Package com.nimbusds.jose.jwk

Class OctetKeyPair

java.lang.Object
com.nimbusds.jose.jwk.JWK
com.nimbusds.jose.jwk.OctetKeyPair
All Implemented Interfaces:
AsymmetricJWK, CurveBasedJWK, Serializable
@Immutable public class OctetKeyPair extends JWK implements AsymmetricJWK, CurveBasedJWK
Octet key pair JSON Web Key (JWK), used to represent Edwards-curve keys. This class is immutable.

Supported curves:

Example JSON object representation of a public OKP JWK: 

 {
   "kty" : "OKP",
   "crv" : "Ed25519",
   "x"   : "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo",
   "use" : "sig",
   "kid" : "1"
 }

Example JSON object representation of a private OKP JWK: 

 {
   "kty" : "OKP",
   "crv" : "Ed25519",
   "x"   : "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo",
   "d"   : "nWGxne_9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A",
   "use" : "sig",
   "kid" : "1"
 }

Use the builder to create a new OKP JWK: 

 OctetKeyPair key = new OctetKeyPair.Builder(Curve.Ed25519, x)
        .keyUse(KeyUse.SIGNATURE)
        .keyID("1")
        .build();
Version:
2024-04-27
Author:
Vladimir Dzhuvinov
See Also:

  • Field Details

  • Constructor Details

    • OctetKeyPair

      @Deprecated public OctetKeyPair(Curve crv, Base64URL x, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, KeyStore ks)
      Deprecated.
      Creates a new public Octet Key Pair JSON Web Key (JWK) with the specified parameters.
      Parameters:
      crv - The cryptographic curve. Must not be null.
      x - The public 'x' parameter. Must not be null.
      use - The key use, null if not specified or if the key is intended for signing as well as encryption.
      ops - The key operations, null if not specified.
      alg - The intended JOSE algorithm for the key, null if not specified.
      kid - The key ID, null if not specified.
      x5u - The X.509 certificate URL, null if not specified.
      x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
      x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
      x5c - The X.509 certificate chain, null if not specified.
      ks - Reference to the underlying key store, null if not specified.

    • OctetKeyPair

      @Deprecated public OctetKeyPair(Curve crv, Base64URL x, Base64URL d, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, KeyStore ks)
      Deprecated.
      Creates a new public / private Octet Key Pair JSON Web Key (JWK) with the specified parameters.
      Parameters:
      crv - The cryptographic curve. Must not be null.
      x - The public 'x' parameter. Must not be null.
      d - The private 'd' parameter. Must not be null.
      use - The key use, null if not specified or if the key is intended for signing as well as encryption.
      ops - The key operations, null if not specified.
      alg - The intended JOSE algorithm for the key, null if not specified.
      kid - The key ID, null if not specified.
      x5u - The X.509 certificate URL, null if not specified.
      x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
      x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
      x5c - The X.509 certificate chain, null if not specified.
      ks - Reference to the underlying key store, null if not specified.

    • OctetKeyPair

      @Deprecated public OctetKeyPair(Curve crv, Base64URL x, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, Date exp, Date nbf, Date iat, KeyStore ks)
      Deprecated.
      Creates a new public Octet Key Pair JSON Web Key (JWK) with the specified parameters.
      Parameters:
      crv - The cryptographic curve. Must not be null.
      x - The public 'x' parameter. Must not be null.
      use - The key use, null if not specified or if the key is intended for signing as well as encryption.
      ops - The key operations, null if not specified.
      alg - The intended JOSE algorithm for the key, null if not specified.
      kid - The key ID, null if not specified.
      x5u - The X.509 certificate URL, null if not specified.
      x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
      x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
      x5c - The X.509 certificate chain, null if not specified.
      exp - The key expiration time, null if not specified.
      nbf - The key not-before time, null if not specified.
      iat - The key issued-at time, null if not specified.
      ks - Reference to the underlying key store, null if not specified.

    • OctetKeyPair

      public OctetKeyPair(Curve crv, Base64URL x, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, Date exp, Date nbf, Date iat, KeyRevocation revocation, KeyStore ks)
      Creates a new public Octet Key Pair JSON Web Key (JWK) with the specified parameters.
      Parameters:
      crv - The cryptographic curve. Must not be null.
      x - The public 'x' parameter. Must not be null.
      use - The key use, null if not specified or if the key is intended for signing as well as encryption.
      ops - The key operations, null if not specified.
      alg - The intended JOSE algorithm for the key, null if not specified.
      kid - The key ID, null if not specified.
      x5u - The X.509 certificate URL, null if not specified.
      x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
      x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
      x5c - The X.509 certificate chain, null if not specified.
      exp - The key expiration time, null if not specified.
      nbf - The key not-before time, null if not specified.
      iat - The key issued-at time, null if not specified.
      revocation - The key revocation, null if not specified.
      ks - Reference to the underlying key store, null if not specified.

    • OctetKeyPair

      @Deprecated public OctetKeyPair(Curve crv, Base64URL x, Base64URL d, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, Date exp, Date nbf, Date iat, KeyStore ks)
      Deprecated.
      Creates a new public / private Octet Key Pair JSON Web Key (JWK) with the specified parameters.
      Parameters:
      crv - The cryptographic curve. Must not be null.
      x - The public 'x' parameter. Must not be null.
      d - The private 'd' parameter. Must not be null.
      use - The key use, null if not specified or if the key is intended for signing as well as encryption.
      ops - The key operations, null if not specified.
      alg - The intended JOSE algorithm for the key, null if not specified.
      kid - The key ID, null if not specified.
      x5u - The X.509 certificate URL, null if not specified.
      x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
      x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
      x5c - The X.509 certificate chain, null if not specified.
      exp - The key expiration time, null if not specified.
      nbf - The key not-before time, null if not specified.
      iat - The key issued-at time, null if not specified.
      ks - Reference to the underlying key store, null if not specified.

    • OctetKeyPair

      public OctetKeyPair(Curve crv, Base64URL x, Base64URL d, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, Date exp, Date nbf, Date iat, KeyRevocation revocation, KeyStore ks)
      Creates a new public / private Octet Key Pair JSON Web Key (JWK) with the specified parameters.
      Parameters:
      crv - The cryptographic curve. Must not be null.
      x - The public 'x' parameter. Must not be null.
      d - The private 'd' parameter. Must not be null.
      use - The key use, null if not specified or if the key is intended for signing as well as encryption.
      ops - The key operations, null if not specified.
      alg - The intended JOSE algorithm for the key, null if not specified.
      kid - The key ID, null if not specified.
      x5u - The X.509 certificate URL, null if not specified.
      x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
      x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
      x5c - The X.509 certificate chain, null if not specified.
      exp - The key expiration time, null if not specified.
      nbf - The key not-before time, null if not specified.
      iat - The key issued-at time, null if not specified.
      revocation - The key revocation, null if not specified.
      ks - Reference to the underlying key store, null if not specified.

  • Method Details

    • getCurve

      public Curve getCurve()
      Description copied from interface: CurveBasedJWK
      Returns the cryptographic curve.
      Specified by:
      getCurve in interface CurveBasedJWK
      Returns:
      The cryptographic curve.

    • getX

      public Base64URL getX()
      Gets the public 'x' parameter.
      Returns:
      The public 'x' parameter.

    • getDecodedX

      public byte[] getDecodedX()
      Gets the public 'x' parameter, decoded from Base64.
      Returns:
      The public 'x' parameter in bytes.

    • getD

      public Base64URL getD()
      Gets the private 'd' parameter.
      Returns:
      The private 'd' coordinate, null if not specified (for a public key).

    • getDecodedD

      public byte[] getDecodedD()
      Gets the private 'd' parameter, decoded from Base64.
      Returns:
      The private 'd' coordinate in bytes, null if not specified (for a public key).

    • toPublicKey

      public PublicKey toPublicKey() throws JOSEException
      Description copied from interface: AsymmetricJWK
      Returns a Java public key representation of the JWK.
      Specified by:
      toPublicKey in interface AsymmetricJWK
      Returns:
      The Java public key.
      Throws:
      JOSEException - If conversion failed or is not supported.

    • toPrivateKey

      public PrivateKey toPrivateKey() throws JOSEException
      Description copied from interface: AsymmetricJWK
      Returns a Java private key representation of this JWK.
      Specified by:
      toPrivateKey in interface AsymmetricJWK
      Returns:
      The Java private key, null if not specified.
      Throws:
      JOSEException - If conversion failed or is not supported.

    • toKeyPair

      public KeyPair toKeyPair() throws JOSEException
      Description copied from interface: AsymmetricJWK
      Returns a Java key pair representation of this JWK.
      Specified by:
      toKeyPair in interface AsymmetricJWK
      Returns:
      The Java key pair. The private key will be null if not specified.
      Throws:
      JOSEException - If conversion failed or is not supported.

    • matches

      public boolean matches(X509Certificate cert)
      Description copied from interface: AsymmetricJWK
      Returns true if the public key material of this JWK matches the public subject key info of the specified X.509 certificate.
      Specified by:
      matches in interface AsymmetricJWK
      Parameters:
      cert - The X.509 certificate. Must not be null.
      Returns:
      true if the public key material of this JWK matches the public subject key info of the specified X.509 certificate, else false.

    • getRequiredParams

      public LinkedHashMap<String,?> getRequiredParams()
      Description copied from class: JWK
      Returns the required JWK parameters. Intended as input for JWK thumbprint computation. See RFC 7638 for more information.
      Specified by:
      getRequiredParams in class JWK
      Returns:
      The required JWK parameters, sorted alphanumerically by key name and ready for JSON serialisation.

    • isPrivate

      public boolean isPrivate()
      Description copied from class: JWK
      Returns true if this JWK contains private or sensitive (non-public) parameters.
      Specified by:
      isPrivate in class JWK
      Returns:
      true if this JWK contains private parameters, else false.

    • toPublicJWK

      public OctetKeyPair toPublicJWK()
      Returns a copy of this Octet Key Pair JWK with any private values removed.
      Specified by:
      toPublicJWK in class JWK
      Returns:
      The copied public Octet Key Pair JWK.

    • toJSONObject

      public Map<String,Object> toJSONObject()
      Description copied from class: JWK
      Returns a JSON object representation of this JWK. This method is intended to be called from extending classes.

      Example: 

       {
   "kty" : "RSA",
   "use" : "sig",
   "kid" : "fd28e025-8d24-48bc-a51a-e2ffc8bc274b"
 }
      Overrides:
      toJSONObject in class JWK
      Returns:
      The JSON object representation.

    • size

      public int size()
      Description copied from class: JWK
      Returns the size of this JWK.
      Specified by:
      size in class JWK
      Returns:
      The JWK size, in bits.

    • parse

      public static OctetKeyPair parse(String s) throws ParseException
      Parses a public / private Octet Key Pair JWK from the specified JSON object string representation.
      Parameters:
      s - The JSON object string to parse. Must not be null.
      Returns:
      The public / private Octet Key Pair JWK.
      Throws:
      ParseException - If the string couldn't be parsed to an Octet Key Pair JWK.

    • parse

      public static OctetKeyPair parse(Map<String,Object> jsonObject) throws ParseException
      Parses a public / private Octet Key Pair JWK from the specified JSON object representation.
      Parameters:
      jsonObject - The JSON object to parse. Must not be null.
      Returns:
      The public / private Octet Key Pair JWK.
      Throws:
      ParseException - If the JSON object couldn't be parsed to an Octet Key Pair JWK.

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class JWK

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class JWK