com.nimbusds.jose.jwk

Class ECKey

java.lang.Object

com.nimbusds.jose.jwk.JWK

com.nimbusds.jose.jwk.ECKey

All Implemented Interfaces:

net.minidev.json.JSONAware

@Immutable
public final class ECKey
extends JWK

Public and private Elliptic Curve JSON Web Key (JWK). Uses the BouncyCastle.org provider for EC key import and export. This class is immutable.

Example JSON object representation of a public EC JWK:

 {
   "kty" : "EC",
   "crv" : "P-256",
   "x"   : "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
   "y"   : "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
   "use" : "enc",
   "kid" : "1"
 }
 

Example JSON object representation of a public and private EC JWK:

 {
   "kty" : "EC",
   "crv" : "P-256",
   "x"   : "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
   "y"   : "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
   "d"   : "870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE",
   "use" : "enc",
   "kid" : "1"
 }
 

See http://en.wikipedia.org/wiki/Elliptic_curve_cryptography

Version:

$version$ (2014-04-02)

Author:

Vladimir Dzhuvinov, Justin Richer

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	ECKey.Builder Builder for constructing Elliptic Curve JWKs.
static class	ECKey.Curve Cryptographic curve.

Field Summary

Fields inherited from class com.nimbusds.jose.jwk.JWK

MIME_TYPE

Constructor Summary

Constructors

Constructor and Description
ECKey(ECKey.Curve crv, Base64URL x, Base64URL y, Base64URL d, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URL x5u, Base64URL x5t, List<Base64> x5c) Creates a new public / private Elliptic Curve JSON Web Key (JWK) with the specified parameters.
ECKey(ECKey.Curve crv, Base64URL x, Base64URL y, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URL x5u, Base64URL x5t, List<Base64> x5c) Creates a new public Elliptic Curve JSON Web Key (JWK) with the specified parameters.
ECKey(ECKey.Curve crv, ECPublicKey pub, ECPrivateKey priv, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URL x5u, Base64URL x5t, List<Base64> x5c) Creates a new public / private Elliptic Curve JSON Web Key (JWK) with the specified parameters.
ECKey(ECKey.Curve crv, ECPublicKey pub, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URL x5u, Base64URL x5t, List<Base64> x5c) Creates a new public Elliptic Curve JSON Web Key (JWK) with the specified parameters.

Method Summary

Methods

Modifier and Type	Method and Description
static Base64URL	encodeCoordinate(int fieldSize, BigInteger coordinate) Returns the Base64URL encoding of the specified elliptic curve 'x', 'y' or 'd' coordinate, with leading zero padding up to the specified field size in bits.
ECKey.Curve	getCurve() Gets the cryptographic curve.
Base64URL	getD() Gets the private 'd' coordinate for the elliptic curve point.
Base64URL	getX() Gets the public 'x' coordinate for the elliptic curve point.
Base64URL	getY() Gets the public 'y' coordinate for the elliptic curve point.
boolean	isPrivate() Returns true if this JWK contains private or sensitive (non-public) parameters.
static ECKey	parse(net.minidev.json.JSONObject jsonObject) Parses a public / private Elliptic Curve JWK from the specified JSON object representation.
static ECKey	parse(String s) Parses a public / private Elliptic Curve JWK from the specified JSON object string representation.
ECPrivateKey	toECPrivateKey() Returns a standard java.security.interfaces.ECPrivateKey representation of this Elliptic Curve JWK.
ECPublicKey	toECPublicKey() Returns a standard java.security.interfaces.ECPublicKey representation of this Elliptic Curve JWK.
net.minidev.json.JSONObject	toJSONObject() Returns a JSON object representation of this JWK.
KeyPair	toKeyPair() Returns a standard java.security.KeyPair representation of this Elliptic Curve JWK.
ECKey	toPublicJWK() Returns a copy of this Elliptic Curve JWK with any private values removed.

Methods inherited from class com.nimbusds.jose.jwk.JWK

getAlgorithm, getKeyID, getKeyOperations, getKeyType, getKeyUse, getX509CertChain, getX509CertThumbprint, getX509CertURL, toJSONString, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

ECKey

public ECKey(ECKey.Curve crv,
     Base64URL x,
     Base64URL y,
     KeyUse use,
     Set<KeyOperation> ops,
     Algorithm alg,
     String kid,
     URL x5u,
     Base64URL x5t,
     List<Base64> x5c)

Creates a new public Elliptic Curve JSON Web Key (JWK) with the specified parameters.

Parameters:

crv - The cryptographic curve. Must not be null.

x - The public 'x' coordinate for the elliptic curve point. It is represented as the Base64URL encoding of the coordinate's big endian representation. Must not be null.

y - The public 'y' coordinate for the elliptic curve point. It is represented as the Base64URL encoding of the coordinate's big endian representation. Must not be null.

use - The key use, null if not specified or if the key is intended for signing as well as encryption.

ops - The key operations, null if not specified.

alg - The intended JOSE algorithm for the key, null if not specified.

kid - The key ID, null if not specified.

x5u - The X.509 certificate URL, null if not specified.

x5t - The X.509 certificate thumbprint, null if not specified.

x5c - The X.509 certificate chain, null if not specified.

ECKey

public ECKey(ECKey.Curve crv,
     Base64URL x,
     Base64URL y,
     Base64URL d,
     KeyUse use,
     Set<KeyOperation> ops,
     Algorithm alg,
     String kid,
     URL x5u,
     Base64URL x5t,
     List<Base64> x5c)

Creates a new public / private Elliptic Curve JSON Web Key (JWK) with the specified parameters.

Parameters:

crv - The cryptographic curve. Must not be null.

x - The public 'x' coordinate for the elliptic curve point. It is represented as the Base64URL encoding of the coordinate's big endian representation. Must not be null.

y - The public 'y' coordinate for the elliptic curve point. It is represented as the Base64URL encoding of the coordinate's big endian representation. Must not be null.

d - The private 'd' coordinate for the elliptic curve point. It is represented as the Base64URL encoding of the coordinate's big endian representation. Must not be null.

use - The key use, null if not specified or if the key is intended for signing as well as encryption.

ops - The key operations, null if not specified.

alg - The intended JOSE algorithm for the key, null if not specified.

kid - The key ID, null if not specified.

x5u - The X.509 certificate URL, null if not specified.

x5t - The X.509 certificate thumbprint, null if not specified.

x5c - The X.509 certificate chain, null if not specified.

ECKey

public ECKey(ECKey.Curve crv,
     ECPublicKey pub,
     KeyUse use,
     Set<KeyOperation> ops,
     Algorithm alg,
     String kid,
     URL x5u,
     Base64URL x5t,
     List<Base64> x5c)

Creates a new public Elliptic Curve JSON Web Key (JWK) with the specified parameters.

Parameters:

crv - The cryptographic curve. Must not be null.

pub - The public EC key to represent. Must not be null.

use - The key use, null if not specified or if the key is intended for signing as well as encryption.

ops - The key operations, null if not specified.

alg - The intended JOSE algorithm for the key, null if not specified.

kid - The key ID, null if not specified.

x5u - The X.509 certificate URL, null if not specified.

x5t - The X.509 certificate thumbprint, null if not specified.

x5c - The X.509 certificate chain, null if not specified.

ECKey

public ECKey(ECKey.Curve crv,
     ECPublicKey pub,
     ECPrivateKey priv,
     KeyUse use,
     Set<KeyOperation> ops,
     Algorithm alg,
     String kid,
     URL x5u,
     Base64URL x5t,
     List<Base64> x5c)

Creates a new public / private Elliptic Curve JSON Web Key (JWK) with the specified parameters.

Parameters:

crv - The cryptographic curve. Must not be null.

pub - The public EC key to represent. Must not be null.

priv - The private EC key to represent. Must not be null.

use - The key use, null if not specified or if the key is intended for signing as well as encryption.

ops - The key operations, null if not specified.

alg - The intended JOSE algorithm for the key, null if not specified.

kid - The key ID, null if not specified.

x5u - The X.509 certificate URL, null if not specified.

x5t - The X.509 certificate thumbprint, null if not specified.

x5c - The X.509 certificate chain, null if not specified.

Method Detail

encodeCoordinate

public static Base64URL encodeCoordinate(int fieldSize,
                         BigInteger coordinate)

Returns the Base64URL encoding of the specified elliptic curve 'x', 'y' or 'd' coordinate, with leading zero padding up to the specified field size in bits.

Parameters:

fieldSize - The field size in bits.

coordinate - The elliptic curve coordinate. Must not be null.

Returns:

The Base64URL-encoded coordinate, with leading zero padding up to the curve's field size.

getCurve

public ECKey.Curve getCurve()

Gets the cryptographic curve.

Returns:

The cryptographic curve.

getX

public Base64URL getX()

Gets the public 'x' coordinate for the elliptic curve point.

Returns:

The 'x' coordinate. It is represented as the Base64URL encoding of the coordinate's big endian representation.

getY

public Base64URL getY()

Gets the public 'y' coordinate for the elliptic curve point.

Returns:

The 'y' coordinate. It is represented as the Base64URL encoding of the coordinate's big endian representation.

getD

public Base64URL getD()

Gets the private 'd' coordinate for the elliptic curve point. It is represented as the Base64URL encoding of the coordinate's big endian representation.

Returns:

The 'd' coordinate. It is represented as the Base64URL encoding of the coordinate's big endian representation. null if not specified (for a public key).

toECPublicKey

public ECPublicKey toECPublicKey()
                          throws NoSuchAlgorithmException,
                                 InvalidKeySpecException

Returns a standard java.security.interfaces.ECPublicKey representation of this Elliptic Curve JWK.

Returns:

The public Elliptic Curve key.

Throws:

NoSuchAlgorithmException - If EC is not supported by the underlying Java Cryptography (JCA) provider.

InvalidKeySpecException - If the JWK key parameters are invalid for a public EC key.

toECPrivateKey

public ECPrivateKey toECPrivateKey()
                            throws NoSuchAlgorithmException,
                                   InvalidKeySpecException

Returns a standard java.security.interfaces.ECPrivateKey representation of this Elliptic Curve JWK.

Returns:

The private Elliptic Curve key, null if not specified by this JWK.

Throws:

NoSuchAlgorithmException - If EC is not supported by the underlying Java Cryptography (JCA) provider.

InvalidKeySpecException - If the JWK key parameters are invalid for a private EC key.

toKeyPair

public KeyPair toKeyPair()
                  throws NoSuchAlgorithmException,
                         InvalidKeySpecException

Returns a standard java.security.KeyPair representation of this Elliptic Curve JWK.

Returns:

The Elliptic Curve key pair. The private Elliptic Curve key will be null if not specified.

Throws:

NoSuchAlgorithmException - If EC is not supported by the underlying Java Cryptography (JCA) provider.

InvalidKeySpecException - If the JWK key parameters are invalid for a public and / or private EC key.

isPrivate

public boolean isPrivate()

Description copied from class: JWK

Returns true if this JWK contains private or sensitive (non-public) parameters.

Specified by:

isPrivate in class JWK

Returns:

true if this JWK contains private parameters, else false.

toPublicJWK

public ECKey toPublicJWK()

Returns a copy of this Elliptic Curve JWK with any private values removed.

Specified by:

toPublicJWK in class JWK

Returns:

The copied public Elliptic Curve JWK.

toJSONObject

public net.minidev.json.JSONObject toJSONObject()

Description copied from class: JWK

Returns a JSON object representation of this JWK. This method is intended to be called from extending classes.

Example:

 {
   "kty" : "RSA",
   "use" : "sig",
   "kid" : "fd28e025-8d24-48bc-a51a-e2ffc8bc274b"
 }
 

Overrides:

toJSONObject in class JWK

Returns:

The JSON object representation.

parse

public static ECKey parse(String s)
                   throws ParseException

Parses a public / private Elliptic Curve JWK from the specified JSON object string representation.

Parameters:

s - The JSON object string to parse. Must not be null.

Returns:

The public / private Elliptic Curve JWK.

Throws:

ParseException - If the string couldn't be parsed to an Elliptic Curve JWK.

parse

public static ECKey parse(net.minidev.json.JSONObject jsonObject)
                   throws ParseException

Parses a public / private Elliptic Curve JWK from the specified JSON object representation.

Parameters:

jsonObject - The JSON object to parse. Must not be null.

Returns:

The public / private Elliptic Curve JWK.

Throws:

ParseException - If the JSON object couldn't be parsed to an Elliptic Curve JWK.