@ThreadSafe public class RSASSASigner extends RSASSAProvider implements JWSSigner
JWS objects
. Expects a private RSA key.
See RFC 7518, sections 3.3 and 3.5 for more information.
This class is thread-safe.
Supports the following algorithms:
SUPPORTED_ALGORITHMS
Constructor and Description |
---|
RSASSASigner(PrivateKey privateKey)
Creates a new RSA Signature-Scheme-with-Appendix (RSASSA) signer.
|
RSASSASigner(PrivateKey privateKey,
boolean allowWeakKey)
Creates a new RSA Signature-Scheme-with-Appendix (RSASSA) signer.
|
RSASSASigner(RSAKey rsaJWK)
Creates a new RSA Signature-Scheme-with-Appendix (RSASSA) signer.
|
RSASSASigner(RSAKey rsaJWK,
boolean allowWeakKey)
Creates a new RSA Signature-Scheme-with-Appendix (RSASSA) signer.
|
Modifier and Type | Method and Description |
---|---|
PrivateKey |
getPrivateKey()
Gets the private RSA key.
|
Base64URL |
sign(JWSHeader header,
byte[] signingInput)
Signs the specified
input of a
JWS object . |
getJCAContext, supportedJWSAlgorithms
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
supportedJWSAlgorithms
getJCAContext
public RSASSASigner(PrivateKey privateKey)
privateKey
- The private RSA key. Its algorithm must be "RSA"
and its length at least 2048 bits. Note that the
length of an RSA key in a PKCS#11 store cannot be
checked. Must not be null
.public RSASSASigner(PrivateKey privateKey, boolean allowWeakKey)
privateKey
- The private RSA key. Its algorithm must be
"RSA" and its length at least 2048 bits. Note
that the length of an RSA key in a PKCS#11 store
cannot be checked. Must not be null
.allowWeakKey
- true
to allow an RSA key shorter than
2048 bits.public RSASSASigner(RSAKey rsaJWK) throws JOSEException
rsaJWK
- The RSA JSON Web Key (JWK). Must contain or reference
a private part. Its length must be at least 2048 bits.
Note that the length of an RSA key in a PKCS#11 store
cannot be checked. Must not be null
.JOSEException
- If the RSA JWK doesn't contain a private part
or its extraction failed.public RSASSASigner(RSAKey rsaJWK, boolean allowWeakKey) throws JOSEException
rsaJWK
- The RSA JSON Web Key (JWK). Must contain or
reference a private part. Its length must be at
least 2048 bits. Note that the length of an RSA
key in a PKCS#11 store cannot be checked. Must
not be null
.allowWeakKey
- true
to allow an RSA key shorter than
2048 bits.JOSEException
- If the RSA JWK doesn't contain a private part
or its extraction failed.public PrivateKey getPrivateKey()
RSAPrivateKey
may not be
possible if the key is located in a PKCS#11 store that
doesn't expose the private key parameters.public Base64URL sign(JWSHeader header, byte[] signingInput) throws JOSEException
JWSSigner
input
of a
JWS object
.sign
in interface JWSSigner
header
- The JSON Web Signature (JWS) header. Must
specify a supported JWS algorithm and must not
be null
.signingInput
- The input to sign. Must not be null
.JOSEException
- If the JWS algorithm is not supported, if a
critical header parameter is not supported or
marked for deferral to the application, or if
signing failed for some other internal reason.Copyright © 2020 Connect2id Ltd.. All rights reserved.