Package com.nimbusds.jose.jwk

Class OctetSequenceKey

  • All Implemented Interfaces:
    SecretJWK, Serializable
    @Immutable
public final class OctetSequenceKey
extends JWK
implements SecretJWK
    Octet sequence JSON Web Key (JWK), used to represent symmetric keys. This class is immutable.

    Octet sequence JWKs should specify the algorithm intended to be used with the key, unless the application uses other means or convention to determine the algorithm used.

    Example JSON object representation of an octet sequence JWK: 

     {
   "kty" : "oct",
   "alg" : "A128KW",
   "k"   : "GawgguFyGrWKav7AX4VKUg"
 }

    Use the builder to create a new octet JWK: 

     OctetSequenceKey key = new OctetSequenceKey.Builder(bytes)
        .keyID("123")
        .build();
    Version:
    2022-12-26
    Author:
    Justin Richer, Vladimir Dzhuvinov
    See Also:
    Serialized Form

    • Constructor Detail

      • OctetSequenceKey

        @Deprecated
public OctetSequenceKey​(Base64URL k,
                        KeyUse use,
                        Set<KeyOperation> ops,
                        Algorithm alg,
                        String kid,
                        URI x5u,
                        Base64URL x5t,
                        Base64URL x5t256,
                        List<Base64> x5c,
                        KeyStore ks)
        Deprecated.
        Creates a new octet sequence JSON Web Key (JWK) with the specified parameters.
        Parameters:
        k - The key value. It is represented as the Base64URL encoding of the value's big endian representation. Must not be null.
        use - The key use, null if not specified or if the key is intended for signing as well as encryption.
        ops - The key operations, null if not specified.
        alg - The intended JOSE algorithm for the key, null if not specified.
        kid - The key ID. null if not specified.
        x5u - The X.509 certificate URL, null if not specified.
        x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
        x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
        x5c - The X.509 certificate chain, null if not specified.
        ks - Reference to the underlying key store, null if not specified.

      • OctetSequenceKey

        public OctetSequenceKey​(Base64URL k,
                        KeyUse use,
                        Set<KeyOperation> ops,
                        Algorithm alg,
                        String kid,
                        URI x5u,
                        Base64URL x5t,
                        Base64URL x5t256,
                        List<Base64> x5c,
                        Date exp,
                        Date nbf,
                        Date iat,
                        KeyStore ks)
        Creates a new octet sequence JSON Web Key (JWK) with the specified parameters.
        Parameters:
        k - The key value. It is represented as the Base64URL encoding of the value's big endian representation. Must not be null.
        use - The key use, null if not specified or if the key is intended for signing as well as encryption.
        ops - The key operations, null if not specified.
        alg - The intended JOSE algorithm for the key, null if not specified.
        kid - The key ID. null if not specified.
        x5u - The X.509 certificate URL, null if not specified.
        x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
        x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
        x5c - The X.509 certificate chain, null if not specified.
        exp - The key expiration time, null if not specified.
        nbf - The key not-before time, null if not specified.
        iat - The key issued-at time, null if not specified.
        ks - Reference to the underlying key store, null if not specified.

    • Method Detail

      • getKeyValue

        public Base64URL getKeyValue()
        Returns the value of this octet sequence key.
        Returns:
        The key value. It is represented as the Base64URL encoding of the value's big endian representation.

      • toByteArray

        public byte[] toByteArray()
        Returns a copy of this octet sequence key value as a byte array.
        Returns:
        The key value as a byte array.

      • toSecretKey

        public SecretKey toSecretKey()
        Returns a secret key representation of this octet sequence key.
        Specified by:
        toSecretKey in interface SecretJWK
        Returns:
        The secret key representation, with an algorithm set to NONE.

      • toSecretKey

        public SecretKey toSecretKey​(String jcaAlg)
        Returns a secret key representation of this octet sequence key with the specified Java Cryptography Architecture (JCA) algorithm.
        Parameters:
        jcaAlg - The JCA algorithm. Must not be null.
        Returns:
        The secret key representation.

      • getRequiredParams

        public LinkedHashMap<String,​?> getRequiredParams()
        Description copied from class: JWK
        Returns the required JWK parameters. Intended as input for JWK thumbprint computation. See RFC 7638 for more information.
        Specified by:
        getRequiredParams in class JWK
        Returns:
        The required JWK parameters, sorted alphanumerically by key name and ready for JSON serialisation.

      • isPrivate

        public boolean isPrivate()
        Octet sequence (symmetric) keys are never considered public, this method always returns true.
        Specified by:
        isPrivate in class JWK
        Returns:
        true

      • size

        public int size()
        Description copied from class: JWK
        Returns the size of this JWK.
        Specified by:
        size in class JWK
        Returns:
        The JWK size, in bits.

      • toJSONObject

        public Map<String,​ObjecttoJSONObject()
        Description copied from class: JWK
        Returns a JSON object representation of this JWK. This method is intended to be called from extending classes.

        Example: 

         {
   "kty" : "RSA",
   "use" : "sig",
   "kid" : "fd28e025-8d24-48bc-a51a-e2ffc8bc274b"
 }
        Overrides:
        toJSONObject in class JWK
        Returns:
        The JSON object representation.

      • parse

        public static OctetSequenceKey parse​(String s)
                              throws ParseException
        Parses an octet sequence JWK from the specified JSON object string representation.
        Parameters:
        s - The JSON object string to parse. Must not be null.
        Returns:
        The octet sequence JWK.
        Throws:
        ParseException - If the string couldn't be parsed to an octet sequence JWK.

      • parse

        public static OctetSequenceKey parse​(Map<String,​Object> jsonObject)
                              throws ParseException
        Parses an octet sequence JWK from the specified JSON object representation.
        Parameters:
        jsonObject - The JSON object to parse. Must not be null.
        Returns:
        The octet sequence JWK.
        Throws:
        ParseException - If the JSON object couldn't be parsed to an octet sequence JWK.

      • load

        public static OctetSequenceKey load​(KeyStore keyStore,
                                    String alias,
                                    char[] pin)
                             throws KeyStoreException,
                                    JOSEException
        Loads an octet sequence JWK from the specified JCA key store.
        Parameters:
        keyStore - The key store. Must not be null.
        alias - The alias. Must not be null.
        pin - The pin to unlock the private key if any, empty or null if not required.
        Returns:
        The octet sequence JWK, null if no key with the specified alias was found.
        Throws:
        KeyStoreException - On a key store exception.
        JOSEException - If octet sequence key loading failed.