Package com.nimbusds.jose.jwk
Class OctetKeyPair
java.lang.Object
com.nimbusds.jose.jwk.JWK
com.nimbusds.jose.jwk.OctetKeyPair
- All Implemented Interfaces:
AsymmetricJWK
,CurveBasedJWK
,Serializable
Octet key pair
JSON Web Key (JWK), used to represent
Edwards-curve keys. This class is immutable.
Supported curves:
Example JSON object representation of a public OKP JWK:
{ "kty" : "OKP", "crv" : "Ed25519", "x" : "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo", "use" : "sig", "kid" : "1" }
Example JSON object representation of a private OKP JWK:
{ "kty" : "OKP", "crv" : "Ed25519", "x" : "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo", "d" : "nWGxne_9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A", "use" : "sig", "kid" : "1" }
Use the builder to create a new OKP JWK:
OctetKeyPair key = new OctetKeyPair.Builder(Curve.Ed25519, x) .keyUse(KeyUse.SIGNATURE) .keyID("1") .build();
- Version:
- 2024-04-27
- Author:
- Vladimir Dzhuvinov
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic class
Builder for constructing Octet Key Pair JWKs. -
Field Summary
FieldsModifier and TypeFieldDescriptionSupported Edwards curves. -
Constructor Summary
ConstructorsConstructorDescriptionOctetKeyPair
(Curve crv, Base64URL x, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, KeyStore ks) Deprecated.OctetKeyPair
(Curve crv, Base64URL x, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, Date exp, Date nbf, Date iat, KeyRevocation revocation, KeyStore ks) Creates a new public Octet Key Pair JSON Web Key (JWK) with the specified parameters.OctetKeyPair
(Curve crv, Base64URL x, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, Date exp, Date nbf, Date iat, KeyStore ks) Deprecated.OctetKeyPair
(Curve crv, Base64URL x, Base64URL d, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, KeyStore ks) Deprecated.OctetKeyPair
(Curve crv, Base64URL x, Base64URL d, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, Date exp, Date nbf, Date iat, KeyRevocation revocation, KeyStore ks) Creates a new public / private Octet Key Pair JSON Web Key (JWK) with the specified parameters.OctetKeyPair
(Curve crv, Base64URL x, Base64URL d, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, Date exp, Date nbf, Date iat, KeyStore ks) Deprecated. -
Method Summary
Modifier and TypeMethodDescriptionboolean
getCurve()
Returns the cryptographic curve.getD()
Gets the private 'd' parameter.byte[]
Gets the private 'd' parameter, decoded from Base64.byte[]
Gets the public 'x' parameter, decoded from Base64.Returns the required JWK parameters.getX()
Gets the public 'x' parameter.int
hashCode()
boolean
Returnstrue
if this JWK contains private or sensitive (non-public) parameters.boolean
matches
(X509Certificate cert) Returnstrue
if the public key material of this JWK matches the public subject key info of the specified X.509 certificate.static OctetKeyPair
Parses a public / private Octet Key Pair JWK from the specified JSON object string representation.static OctetKeyPair
Parses a public / private Octet Key Pair JWK from the specified JSON object representation.int
size()
Returns the size of this JWK.Returns a JSON object representation of this JWK.Returns a Java key pair representation of this JWK.Returns a Java private key representation of this JWK.Returns a copy of this Octet Key Pair JWK with any private values removed.Returns a Java public key representation of the JWK.Methods inherited from class com.nimbusds.jose.jwk.JWK
computeThumbprint, computeThumbprint, computeThumbprintURI, getAlgorithm, getExpirationTime, getIssueTime, getKeyID, getKeyOperations, getKeyRevocation, getKeyStore, getKeyType, getKeyUse, getNotBeforeTime, getParsedX509CertChain, getX509CertChain, getX509CertSHA256Thumbprint, getX509CertThumbprint, getX509CertURL, load, parse, parseFromPEMEncodedObjects, parseFromPEMEncodedX509Cert, toECKey, toJSONString, toOctetKeyPair, toOctetSequenceKey, toRSAKey, toString
-
Field Details
-
SUPPORTED_CURVES
Supported Edwards curves.
-
-
Constructor Details
-
OctetKeyPair
@Deprecated public OctetKeyPair(Curve crv, Base64URL x, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, KeyStore ks) Deprecated.Creates a new public Octet Key Pair JSON Web Key (JWK) with the specified parameters.- Parameters:
crv
- The cryptographic curve. Must not benull
.x
- The public 'x' parameter. Must not benull
.use
- The key use,null
if not specified or if the key is intended for signing as well as encryption.ops
- The key operations,null
if not specified.alg
- The intended JOSE algorithm for the key,null
if not specified.kid
- The key ID,null
if not specified.x5u
- The X.509 certificate URL,null
if not specified.x5t
- The X.509 certificate SHA-1 thumbprint,null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint,null
if not specified.x5c
- The X.509 certificate chain,null
if not specified.ks
- Reference to the underlying key store,null
if not specified.
-
OctetKeyPair
@Deprecated public OctetKeyPair(Curve crv, Base64URL x, Base64URL d, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, KeyStore ks) Deprecated.Creates a new public / private Octet Key Pair JSON Web Key (JWK) with the specified parameters.- Parameters:
crv
- The cryptographic curve. Must not benull
.x
- The public 'x' parameter. Must not benull
.d
- The private 'd' parameter. Must not benull
.use
- The key use,null
if not specified or if the key is intended for signing as well as encryption.ops
- The key operations,null
if not specified.alg
- The intended JOSE algorithm for the key,null
if not specified.kid
- The key ID,null
if not specified.x5u
- The X.509 certificate URL,null
if not specified.x5t
- The X.509 certificate SHA-1 thumbprint,null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint,null
if not specified.x5c
- The X.509 certificate chain,null
if not specified.ks
- Reference to the underlying key store,null
if not specified.
-
OctetKeyPair
@Deprecated public OctetKeyPair(Curve crv, Base64URL x, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, Date exp, Date nbf, Date iat, KeyStore ks) Deprecated.Creates a new public Octet Key Pair JSON Web Key (JWK) with the specified parameters.- Parameters:
crv
- The cryptographic curve. Must not benull
.x
- The public 'x' parameter. Must not benull
.use
- The key use,null
if not specified or if the key is intended for signing as well as encryption.ops
- The key operations,null
if not specified.alg
- The intended JOSE algorithm for the key,null
if not specified.kid
- The key ID,null
if not specified.x5u
- The X.509 certificate URL,null
if not specified.x5t
- The X.509 certificate SHA-1 thumbprint,null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint,null
if not specified.x5c
- The X.509 certificate chain,null
if not specified.exp
- The key expiration time,null
if not specified.nbf
- The key not-before time,null
if not specified.iat
- The key issued-at time,null
if not specified.ks
- Reference to the underlying key store,null
if not specified.
-
OctetKeyPair
public OctetKeyPair(Curve crv, Base64URL x, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, Date exp, Date nbf, Date iat, KeyRevocation revocation, KeyStore ks) Creates a new public Octet Key Pair JSON Web Key (JWK) with the specified parameters.- Parameters:
crv
- The cryptographic curve. Must not benull
.x
- The public 'x' parameter. Must not benull
.use
- The key use,null
if not specified or if the key is intended for signing as well as encryption.ops
- The key operations,null
if not specified.alg
- The intended JOSE algorithm for the key,null
if not specified.kid
- The key ID,null
if not specified.x5u
- The X.509 certificate URL,null
if not specified.x5t
- The X.509 certificate SHA-1 thumbprint,null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint,null
if not specified.x5c
- The X.509 certificate chain,null
if not specified.exp
- The key expiration time,null
if not specified.nbf
- The key not-before time,null
if not specified.iat
- The key issued-at time,null
if not specified.revocation
- The key revocation,null
if not specified.ks
- Reference to the underlying key store,null
if not specified.
-
OctetKeyPair
@Deprecated public OctetKeyPair(Curve crv, Base64URL x, Base64URL d, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, Date exp, Date nbf, Date iat, KeyStore ks) Deprecated.Creates a new public / private Octet Key Pair JSON Web Key (JWK) with the specified parameters.- Parameters:
crv
- The cryptographic curve. Must not benull
.x
- The public 'x' parameter. Must not benull
.d
- The private 'd' parameter. Must not benull
.use
- The key use,null
if not specified or if the key is intended for signing as well as encryption.ops
- The key operations,null
if not specified.alg
- The intended JOSE algorithm for the key,null
if not specified.kid
- The key ID,null
if not specified.x5u
- The X.509 certificate URL,null
if not specified.x5t
- The X.509 certificate SHA-1 thumbprint,null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint,null
if not specified.x5c
- The X.509 certificate chain,null
if not specified.exp
- The key expiration time,null
if not specified.nbf
- The key not-before time,null
if not specified.iat
- The key issued-at time,null
if not specified.ks
- Reference to the underlying key store,null
if not specified.
-
OctetKeyPair
public OctetKeyPair(Curve crv, Base64URL x, Base64URL d, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, Date exp, Date nbf, Date iat, KeyRevocation revocation, KeyStore ks) Creates a new public / private Octet Key Pair JSON Web Key (JWK) with the specified parameters.- Parameters:
crv
- The cryptographic curve. Must not benull
.x
- The public 'x' parameter. Must not benull
.d
- The private 'd' parameter. Must not benull
.use
- The key use,null
if not specified or if the key is intended for signing as well as encryption.ops
- The key operations,null
if not specified.alg
- The intended JOSE algorithm for the key,null
if not specified.kid
- The key ID,null
if not specified.x5u
- The X.509 certificate URL,null
if not specified.x5t
- The X.509 certificate SHA-1 thumbprint,null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint,null
if not specified.x5c
- The X.509 certificate chain,null
if not specified.exp
- The key expiration time,null
if not specified.nbf
- The key not-before time,null
if not specified.iat
- The key issued-at time,null
if not specified.revocation
- The key revocation,null
if not specified.ks
- Reference to the underlying key store,null
if not specified.
-
-
Method Details
-
getCurve
Description copied from interface:CurveBasedJWK
Returns the cryptographic curve.- Specified by:
getCurve
in interfaceCurveBasedJWK
- Returns:
- The cryptographic curve.
-
getX
Gets the public 'x' parameter.- Returns:
- The public 'x' parameter.
-
getDecodedX
Gets the public 'x' parameter, decoded from Base64.- Returns:
- The public 'x' parameter in bytes.
-
getD
Gets the private 'd' parameter.- Returns:
- The private 'd' coordinate,
null
if not specified (for a public key).
-
getDecodedD
Gets the private 'd' parameter, decoded from Base64.- Returns:
- The private 'd' coordinate in bytes,
null
if not specified (for a public key).
-
toPublicKey
Description copied from interface:AsymmetricJWK
Returns a Java public key representation of the JWK.- Specified by:
toPublicKey
in interfaceAsymmetricJWK
- Returns:
- The Java public key.
- Throws:
JOSEException
- If conversion failed or is not supported.
-
toPrivateKey
Description copied from interface:AsymmetricJWK
Returns a Java private key representation of this JWK.- Specified by:
toPrivateKey
in interfaceAsymmetricJWK
- Returns:
- The Java private key,
null
if not specified. - Throws:
JOSEException
- If conversion failed or is not supported.
-
toKeyPair
Description copied from interface:AsymmetricJWK
Returns a Java key pair representation of this JWK.- Specified by:
toKeyPair
in interfaceAsymmetricJWK
- Returns:
- The Java key pair. The private key will be
null
if not specified. - Throws:
JOSEException
- If conversion failed or is not supported.
-
matches
Description copied from interface:AsymmetricJWK
Returnstrue
if the public key material of this JWK matches the public subject key info of the specified X.509 certificate.- Specified by:
matches
in interfaceAsymmetricJWK
- Parameters:
cert
- The X.509 certificate. Must not benull
.- Returns:
true
if the public key material of this JWK matches the public subject key info of the specified X.509 certificate, elsefalse
.
-
getRequiredParams
Description copied from class:JWK
Returns the required JWK parameters. Intended as input for JWK thumbprint computation. See RFC 7638 for more information.- Specified by:
getRequiredParams
in classJWK
- Returns:
- The required JWK parameters, sorted alphanumerically by key name and ready for JSON serialisation.
-
isPrivate
Description copied from class:JWK
Returnstrue
if this JWK contains private or sensitive (non-public) parameters. -
toPublicJWK
Returns a copy of this Octet Key Pair JWK with any private values removed.- Specified by:
toPublicJWK
in classJWK
- Returns:
- The copied public Octet Key Pair JWK.
-
toJSONObject
Description copied from class:JWK
Returns a JSON object representation of this JWK. This method is intended to be called from extending classes.Example:
{ "kty" : "RSA", "use" : "sig", "kid" : "fd28e025-8d24-48bc-a51a-e2ffc8bc274b" }
- Overrides:
toJSONObject
in classJWK
- Returns:
- The JSON object representation.
-
size
Description copied from class:JWK
Returns the size of this JWK. -
parse
Parses a public / private Octet Key Pair JWK from the specified JSON object string representation.- Parameters:
s
- The JSON object string to parse. Must not benull
.- Returns:
- The public / private Octet Key Pair JWK.
- Throws:
ParseException
- If the string couldn't be parsed to an Octet Key Pair JWK.
-
parse
Parses a public / private Octet Key Pair JWK from the specified JSON object representation.- Parameters:
jsonObject
- The JSON object to parse. Must not benull
.- Returns:
- The public / private Octet Key Pair JWK.
- Throws:
ParseException
- If the JSON object couldn't be parsed to an Octet Key Pair JWK.
-
equals
-
hashCode
-