Package com.auth0.jwt.algorithms

Class Algorithm

java.lang.Object
com.auth0.jwt.algorithms.Algorithm
public abstract class Algorithm extends Object
The Algorithm class represents an algorithm to be used in the Signing or Verification process of a Token.

This class and its subclasses are thread-safe.

  • Constructor Details

    • Algorithm

      protected Algorithm(String name, String description)

  • Method Details

    • RSA256

      public static Algorithm RSA256(RSAKeyProvider keyProvider) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA256withRSA. Tokens specify this as "RS256".
      Parameters:
      keyProvider - the provider of the Public Key and Private Key for the verify and signing instance.
      Returns:
      a valid RSA256 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • RSA256

      public static Algorithm RSA256(RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA256withRSA. Tokens specify this as "RS256".
      Parameters:
      publicKey - the key to use in the verify instance.
      privateKey - the key to use in the signing instance.
      Returns:
      a valid RSA256 Algorithm.
      Throws:
      IllegalArgumentException - if both provided Keys are null.

    • RSA256

      @Deprecated public static Algorithm RSA256(RSAKey key) throws IllegalArgumentException
      Deprecated.
      use RSA256(RSAPublicKey, RSAPrivateKey) or RSA256(RSAKeyProvider)
      Creates a new Algorithm instance using SHA256withRSA. Tokens specify this as "RS256".
      Parameters:
      key - the key to use in the verify or signing instance.
      Returns:
      a valid RSA256 Algorithm.
      Throws:
      IllegalArgumentException - if the Key Provider is null.

    • RSA384

      public static Algorithm RSA384(RSAKeyProvider keyProvider) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA384withRSA. Tokens specify this as "RS384".
      Parameters:
      keyProvider - the provider of the Public Key and Private Key for the verify and signing instance.
      Returns:
      a valid RSA384 Algorithm.
      Throws:
      IllegalArgumentException - if the Key Provider is null.

    • RSA384

      public static Algorithm RSA384(RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA384withRSA. Tokens specify this as "RS384".
      Parameters:
      publicKey - the key to use in the verify instance.
      privateKey - the key to use in the signing instance.
      Returns:
      a valid RSA384 Algorithm.
      Throws:
      IllegalArgumentException - if both provided Keys are null.

    • RSA384

      @Deprecated public static Algorithm RSA384(RSAKey key) throws IllegalArgumentException
      Deprecated.
      use RSA384(RSAPublicKey, RSAPrivateKey) or RSA384(RSAKeyProvider)
      Creates a new Algorithm instance using SHA384withRSA. Tokens specify this as "RS384".
      Parameters:
      key - the key to use in the verify or signing instance.
      Returns:
      a valid RSA384 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • RSA512

      public static Algorithm RSA512(RSAKeyProvider keyProvider) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA512withRSA. Tokens specify this as "RS512".
      Parameters:
      keyProvider - the provider of the Public Key and Private Key for the verify and signing instance.
      Returns:
      a valid RSA512 Algorithm.
      Throws:
      IllegalArgumentException - if the Key Provider is null.

    • RSA512

      public static Algorithm RSA512(RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA512withRSA. Tokens specify this as "RS512".
      Parameters:
      publicKey - the key to use in the verify instance.
      privateKey - the key to use in the signing instance.
      Returns:
      a valid RSA512 Algorithm.
      Throws:
      IllegalArgumentException - if both provided Keys are null.

    • RSA512

      @Deprecated public static Algorithm RSA512(RSAKey key) throws IllegalArgumentException
      Deprecated.
      use RSA512(RSAPublicKey, RSAPrivateKey) or RSA512(RSAKeyProvider)
      Creates a new Algorithm instance using SHA512withRSA. Tokens specify this as "RS512".
      Parameters:
      key - the key to use in the verify or signing instance.
      Returns:
      a valid RSA512 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • HMAC256

      public static Algorithm HMAC256(String secret) throws IllegalArgumentException
      Creates a new Algorithm instance using HmacSHA256. Tokens specify this as "HS256".
      Parameters:
      secret - the secret to use in the verify or signing instance.
      Returns:
      a valid HMAC256 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Secret is null.

    • HMAC384

      public static Algorithm HMAC384(String secret) throws IllegalArgumentException
      Creates a new Algorithm instance using HmacSHA384. Tokens specify this as "HS384".
      Parameters:
      secret - the secret to use in the verify or signing instance.
      Returns:
      a valid HMAC384 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Secret is null.

    • HMAC512

      public static Algorithm HMAC512(String secret) throws IllegalArgumentException
      Creates a new Algorithm instance using HmacSHA512. Tokens specify this as "HS512".
      Parameters:
      secret - the secret to use in the verify or signing instance.
      Returns:
      a valid HMAC512 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Secret is null.

    • HMAC256

      public static Algorithm HMAC256(byte[] secret) throws IllegalArgumentException
      Creates a new Algorithm instance using HmacSHA256. Tokens specify this as "HS256".
      Parameters:
      secret - the secret bytes to use in the verify or signing instance.
      Returns:
      a valid HMAC256 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Secret is null.

    • ECDSA256K

      public static Algorithm ECDSA256K(ECDSAKeyProvider keyProvider) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256K".
      Parameters:
      keyProvider - the provider of the Public Key and Private Key for the verify and signing instance.
      Returns:
      a valid ECDSA256 Algorithm.
      Throws:
      IllegalArgumentException - if the Key Provider is null.

    • ECDSA256K

      public static Algorithm ECDSA256K(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256K".
      Parameters:
      publicKey - the key to use in the verify instance.
      privateKey - the key to use in the signing instance.
      Returns:
      a valid ECDSA256 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • HMAC384

      public static Algorithm HMAC384(byte[] secret) throws IllegalArgumentException
      Creates a new Algorithm instance using HmacSHA384. Tokens specify this as "HS384".
      Parameters:
      secret - the secret bytes to use in the verify or signing instance.
      Returns:
      a valid HMAC384 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Secret is null.

    • HMAC512

      public static Algorithm HMAC512(byte[] secret) throws IllegalArgumentException
      Creates a new Algorithm instance using HmacSHA512. Tokens specify this as "HS512".
      Parameters:
      secret - the secret bytes to use in the verify or signing instance.
      Returns:
      a valid HMAC512 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Secret is null.

    • ECDSA256

      public static Algorithm ECDSA256(ECDSAKeyProvider keyProvider) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256".
      Parameters:
      keyProvider - the provider of the Public Key and Private Key for the verify and signing instance.
      Returns:
      a valid ECDSA256 Algorithm.
      Throws:
      IllegalArgumentException - if the Key Provider is null.

    • ECDSA256

      public static Algorithm ECDSA256(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256".
      Parameters:
      publicKey - the key to use in the verify instance.
      privateKey - the key to use in the signing instance.
      Returns:
      a valid ECDSA256 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • ECDSA256

      @Deprecated public static Algorithm ECDSA256(ECKey key) throws IllegalArgumentException
      Deprecated.
      use ECDSA256(ECPublicKey, ECPrivateKey) or ECDSA256(ECDSAKeyProvider)
      Creates a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256".
      Parameters:
      key - the key to use in the verify or signing instance.
      Returns:
      a valid ECDSA256 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • ECDSA384

      public static Algorithm ECDSA384(ECDSAKeyProvider keyProvider) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384".
      Parameters:
      keyProvider - the provider of the Public Key and Private Key for the verify and signing instance.
      Returns:
      a valid ECDSA384 Algorithm.
      Throws:
      IllegalArgumentException - if the Key Provider is null.

    • ECDSA384

      public static Algorithm ECDSA384(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384".
      Parameters:
      publicKey - the key to use in the verify instance.
      privateKey - the key to use in the signing instance.
      Returns:
      a valid ECDSA384 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • ECDSA384

      @Deprecated public static Algorithm ECDSA384(ECKey key) throws IllegalArgumentException
      Deprecated.
      use ECDSA384(ECPublicKey, ECPrivateKey) or ECDSA384(ECDSAKeyProvider)
      Creates a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384".
      Parameters:
      key - the key to use in the verify or signing instance.
      Returns:
      a valid ECDSA384 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • ECDSA512

      public static Algorithm ECDSA512(ECDSAKeyProvider keyProvider) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA512withECDSA. Tokens specify this as "ES512".
      Parameters:
      keyProvider - the provider of the Public Key and Private Key for the verify and signing instance.
      Returns:
      a valid ECDSA512 Algorithm.
      Throws:
      IllegalArgumentException - if the Key Provider is null.

    • ECDSA512

      public static Algorithm ECDSA512(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA512withECDSA. Tokens specify this as "ES512".
      Parameters:
      publicKey - the key to use in the verify instance.
      privateKey - the key to use in the signing instance.
      Returns:
      a valid ECDSA512 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • ECDSA512

      @Deprecated public static Algorithm ECDSA512(ECKey key) throws IllegalArgumentException
      Deprecated.
      use ECDSA512(ECPublicKey, ECPrivateKey) or ECDSA512(ECDSAKeyProvider)
      Creates a new Algorithm instance using SHA512withECDSA. Tokens specify this as "ES512".
      Parameters:
      key - the key to use in the verify or signing instance.
      Returns:
      a valid ECDSA512 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • none

      public static Algorithm none()

    • getSigningKeyId

      public String getSigningKeyId()
      Getter for the Id of the Private Key used to sign the tokens. This is usually specified as the `kid` claim in the Header.
      Returns:
      the Key Id that identifies the Signing Key or null if it's not specified.

    • getName

      public String getName()
      Getter for the name of this Algorithm, as defined in the JWT Standard. i.e. "HS256"
      Returns:
      the algorithm name.

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • verify

      public abstract void verify(DecodedJWT jwt) throws SignatureVerificationException
      Verify the given token using this Algorithm instance.
      Parameters:
      jwt - the already decoded JWT that it's going to be verified.
      Throws:
      SignatureVerificationException - if the Token's Signature is invalid, meaning that it doesn't match the signatureBytes, or if the Key is invalid.

    • sign

      public byte[] sign(byte[] headerBytes, byte[] payloadBytes) throws SignatureGenerationException
      Sign the given content using this Algorithm instance.
      Parameters:
      headerBytes - an array of bytes representing the base64 encoded header content to be verified against the signature.
      payloadBytes - an array of bytes representing the base64 encoded payload content to be verified against the signature.
      Returns:
      the signature in a base64 encoded array of bytes
      Throws:
      SignatureGenerationException - if the Key is invalid.

    • sign

      @Deprecated public abstract byte[] sign(byte[] contentBytes) throws SignatureGenerationException
      Deprecated.
      Please use the sign(byte[], byte[]) method instead.
      Sign the given content using this Algorithm instance.
      Parameters:
      contentBytes - an array of bytes representing the base64 encoded content to be verified against the signature.
      Returns:
      the signature in a base64 encoded array of bytes
      Throws:
      SignatureGenerationException - if the Key is invalid.