Package com.nimbusds.jose.jwk

Class OctetKeyPair

  • All Implemented Interfaces:
    AsymmetricJWK, CurveBasedJWK, Serializable
    @Immutable
public class OctetKeyPair
extends JWK
implements AsymmetricJWK, CurveBasedJWK
    Octet key pair JSON Web Key (JWK), used to represent Edwards-curve keys. This class is immutable.

    Supported curves:

    Example JSON object representation of a public OKP JWK: 

     {
   "kty" : "OKP",
   "crv" : "Ed25519",
   "x"   : "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo",
   "use" : "sig",
   "kid" : "1"
 }

    Example JSON object representation of a private OKP JWK: 

     {
   "kty" : "OKP",
   "crv" : "Ed25519",
   "x"   : "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo",
   "d"   : "nWGxne_9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A",
   "use" : "sig",
   "kid" : "1"
 }

    Use the builder to create a new OKP JWK: 

     OctetKeyPair key = new OctetKeyPair.Builder(Curve.Ed25519, x)
        .keyUse(KeyUse.SIGNATURE)
        .keyID("1")
        .build();
    Version:
    2022-12-26
    Author:
    Vladimir Dzhuvinov
    See Also:
    Serialized Form

    • Constructor Detail

      • OctetKeyPair

        @Deprecated
public OctetKeyPair​(Curve crv,
                    Base64URL x,
                    KeyUse use,
                    Set<KeyOperation> ops,
                    Algorithm alg,
                    String kid,
                    URI x5u,
                    Base64URL x5t,
                    Base64URL x5t256,
                    List<Base64> x5c,
                    KeyStore ks)
        Deprecated.
        Creates a new public Octet Key Pair JSON Web Key (JWK) with the specified parameters.
        Parameters:
        crv - The cryptographic curve. Must not be null.
        x - The public 'x' parameter. Must not be null.
        use - The key use, null if not specified or if the key is intended for signing as well as encryption.
        ops - The key operations, null if not specified.
        alg - The intended JOSE algorithm for the key, null if not specified.
        kid - The key ID, null if not specified.
        x5u - The X.509 certificate URL, null if not specified.
        x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
        x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
        x5c - The X.509 certificate chain, null if not specified.
        ks - Reference to the underlying key store, null if not specified.

      • OctetKeyPair

        @Deprecated
public OctetKeyPair​(Curve crv,
                    Base64URL x,
                    Base64URL d,
                    KeyUse use,
                    Set<KeyOperation> ops,
                    Algorithm alg,
                    String kid,
                    URI x5u,
                    Base64URL x5t,
                    Base64URL x5t256,
                    List<Base64> x5c,
                    KeyStore ks)
        Deprecated.
        Creates a new public / private Octet Key Pair JSON Web Key (JWK) with the specified parameters.
        Parameters:
        crv - The cryptographic curve. Must not be null.
        x - The public 'x' parameter. Must not be null.
        d - The private 'd' parameter. Must not be null.
        use - The key use, null if not specified or if the key is intended for signing as well as encryption.
        ops - The key operations, null if not specified.
        alg - The intended JOSE algorithm for the key, null if not specified.
        kid - The key ID, null if not specified.
        x5u - The X.509 certificate URL, null if not specified.
        x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
        x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
        x5c - The X.509 certificate chain, null if not specified.
        ks - Reference to the underlying key store, null if not specified.

      • OctetKeyPair

        public OctetKeyPair​(Curve crv,
                    Base64URL x,
                    KeyUse use,
                    Set<KeyOperation> ops,
                    Algorithm alg,
                    String kid,
                    URI x5u,
                    Base64URL x5t,
                    Base64URL x5t256,
                    List<Base64> x5c,
                    Date exp,
                    Date nbf,
                    Date iat,
                    KeyStore ks)
        Creates a new public Octet Key Pair JSON Web Key (JWK) with the specified parameters.
        Parameters:
        crv - The cryptographic curve. Must not be null.
        x - The public 'x' parameter. Must not be null.
        use - The key use, null if not specified or if the key is intended for signing as well as encryption.
        ops - The key operations, null if not specified.
        alg - The intended JOSE algorithm for the key, null if not specified.
        kid - The key ID, null if not specified.
        x5u - The X.509 certificate URL, null if not specified.
        x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
        x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
        x5c - The X.509 certificate chain, null if not specified.
        exp - The key expiration time, null if not specified.
        nbf - The key not-before time, null if not specified.
        iat - The key issued-at time, null if not specified.
        ks - Reference to the underlying key store, null if not specified.

      • OctetKeyPair

        public OctetKeyPair​(Curve crv,
                    Base64URL x,
                    Base64URL d,
                    KeyUse use,
                    Set<KeyOperation> ops,
                    Algorithm alg,
                    String kid,
                    URI x5u,
                    Base64URL x5t,
                    Base64URL x5t256,
                    List<Base64> x5c,
                    Date exp,
                    Date nbf,
                    Date iat,
                    KeyStore ks)
        Creates a new public / private Octet Key Pair JSON Web Key (JWK) with the specified parameters.
        Parameters:
        crv - The cryptographic curve. Must not be null.
        x - The public 'x' parameter. Must not be null.
        d - The private 'd' parameter. Must not be null.
        use - The key use, null if not specified or if the key is intended for signing as well as encryption.
        ops - The key operations, null if not specified.
        alg - The intended JOSE algorithm for the key, null if not specified.
        kid - The key ID, null if not specified.
        x5u - The X.509 certificate URL, null if not specified.
        x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
        x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
        x5c - The X.509 certificate chain, null if not specified.
        exp - The key expiration time, null if not specified.
        nbf - The key not-before time, null if not specified.
        iat - The key issued-at time, null if not specified.
        ks - Reference to the underlying key store, null if not specified.

    • Method Detail

      • getX

        public Base64URL getX()
        Gets the public 'x' parameter.
        Returns:
        The public 'x' parameter.

      • getDecodedX

        public byte[] getDecodedX()
        Gets the public 'x' parameter, decoded from Base64.
        Returns:
        The public 'x' parameter in bytes.

      • getD

        public Base64URL getD()
        Gets the private 'd' parameter.
        Returns:
        The private 'd' coordinate, null if not specified (for a public key).

      • getDecodedD

        public byte[] getDecodedD()
        Gets the private 'd' parameter, decoded from Base64.
        Returns:
        The private 'd' coordinate in bytes, null if not specified (for a public key).

      • matches

        public boolean matches​(X509Certificate cert)
        Description copied from interface: AsymmetricJWK
        Returns true if the public key material of this JWK matches the public subject key info of the specified X.509 certificate.
        Specified by:
        matches in interface AsymmetricJWK
        Parameters:
        cert - The X.509 certificate. Must not be null.
        Returns:
        true if the public key material of this JWK matches the public subject key info of the specified X.509 certificate, else false.

      • getRequiredParams

        public LinkedHashMap<String,​?> getRequiredParams()
        Description copied from class: JWK
        Returns the required JWK parameters. Intended as input for JWK thumbprint computation. See RFC 7638 for more information.
        Specified by:
        getRequiredParams in class JWK
        Returns:
        The required JWK parameters, sorted alphanumerically by key name and ready for JSON serialisation.

      • isPrivate

        public boolean isPrivate()
        Description copied from class: JWK
        Returns true if this JWK contains private or sensitive (non-public) parameters.
        Specified by:
        isPrivate in class JWK
        Returns:
        true if this JWK contains private parameters, else false.

      • toPublicJWK

        public OctetKeyPair toPublicJWK()
        Returns a copy of this Octet Key Pair JWK with any private values removed.
        Specified by:
        toPublicJWK in class JWK
        Returns:
        The copied public Octet Key Pair JWK.

      • toJSONObject

        public Map<String,​ObjecttoJSONObject()
        Description copied from class: JWK
        Returns a JSON object representation of this JWK. This method is intended to be called from extending classes.

        Example: 

         {
   "kty" : "RSA",
   "use" : "sig",
   "kid" : "fd28e025-8d24-48bc-a51a-e2ffc8bc274b"
 }
        Overrides:
        toJSONObject in class JWK
        Returns:
        The JSON object representation.

      • size

        public int size()
        Description copied from class: JWK
        Returns the size of this JWK.
        Specified by:
        size in class JWK
        Returns:
        The JWK size, in bits.

      • parse

        public static OctetKeyPair parse​(String s)
                          throws ParseException
        Parses a public / private Octet Key Pair JWK from the specified JSON object string representation.
        Parameters:
        s - The JSON object string to parse. Must not be null.
        Returns:
        The public / private Octet Key Pair JWK.
        Throws:
        ParseException - If the string couldn't be parsed to an Octet Key Pair JWK.

      • parse

        public static OctetKeyPair parse​(Map<String,​Object> jsonObject)
                          throws ParseException
        Parses a public / private Octet Key Pair JWK from the specified JSON object representation.
        Parameters:
        jsonObject - The JSON object to parse. Must not be null.
        Returns:
        The public / private Octet Key Pair JWK.
        Throws:
        ParseException - If the JSON object couldn't be parsed to an Octet Key Pair JWK.