPublicKey,XECPrivateKey>

Specified by:

trust in interface JWK

Specified by:

trust in interface OKPJWK<XECPublicKey,XECPrivateKey>

Specified by:

trust in interface X509JWK<XECPublicKey,XECPrivateKey>

Specified by:

trust in interface XECJWK

Returns:

this JWK

toPublicKey

public XECPublicKey toPublicKey()
                         throws JWKProcessingException

Description copied from interface: AsymmetricJWK

Converts the JWK to its corresponding public key.

Specified by:

toPublicKey in interface AsymmetricJWK<XECPublicKey,XECPrivateKey>

Returns:

a public key

Throws:

JWKProcessingException - if there was an error converting the JWK to a public key

toPrivateKey

public Optional<XECPrivateKey> toPrivateKey()
                                     throws JWKProcessingException

Description copied from interface: AsymmetricJWK

Converts the JWK to its corresponding private key.

Specified by:

toPrivateKey in interface AsymmetricJWK<XECPublicKey,XECPrivateKey>

Returns:

an optional containing the private key or an empty optional if the key does not contain private information

Throws:

JWKProcessingException - if there was an error converting the JWK to a private key

toPublicJWK

public XECJWK toPublicJWK()

Description copied from interface: JWK

Returns a public and safe to share representation of the key.

Specified by:

toPublicJWK in interface AsymmetricJWK<XECPublicKey,XECPrivateKey>

Specified by:

toPublicJWK in interface JWK

Specified by:

toPublicJWK in interface OKPJWK<XECPublicKey,XECPrivateKey>

Specified by:

toPublicJWK in interface X509JWK<XECPublicKey,XECPrivateKey>

Specified by:

toPublicJWK in interface XECJWK

Returns:

a public representation of this JWK

minify

public XECJWK minify()

Description copied from interface: JWK

Returns a minified representation of the key only containing required data.

Note that the returned JWK may contain private data.

Specified by:

minify in interface JWK

Specified by:

minify in interface OKPJWK<XECPublicKey,XECPrivateKey>

Specified by:

minify in interface XECJWK

Returns:

a minified representation of this JWK

supportsAlgorithm

public boolean supportsAlgorithm(String alg)

Description copied from interface: JWK

Determines whether the JWK supports the specified JWA algorithm.

Specified by:

supportsAlgorithm in interface JWK

Parameters:

alg - a JWA algorithm

Returns:

true if the algorithm is supported, false otherwise

keyManager

public JWAKeyManager keyManager()
                         throws JWKProcessingException

Description copied from interface: JWK

Returns a key manager using this JWK.

Specified by:

keyManager in interface JWK

Overrides:

keyManager in class AbstractJWK

Returns:

a key manager

Throws:

JWKProcessingException - if the JWK does not support key management operations (i.e. missing algorithm, algorithm is not a key management algorithm...)

keyManager

public JWAKeyManager keyManager(String alg)
                         throws JWKProcessingException

Description copied from interface: JWK

Returns a key manager using this JWK and the specified algorithm.

Specified by:

keyManager in interface JWK

Overrides:

keyManager in class AbstractJWK

Parameters:

alg - a JWA key management algorithm

Returns:

a key manager

Throws:

JWKProcessingException - if the JWK does not support key management operations or if the specified algorithm is not a supported key management algorithm