com.nimbusds.jose.crypto

Class ECDSASigner

java.lang.Object

com.nimbusds.jose.crypto.impl.BaseJWSProvider

com.nimbusds.jose.crypto.impl.ECDSAProvider

com.nimbusds.jose.crypto.ECDSASigner

All Implemented Interfaces:

JCAAware<JCAContext>, JOSEProvider, JWSProvider, JWSSigner

@ThreadSafe
public class ECDSASigner
extends ECDSAProvider
implements JWSSigner

Elliptic Curve Digital Signature Algorithm (ECDSA) signer of JWS objects. Expects a private EC key (with a P-256, P-384 or P-521 curve).

See RFC 7518 section 3.4 for more information.

This class is thread-safe.

Supports the following algorithms:

• JWSAlgorithm.ES256
• JWSAlgorithm.ES384
• JWSAlgorithm.ES512

Version:

2016-11-30

Author:

Axel Nennker, Vladimir Dzhuvinov

Field Summary

Fields inherited from class com.nimbusds.jose.crypto.impl.ECDSAProvider

SUPPORTED_ALGORITHMS

Constructor Summary

Constructors

Constructor and Description
ECDSASigner(ECKey ecJWK) Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.
ECDSASigner(ECPrivateKey privateKey) Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.
ECDSASigner(PrivateKey privateKey, Curve curve) Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.

Method Summary

Modifier and Type	Method and Description
PrivateKey	getPrivateKey() Gets the private EC key.
Base64URL	sign(JWSHeader header, byte[] signingInput) Signs the specified input of a JWS object.

Methods inherited from class com.nimbusds.jose.crypto.impl.ECDSAProvider

supportedECDSAAlgorithm

Methods inherited from class com.nimbusds.jose.crypto.impl.BaseJWSProvider

getJCAContext, supportedJWSAlgorithms

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.nimbusds.jose.JWSProvider

supportedJWSAlgorithms

Methods inherited from interface com.nimbusds.jose.jca.JCAAware

getJCAContext

Constructor Detail

ECDSASigner

public ECDSASigner(ECPrivateKey privateKey)
            throws JOSEException

Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.

Parameters:

privateKey - The private EC key. Must not be null.

Throws:

JOSEException - If the elliptic curve of key is not supported.

ECDSASigner

public ECDSASigner(PrivateKey privateKey,
                   Curve curve)
            throws JOSEException

Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer. This constructor is intended for a private EC key located in a PKCS#11 store that doesn't expose the private key parameters (such as a smart card or HSM).

Parameters:

privateKey - The private EC key. Its algorithm must be "EC". Must not be null.

curve - The elliptic curve for the key. Must not be null.

Throws:

JOSEException - If the elliptic curve of key is not supported.

ECDSASigner

public ECDSASigner(ECKey ecJWK)
            throws JOSEException

Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.

Parameters:

ecJWK - The EC JSON Web Key (JWK). Must contain a private part. Must not be null.

Throws:

JOSEException - If the EC JWK doesn't contain a private part, its extraction failed, or the elliptic curve is not supported.

Method Detail

getPrivateKey

public PrivateKey getPrivateKey()

Gets the private EC key.

Returns:

The private EC key. Casting to ECPrivateKey may not be possible if the key is located in a PKCS#11 store that doesn't expose the private key parameters.

sign

public Base64URL sign(JWSHeader header,
                      byte[] signingInput)
               throws JOSEException

Description copied from interface: JWSSigner

Signs the specified input of a JWS object.

Specified by:

sign in interface JWSSigner

Parameters:

header - The JSON Web Signature (JWS) header. Must specify a supported JWS algorithm and must not be null.

signingInput - The input to sign. Must not be null.

Returns:

The resulting signature part (third part) of the JWS object.

Throws:

JOSEException - If the JWS algorithm is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if signing failed for some other internal reason.