Package com.auth0.jwt.algorithms

Class Algorithm

java.lang.Object
com.auth0.jwt.algorithms.Algorithm
public abstract class Algorithm extends Object
The Algorithm class represents an algorithm to be used in the Signing or Verification process of a Token.

This class and its subclasses are thread-safe.

  • Constructor Details

    • Algorithm

      protected Algorithm(String name, String description)

  • Method Details

    • RSA256

      public static Algorithm RSA256(RSAKeyProvider keyProvider) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA256withRSA. Tokens specify this as "RS256".
      Parameters:
      keyProvider - the provider of the Public Key and Private Key for the verify and signing instance.
      Returns:
      a valid RSA256 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • RSA256

      public static Algorithm RSA256(RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA256withRSA. Tokens specify this as "RS256".
      Parameters:
      publicKey - the key to use in the verify instance.
      privateKey - the key to use in the signing instance.
      Returns:
      a valid RSA256 Algorithm.
      Throws:
      IllegalArgumentException - if both provided Keys are null.

    • RSA256

      public static Algorithm RSA256(RSAKey key) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA256withRSA. Tokens specify this as "RS256".
      Parameters:
      key - the key to use in the verify or signing instance.
      Returns:
      a valid RSA256 Algorithm.
      Throws:
      IllegalArgumentException - if the Key Provider is null.

    • RSA384

      public static Algorithm RSA384(RSAKeyProvider keyProvider) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA384withRSA. Tokens specify this as "RS384".
      Parameters:
      keyProvider - the provider of the Public Key and Private Key for the verify and signing instance.
      Returns:
      a valid RSA384 Algorithm.
      Throws:
      IllegalArgumentException - if the Key Provider is null.

    • RSA384

      public static Algorithm RSA384(RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA384withRSA. Tokens specify this as "RS384".
      Parameters:
      publicKey - the key to use in the verify instance.
      privateKey - the key to use in the signing instance.
      Returns:
      a valid RSA384 Algorithm.
      Throws:
      IllegalArgumentException - if both provided Keys are null.

    • RSA384

      public static Algorithm RSA384(RSAKey key) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA384withRSA. Tokens specify this as "RS384".
      Parameters:
      key - the key to use in the verify or signing instance.
      Returns:
      a valid RSA384 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • RSA512

      public static Algorithm RSA512(RSAKeyProvider keyProvider) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA512withRSA. Tokens specify this as "RS512".
      Parameters:
      keyProvider - the provider of the Public Key and Private Key for the verify and signing instance.
      Returns:
      a valid RSA512 Algorithm.
      Throws:
      IllegalArgumentException - if the Key Provider is null.

    • RSA512

      public static Algorithm RSA512(RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA512withRSA. Tokens specify this as "RS512".
      Parameters:
      publicKey - the key to use in the verify instance.
      privateKey - the key to use in the signing instance.
      Returns:
      a valid RSA512 Algorithm.
      Throws:
      IllegalArgumentException - if both provided Keys are null.

    • RSA512

      public static Algorithm RSA512(RSAKey key) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA512withRSA. Tokens specify this as "RS512".
      Parameters:
      key - the key to use in the verify or signing instance.
      Returns:
      a valid RSA512 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • HMAC256

      public static Algorithm HMAC256(String secret) throws IllegalArgumentException
      Creates a new Algorithm instance using HmacSHA256. Tokens specify this as "HS256".
      Parameters:
      secret - the secret bytes to use in the verify or signing instance. Ensure the length of the secret is at least 256 bit long See HMAC Key Length and Security in README
      Returns:
      a valid HMAC256 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Secret is null.

    • HMAC256

      public static Algorithm HMAC256(byte[] secret) throws IllegalArgumentException
      Creates a new Algorithm instance using HmacSHA256. Tokens specify this as "HS256".
      Parameters:
      secret - the secret bytes to use in the verify or signing instance. Ensure the length of the secret is at least 256 bit long See HMAC Key Length and Security in README
      Returns:
      a valid HMAC256 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Secret is null.

    • HMAC384

      public static Algorithm HMAC384(String secret) throws IllegalArgumentException
      Creates a new Algorithm instance using HmacSHA384. Tokens specify this as "HS384".
      Parameters:
      secret - the secret bytes to use in the verify or signing instance. Ensure the length of the secret is at least 384 bit long See HMAC Key Length and Security in README
      Returns:
      a valid HMAC384 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Secret is null.

    • HMAC384

      public static Algorithm HMAC384(byte[] secret) throws IllegalArgumentException
      Creates a new Algorithm instance using HmacSHA384. Tokens specify this as "HS384".
      Parameters:
      secret - the secret bytes to use in the verify or signing instance. Ensure the length of the secret is at least 384 bit long See HMAC Key Length and Security in README
      Returns:
      a valid HMAC384 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Secret is null.

    • HMAC512

      public static Algorithm HMAC512(String secret) throws IllegalArgumentException
      Creates a new Algorithm instance using HmacSHA512. Tokens specify this as "HS512".
      Parameters:
      secret - the secret bytes to use in the verify or signing instance. Ensure the length of the secret is at least 512 bit long See HMAC Key Length and Security in README
      Returns:
      a valid HMAC512 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Secret is null.

    • HMAC512

      public static Algorithm HMAC512(byte[] secret) throws IllegalArgumentException
      Creates a new Algorithm instance using HmacSHA512. Tokens specify this as "HS512".
      Parameters:
      secret - the secret bytes to use in the verify or signing instance. Ensure the length of the secret is at least 512 bit long See HMAC Key Length and Security in README
      Returns:
      a valid HMAC512 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Secret is null.

    • ECDSA256

      public static Algorithm ECDSA256(ECDSAKeyProvider keyProvider) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256".
      Parameters:
      keyProvider - the provider of the Public Key and Private Key for the verify and signing instance.
      Returns:
      a valid ECDSA256 Algorithm.
      Throws:
      IllegalArgumentException - if the Key Provider is null.

    • ECDSA256

      public static Algorithm ECDSA256(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256".
      Parameters:
      publicKey - the key to use in the verify instance.
      privateKey - the key to use in the signing instance.
      Returns:
      a valid ECDSA256 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • ECDSA256

      public static Algorithm ECDSA256(ECKey key) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256".
      Parameters:
      key - the key to use in the verify or signing instance.
      Returns:
      a valid ECDSA256 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • ECDSA384

      public static Algorithm ECDSA384(ECDSAKeyProvider keyProvider) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384".
      Parameters:
      keyProvider - the provider of the Public Key and Private Key for the verify and signing instance.
      Returns:
      a valid ECDSA384 Algorithm.
      Throws:
      IllegalArgumentException - if the Key Provider is null.

    • ECDSA384

      public static Algorithm ECDSA384(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384".
      Parameters:
      publicKey - the key to use in the verify instance.
      privateKey - the key to use in the signing instance.
      Returns:
      a valid ECDSA384 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • ECDSA384

      public static Algorithm ECDSA384(ECKey key) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384".
      Parameters:
      key - the key to use in the verify or signing instance.
      Returns:
      a valid ECDSA384 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • ECDSA512

      public static Algorithm ECDSA512(ECDSAKeyProvider keyProvider) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA512withECDSA. Tokens specify this as "ES512".
      Parameters:
      keyProvider - the provider of the Public Key and Private Key for the verify and signing instance.
      Returns:
      a valid ECDSA512 Algorithm.
      Throws:
      IllegalArgumentException - if the Key Provider is null.

    • ECDSA512

      public static Algorithm ECDSA512(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA512withECDSA. Tokens specify this as "ES512".
      Parameters:
      publicKey - the key to use in the verify instance.
      privateKey - the key to use in the signing instance.
      Returns:
      a valid ECDSA512 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • ECDSA512

      public static Algorithm ECDSA512(ECKey key) throws IllegalArgumentException
      Creates a new Algorithm instance using SHA512withECDSA. Tokens specify this as "ES512".
      Parameters:
      key - the key to use in the verify or signing instance.
      Returns:
      a valid ECDSA512 Algorithm.
      Throws:
      IllegalArgumentException - if the provided Key is null.

    • none

      public static Algorithm none()

    • getSigningKeyId

      public String getSigningKeyId()
      Getter for the Id of the Private Key used to sign the tokens. This is usually specified as the `kid` claim in the Header.
      Returns:
      the Key Id that identifies the Signing Key or null if it's not specified.

    • getName

      public String getName()
      Getter for the name of this Algorithm, as defined in the JWT Standard. i.e. "HS256"
      Returns:
      the algorithm name.

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • verify

      public abstract void verify(DecodedJWT jwt) throws SignatureVerificationException
      Verify the given token using this Algorithm instance.
      Parameters:
      jwt - the already decoded JWT that it's going to be verified.
      Throws:
      SignatureVerificationException - if the Token's Signature is invalid, meaning that it doesn't match the signatureBytes, or if the Key is invalid.

    • sign

      public byte[] sign(byte[] headerBytes, byte[] payloadBytes) throws SignatureGenerationException
      Sign the given content using this Algorithm instance.
      Parameters:
      headerBytes - an array of bytes representing the base64 encoded header content to be verified against the signature.
      payloadBytes - an array of bytes representing the base64 encoded payload content to be verified against the signature.
      Returns:
      the signature in a base64 encoded array of bytes
      Throws:
      SignatureGenerationException - if the Key is invalid.

    • sign

      public abstract byte[] sign(byte[] contentBytes) throws SignatureGenerationException
      Sign the given content using this Algorithm instance. To get the correct JWT Signature, ensure the content is in the format {HEADER}.{PAYLOAD}
      Parameters:
      contentBytes - an array of bytes representing the base64 encoded content to be verified against the signature.
      Returns:
      the signature in a base64 encoded array of bytes
      Throws:
      SignatureGenerationException - if the Key is invalid.