@Immutable public final class RSAKey extends JWK implements AsymmetricJWK
RSA
JSON Web Key (JWK). This class is
immutable.
Provides RSA JWK import from / export to the following standard Java interfaces and classes:
RSAPublicKey
RSAPrivateKey
PrivateKey
for an RSA key in a PKCS#11 store
KeyPair
Example JSON object representation of a public RSA JWK:
{ "kty" : "RSA", "n" : "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", "e" : "AQAB", "alg" : "RS256", "kid" : "2011-04-29" }
Example JSON object representation of a public and private RSA JWK (with both the first and the second private key representations):
{ "kty" : "RSA", "n" : "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", "e" : "AQAB", "d" : "X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9 M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d _cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", "p" : "83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", "q" : "3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", "dp" : "G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", "dq" : "s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9 GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", "qi" : "GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", "alg" : "RS256", "kid" : "2011-04-29" }
Use the builder to create a new RSA JWK:
RSAKey key = new RSAKey.Builder(n, e) .keyUse(KeyUse.SIGNATURE) .keyID("123") .build();
See RFC 3447.
See http://en.wikipedia.org/wiki/RSA_%28algorithm%29
Modifier and Type | Class and Description |
---|---|
static class |
RSAKey.Builder
Builder for constructing RSA JWKs.
|
static class |
RSAKey.OtherPrimesInfo
Other Primes Info, represents the private
oth parameter of a
RSA JWK. |
Constructor and Description |
---|
RSAKey(Base64URL n,
Base64URL e,
Base64URL d,
Base64URL p,
Base64URL q,
Base64URL dp,
Base64URL dq,
Base64URL qi,
List<RSAKey.OtherPrimesInfo> oth,
KeyUse use,
Set<KeyOperation> ops,
Algorithm alg,
String kid,
URI x5u,
Base64URL x5t,
Base64URL x5t256,
List<Base64> x5c)
Deprecated.
|
RSAKey(Base64URL n,
Base64URL e,
Base64URL d,
Base64URL p,
Base64URL q,
Base64URL dp,
Base64URL dq,
Base64URL qi,
List<RSAKey.OtherPrimesInfo> oth,
PrivateKey prv,
KeyUse use,
Set<KeyOperation> ops,
Algorithm alg,
String kid,
URI x5u,
Base64URL x5t,
Base64URL x5t256,
List<Base64> x5c,
KeyStore ks)
Creates a new public / private RSA JSON Web Key (JWK) with the
specified parameters.
|
RSAKey(Base64URL n,
Base64URL e,
Base64URL p,
Base64URL q,
Base64URL dp,
Base64URL dq,
Base64URL qi,
List<RSAKey.OtherPrimesInfo> oth,
KeyUse use,
Set<KeyOperation> ops,
Algorithm alg,
String kid,
URI x5u,
Base64URL x5t,
Base64URL x5t256,
List<Base64> x5c,
KeyStore ks)
Creates a new public / private RSA JSON Web Key (JWK) with the
specified parameters.
|
RSAKey(Base64URL n,
Base64URL e,
Base64URL d,
KeyUse use,
Set<KeyOperation> ops,
Algorithm alg,
String kid,
URI x5u,
Base64URL x5t,
Base64URL x5t256,
List<Base64> x5c,
KeyStore ks)
Creates a new public / private RSA JSON Web Key (JWK) with the
specified parameters.
|
RSAKey(Base64URL n,
Base64URL e,
KeyUse use,
Set<KeyOperation> ops,
Algorithm alg,
String kid,
URI x5u,
Base64URL x5t,
Base64URL x5t256,
List<Base64> x5c,
KeyStore ks)
Creates a new public RSA JSON Web Key (JWK) with the specified
parameters.
|
RSAKey(RSAPublicKey pub,
KeyUse use,
Set<KeyOperation> ops,
Algorithm alg,
String kid,
URI x5u,
Base64URL x5t,
Base64URL x5t256,
List<Base64> x5c,
KeyStore ks)
Creates a new public RSA JSON Web Key (JWK) with the specified
parameters.
|
RSAKey(RSAPublicKey pub,
PrivateKey priv,
KeyUse use,
Set<KeyOperation> ops,
Algorithm alg,
String kid,
URI x5u,
Base64URL x5t,
Base64URL x5t256,
List<Base64> x5c,
KeyStore ks)
Creates a new public / private RSA JSON Web Key (JWK) with the
specified parameters.
|
RSAKey(RSAPublicKey pub,
RSAMultiPrimePrivateCrtKey priv,
KeyUse use,
Set<KeyOperation> ops,
Algorithm alg,
String kid,
URI x5u,
Base64URL x5t,
Base64URL x5t256,
List<Base64> x5c,
KeyStore ks)
Creates a new public / private RSA JSON Web Key (JWK) with the
specified parameters.
|
RSAKey(RSAPublicKey pub,
RSAPrivateCrtKey priv,
KeyUse use,
Set<KeyOperation> ops,
Algorithm alg,
String kid,
URI x5u,
Base64URL x5t,
Base64URL x5t256,
List<Base64> x5c,
KeyStore ks)
Creates a new public / private RSA JSON Web Key (JWK) with the
specified parameters.
|
RSAKey(RSAPublicKey pub,
RSAPrivateKey priv,
KeyUse use,
Set<KeyOperation> ops,
Algorithm alg,
String kid,
URI x5u,
Base64URL x5t,
Base64URL x5t256,
List<Base64> x5c,
KeyStore ks)
Creates a new public / private RSA JSON Web Key (JWK) with the
specified parameters.
|
Modifier and Type | Method and Description |
---|---|
boolean |
equals(Object o) |
Base64URL |
getFirstCRTCoefficient()
Gets the first Chinese Remainder Theorem (CRT) coefficient
(
qi )} of the private RSA key. |
Base64URL |
getFirstFactorCRTExponent()
Gets the first factor Chinese Remainder Theorem (CRT) exponent
(
dp ) of the private RSA key. |
Base64URL |
getFirstPrimeFactor()
Gets the first prime factor (
p ) of the private RSA key. |
Base64URL |
getModulus()
Gets the modulus value (
n ) of the RSA key. |
List<RSAKey.OtherPrimesInfo> |
getOtherPrimes()
Gets the other primes information (
oth ) for the private RSA
key, should they exist. |
Base64URL |
getPrivateExponent()
Gets the private exponent (
d ) of the RSA key. |
Base64URL |
getPublicExponent()
Gets the public exponent (
e ) of the RSA key. |
LinkedHashMap<String,?> |
getRequiredParams()
Returns the required JWK parameters.
|
Base64URL |
getSecondFactorCRTExponent()
Gets the second factor Chinese Remainder Theorem (CRT) exponent
(
dq ) of the private RSA key. |
Base64URL |
getSecondPrimeFactor()
Gets the second prime factor (
q ) of the private RSA key. |
int |
hashCode() |
boolean |
isPrivate()
Returns
true if this JWK contains private or sensitive
(non-public) parameters. |
static RSAKey |
load(KeyStore keyStore,
String alias,
char[] pin)
Loads a public / private RSA JWK from the specified JCA key store.
|
boolean |
matches(X509Certificate cert)
Returns
true if the public key material of this JWK matches
the public subject key info of the specified X.509 certificate. |
static RSAKey |
parse(net.minidev.json.JSONObject jsonObject)
Parses a public / private RSA JWK from the specified JSON object
representation.
|
static RSAKey |
parse(String s)
Parses a public / private RSA JWK from the specified JSON object
string representation.
|
static RSAKey |
parse(X509Certificate cert)
Parses a public RSA JWK from the specified X.509 certificate.
|
int |
size()
Returns the size of this JWK.
|
net.minidev.json.JSONObject |
toJSONObject()
Returns a JSON object representation of this JWK.
|
KeyPair |
toKeyPair()
Returns a standard
java.security.KeyPair representation of
this RSA JWK. |
PrivateKey |
toPrivateKey()
Returns a Java private key representation of this JWK.
|
RSAKey |
toPublicJWK()
Returns a copy of this RSA JWK with any private values removed.
|
PublicKey |
toPublicKey()
Returns a Java public key representation of the JWK.
|
RSAPrivateKey |
toRSAPrivateKey()
Returns a standard
java.security.interfaces.RSAPrivateKey
representation of this RSA JWK. |
RSAPublicKey |
toRSAPublicKey()
Returns a standard
java.security.interfaces.RSAPublicKey
representation of this RSA JWK. |
computeThumbprint, computeThumbprint, getAlgorithm, getKeyID, getKeyOperations, getKeyStore, getKeyType, getKeyUse, getParsedX509CertChain, getX509CertChain, getX509CertSHA256Thumbprint, getX509CertThumbprint, getX509CertURL, parseFromPEMEncodedObjects, parseFromPEMEncodedX509Cert, toJSONString, toString
public RSAKey(Base64URL n, Base64URL e, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, KeyStore ks)
n
- The the modulus value for the public RSA key. It is
represented as the Base64URL encoding of value's big
endian representation. Must not be null
.e
- The exponent value for the public RSA key. It is
represented as the Base64URL encoding of value's big
endian representation. Must not be null
.use
- The key use, null
if not specified or if the
key is intended for signing as well as encryption.ops
- The key operations, null
if not specified.alg
- The intended JOSE algorithm for the key, null
if not specified.kid
- The key ID. null
if not specified.x5u
- The X.509 certificate URL, null
if not
specified.x5t
- The X.509 certificate SHA-1 thumbprint, null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint, null
if not specified.x5c
- The X.509 certificate chain, null
if not
specified.ks
- Reference to the underlying key store, null
if
not specified.public RSAKey(Base64URL n, Base64URL e, Base64URL d, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, KeyStore ks)
n
- The the modulus value for the public RSA key. It is
represented as the Base64URL encoding of value's big
endian representation. Must not be null
.e
- The exponent value for the public RSA key. It is
represented as the Base64URL encoding of value's big
endian representation. Must not be null
.d
- The private exponent. It is represented as the
Base64URL encoding of the value's big endian
representation. Must not be null
.use
- The key use, null
if not specified or if the
key is intended for signing as well as encryption.ops
- The key operations, null
if not specified.alg
- The intended JOSE algorithm for the key, null
if not specified.kid
- The key ID. null
if not specified.x5u
- The X.509 certificate URL, null
if not
specified.x5t
- The X.509 certificate SHA-1 thumbprint, null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint, null
if not specified.x5c
- The X.509 certificate chain, null
if not
specified.ks
- Reference to the underlying key store, null
if
not specified.public RSAKey(Base64URL n, Base64URL e, Base64URL p, Base64URL q, Base64URL dp, Base64URL dq, Base64URL qi, List<RSAKey.OtherPrimesInfo> oth, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, KeyStore ks)
n
- The the modulus value for the public RSA key. It is
represented as the Base64URL encoding of value's big
endian representation. Must not be null
.e
- The exponent value for the public RSA key. It is
represented as the Base64URL encoding of value's big
endian representation. Must not be null
.p
- The first prime factor. It is represented as the
Base64URL encoding of the value's big endian
representation. Must not be null
.q
- The second prime factor. It is represented as the
Base64URL encoding of the value's big endian
representation. Must not be null
.dp
- The first factor Chinese Remainder Theorem exponent.
It is represented as the Base64URL encoding of the
value's big endian representation. Must not be
null
.dq
- The second factor Chinese Remainder Theorem exponent.
It is represented as the Base64URL encoding of the
value's big endian representation. Must not be
null
.qi
- The first Chinese Remainder Theorem coefficient. It is
represented as the Base64URL encoding of the value's
big endian representation. Must not be null
.oth
- The other primes information, should they exist,
null
or an empty list if not specified.use
- The key use, null
if not specified or if the
key is intended for signing as well as encryption.ops
- The key operations, null
if not specified.alg
- The intended JOSE algorithm for the key, null
if not specified.kid
- The key ID. null
if not specified.x5u
- The X.509 certificate URL, null
if not
specified.x5t
- The X.509 certificate SHA-1 thumbprint, null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint, null
if not specified.x5c
- The X.509 certificate chain, null
if not
specified.ks
- Reference to the underlying key store, null
if
not specified.@Deprecated public RSAKey(Base64URL n, Base64URL e, Base64URL d, Base64URL p, Base64URL q, Base64URL dp, Base64URL dq, Base64URL qi, List<RSAKey.OtherPrimesInfo> oth, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c)
A valid first private RSA key representation must specify the
d
parameter.
A valid second private RSA key representation must specify all
required Chinese Remainder Theorem (CRT) parameters - p
,
q
, dp
, dq
and qi
, else an
IllegalArgumentException
will be thrown.
n
- The the modulus value for the public RSA key. It is
represented as the Base64URL encoding of value's big
endian representation. Must not be null
.e
- The exponent value for the public RSA key. It is
represented as the Base64URL encoding of value's big
endian representation. Must not be null
.d
- The private exponent. It is represented as the Base64URL
encoding of the value's big endian representation. May
be null
.p
- The first prime factor. It is represented as the
Base64URL encoding of the value's big endian
representation. May be null
.q
- The second prime factor. It is represented as the
Base64URL encoding of the value's big endian
representation. May be null
.dp
- The first factor Chinese Remainder Theorem exponent. It
is represented as the Base64URL encoding of the value's
big endian representation. May be null
.dq
- The second factor Chinese Remainder Theorem exponent. It
is represented as the Base64URL encoding of the value's
big endian representation. May be null
.qi
- The first Chinese Remainder Theorem coefficient. It is
represented as the Base64URL encoding of the value's big
endian representation. May be null
.oth
- The other primes information, should they exist,
null
or an empty list if not specified.use
- The key use, null
if not specified or if the key
is intended for signing as well as encryption.ops
- The key operations, null
if not specified.alg
- The intended JOSE algorithm for the key, null
if
not specified.kid
- The key ID. null
if not specified.x5u
- The X.509 certificate URL, null
if not specified.x5t
- The X.509 certificate SHA-1 thumbprint, null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint, null
if not specified.x5c
- The X.509 certificate chain, null
if not
specified.public RSAKey(Base64URL n, Base64URL e, Base64URL d, Base64URL p, Base64URL q, Base64URL dp, Base64URL dq, Base64URL qi, List<RSAKey.OtherPrimesInfo> oth, PrivateKey prv, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, KeyStore ks)
PrivateKey
.
A valid first private RSA key representation must specify the
d
parameter.
A valid second private RSA key representation must specify all
required Chinese Remainder Theorem (CRT) parameters - p
,
q
, dp
, dq
and qi
, else an
IllegalArgumentException
will be thrown.
n
- The the modulus value for the public RSA key. It is
represented as the Base64URL encoding of value's big
endian representation. Must not be null
.e
- The exponent value for the public RSA key. It is
represented as the Base64URL encoding of value's big
endian representation. Must not be null
.d
- The private exponent. It is represented as the Base64URL
encoding of the value's big endian representation. May
be null
.p
- The first prime factor. It is represented as the
Base64URL encoding of the value's big endian
representation. May be null
.q
- The second prime factor. It is represented as the
Base64URL encoding of the value's big endian
representation. May be null
.dp
- The first factor Chinese Remainder Theorem exponent. It
is represented as the Base64URL encoding of the value's
big endian representation. May be null
.dq
- The second factor Chinese Remainder Theorem exponent. It
is represented as the Base64URL encoding of the value's
big endian representation. May be null
.qi
- The first Chinese Remainder Theorem coefficient. It is
represented as the Base64URL encoding of the value's big
endian representation. May be null
.oth
- The other primes information, should they exist,
null
or an empty list if not specified.use
- The key use, null
if not specified or if the key
is intended for signing as well as encryption.ops
- The key operations, null
if not specified.alg
- The intended JOSE algorithm for the key, null
if
not specified.kid
- The key ID. null
if not specified.x5u
- The X.509 certificate URL, null
if not specified.x5t
- The X.509 certificate SHA-1 thumbprint, null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint, null
if not specified.x5c
- The X.509 certificate chain, null
if not
specified.ks
- Reference to the underlying key store, null
if
not specified.public RSAKey(RSAPublicKey pub, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, KeyStore ks)
pub
- The public RSA key to represent. Must not be
null
.use
- The key use, null
if not specified or if the
key is intended for signing as well as encryption.ops
- The key operations, null
if not specified.alg
- The intended JOSE algorithm for the key, null
if not specified.kid
- The key ID. null
if not specified.x5u
- The X.509 certificate URL, null
if not
specified.x5t
- The X.509 certificate SHA-1 thumbprint, null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint, null
if not specified.x5c
- The X.509 certificate chain, null
if not
specified.ks
- Reference to the underlying key store, null
if
not specified.public RSAKey(RSAPublicKey pub, RSAPrivateKey priv, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, KeyStore ks)
pub
- The public RSA key to represent. Must not be
null
.priv
- The private RSA key to represent. Must not be
null
.use
- The key use, null
if not specified or if the
key is intended for signing as well as encryption.ops
- The key operations, null
if not specified.alg
- The intended JOSE algorithm for the key, null
if not specified.kid
- The key ID. null
if not specified.x5u
- The X.509 certificate URL, null
if not
specified.x5t
- The X.509 certificate SHA-1 thumbprint, null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint, null
if not specified.x5c
- The X.509 certificate chain, null
if not
specified.ks
- Reference to the underlying key store, null
if
not specified.public RSAKey(RSAPublicKey pub, RSAPrivateCrtKey priv, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, KeyStore ks)
pub
- The public RSA key to represent. Must not be
null
.priv
- The private RSA key to represent. Must not be
null
.use
- The key use, null
if not specified or if the
key is intended for signing as well as encryption.ops
- The key operations, null
if not specified.alg
- The intended JOSE algorithm for the key, null
if not specified.kid
- The key ID. null
if not specified.x5u
- The X.509 certificate URL, null
if not
specified.x5t
- The X.509 certificate SHA-1 thumbprint, null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint, null
if not specified.x5c
- The X.509 certificate chain, null
if not
specified.ks
- Reference to the underlying key store, null
if
not specified.public RSAKey(RSAPublicKey pub, RSAMultiPrimePrivateCrtKey priv, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, KeyStore ks)
pub
- The public RSA key to represent. Must not be
null
.priv
- The private RSA key to represent. Must not be
null
.use
- The key use, null
if not specified or if the
key is intended for signing as well as encryption.ops
- The key operations, null
if not specified.alg
- The intended JOSE algorithm for the key, null
if not specified.kid
- The key ID. null
if not specified.x5u
- The X.509 certificate URL, null
if not
specified.x5t
- The X.509 certificate SHA-1 thumbprint, null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint, null
if not specified.x5c
- The X.509 certificate chain, null
if not
specified.ks
- Reference to the underlying key store, null
if
not specified.public RSAKey(RSAPublicKey pub, PrivateKey priv, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, KeyStore ks)
pub
- The public RSA key to represent. Must not be
null
.priv
- The private RSA key as PKCS#11 handle, null
if
not specified.use
- The key use, null
if not specified or if the
key is intended for signing as well as encryption.ops
- The key operations, null
if not specified.alg
- The intended JOSE algorithm for the key, null
if not specified.kid
- The key ID. null
if not specified.x5u
- The X.509 certificate URL, null
if not
specified.x5t
- The X.509 certificate SHA-1 thumbprint, null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint, null
if not specified.x5c
- The X.509 certificate chain, null
if not
specified.ks
- Reference to the underlying key store, null
if
not specified.public Base64URL getModulus()
n
) of the RSA key.public Base64URL getPublicExponent()
e
) of the RSA key.public Base64URL getPrivateExponent()
d
) of the RSA key.null
if not specified (for a public key or a private
key using the second representation only).public Base64URL getFirstPrimeFactor()
p
) of the private RSA key.null
if not specified (for a public key or a private
key using the first representation only).public Base64URL getSecondPrimeFactor()
q
) of the private RSA key.null
if not specified (for a public key or a private
key using the first representation only).public Base64URL getFirstFactorCRTExponent()
dp
) of the private RSA key.null
if not specified (for a public key or a private
key using the first representation only).public Base64URL getSecondFactorCRTExponent()
dq
) of the private RSA key.null
if not specified (for a public key or a private
key using the first representation only).public Base64URL getFirstCRTCoefficient()
qi
)} of the private RSA key.null
if not specified (for a public key or a private
key using the first representation only).public List<RSAKey.OtherPrimesInfo> getOtherPrimes()
oth
) for the private RSA
key, should they exist.null
or empty list
if not specified.public RSAPublicKey toRSAPublicKey() throws JOSEException
java.security.interfaces.RSAPublicKey
representation of this RSA JWK.JOSEException
- If RSA is not supported by the underlying Java
Cryptography (JCA) provider or if the JWK
parameters are invalid for a public RSA key.public RSAPrivateKey toRSAPrivateKey() throws JOSEException
java.security.interfaces.RSAPrivateKey
representation of this RSA JWK.null
if not specified by this
JWK.JOSEException
- If RSA is not supported by the underlying Java
Cryptography (JCA) provider or if the JWK
parameters are invalid for a private RSA key.public PublicKey toPublicKey() throws JOSEException
AsymmetricJWK
toPublicKey
in interface AsymmetricJWK
JOSEException
- If conversion failed or is not supported.public PrivateKey toPrivateKey() throws JOSEException
AsymmetricJWK
toPrivateKey
in interface AsymmetricJWK
null
if not specified.JOSEException
- If conversion failed or is not supported.public KeyPair toKeyPair() throws JOSEException
java.security.KeyPair
representation of
this RSA JWK.toKeyPair
in interface AsymmetricJWK
null
if not specified.JOSEException
- If RSA is not supported by the underlying Java
Cryptography (JCA) provider or if the JWK
parameters are invalid for a public and / or
private RSA key.public boolean matches(X509Certificate cert)
AsymmetricJWK
true
if the public key material of this JWK matches
the public subject key info of the specified X.509 certificate.matches
in interface AsymmetricJWK
cert
- The X.509 certificate. Must not be null
.true
if the public key material of this JWK matches
the public subject key info of the specified X.509
certificate, else false
.public LinkedHashMap<String,?> getRequiredParams()
JWK
getRequiredParams
in class JWK
public boolean isPrivate()
JWK
true
if this JWK contains private or sensitive
(non-public) parameters.public RSAKey toPublicJWK()
toPublicJWK
in class JWK
public net.minidev.json.JSONObject toJSONObject()
JWK
Example:
{ "kty" : "RSA", "use" : "sig", "kid" : "fd28e025-8d24-48bc-a51a-e2ffc8bc274b" }
toJSONObject
in class JWK
public static RSAKey parse(String s) throws ParseException
s
- The JSON object string to parse. Must not be null
.ParseException
- If the string couldn't be parsed to an RSA
JWK.public static RSAKey parse(net.minidev.json.JSONObject jsonObject) throws ParseException
jsonObject
- The JSON object to parse. Must not be
null
.ParseException
- If the JSON object couldn't be parsed to an
RSA JWK.public static RSAKey parse(X509Certificate cert) throws JOSEException
Important: The X.509 certificate is not validated!
Sets the following JWK parameters:
KeyUse.from(java.security.cert.X509Certificate)
.
cert
- The X.509 certificate. Must not be null
.JOSEException
- If parsing failed.public static RSAKey load(KeyStore keyStore, String alias, char[] pin) throws KeyStoreException, JOSEException
Important: The X.509 certificate is not validated!
keyStore
- The key store. Must not be null
.alias
- The alias. Must not be null
.pin
- The pin to unlock the private key if any, empty or
null
if not required.null
if no key with
the specified alias was found.KeyStoreException
- On a key store exception.JOSEException
- If RSA key loading failed.Copyright © 2019 Connect2id Ltd.. All rights reserved.