Package com.bfo.json

Class JWK

java.lang.Object
com.bfo.json.Json
com.bfo.json.JWK
public class JWK extends Json
A class representing a single "JSON Web Key", a JSON representation of an asymmetric key/keypair, or a symmetric key. It may contain one java.security.Key or two (public AND private). Currently supports
  • Elliptic Curve - ES256, ES384, ES512. ES256K (prior to its removal in Java 15)
  • RSASSA-PSS - PS256, PS384, PS512
  • RSA - RS256, RS384, RS512 (not used in COSE, only JWT)
  • EdDSA - Ed25519 and Ed448 (requires Java 15 or later)
and symmetric ciphers with a javax.crypto.SecretKey
  • Hmac - HS256, HS384, HS512
  • AES Key Wrap - A128KW, A192KW, A256KW
  • AES GCM Key Wrap - A128GCMKW, A192GCMKW, A256GCMKW
Since:
5
See Also:

  • Constructor Details

    • JWK

      public JWK()
      Create a new, empty JWK

    • JWK

      public JWK(Key key)
      Create a new JWK from the supplied Key
      Parameters:
      key - the Key, which should be public, private or secret

    • JWK

      public JWK(KeyPair pair)
      Create a new JWK from the supplied KeyPair
      Parameters:
      pair - the KeyPair

    • JWK

      public JWK(Json jwk)
      Create a new JWK from the specified Json, sharing its content
      Parameters:
      jwk - the JWK

    • JWK

      public JWK(byte[] data, String alg)
      Create a new JWK key from a DER encoded secret, public or private key, or PEM encoded versions of public, private or both keys
      Parameters:
      data - the DER or PEM encoded key
      alg - the algorithm - required for secret keys, optional for public/private
      Throws:
      IllegalArgumentException - if the key cannot be parsed
      Since:
      5

  • Method Details

    • fromCOSEKey

      public static JWK fromCOSEKey(Json in)
      Convert a COSE Key (https://datatracker.ietf.org/doc/html/rfc9052#section-7) to a JWT version
      Parameters:
      in - the COSE Key, with numeric values like 1 for "kty"
      Returns:
      the equivalent key as a JWK key

    • toCOSEKey

      public Json toCOSEKey()
      Convert this JWK key to a COSE Key (https://datatracker.ietf.org/doc/html/rfc9052#section-7)
      Returns:
      the equivalent key as a COSE key

    • setProvider

      public void setProvider(Provider provider)
      Set the Provider to be used for any cryptographic operations
      Parameters:
      provider - the crypto Provider to use, or null to use the default

    • getProvider

      public Provider getProvider()
      Return the Provider set by setProvider(java.security.Provider)
      Returns:
      the provider

    • getAlgorithm

      public String getAlgorithm()
      Return the algorithm name, if set
      Returns:
      the algorithm name

    • getId

      public String getId()
      Return the key id, if set.
      Returns:
      the key id

    • getUse

      public String getUse()
      Return the key use, if set.
      Returns:
      the key use

    • setId

      public void setId(String id)
      Set the key id
      Parameters:
      id - the key id, or null to remove it

    • setUse

      public void setUse(String use)
      Set the key use
      Parameters:
      use - the key use, or null to remove it

    • getOps

      public Collection<String> getOps()
      Return the key operations, if set
      Returns:
      the key operations, or an empty collection if they're not set

    • setOps

      public void setOps(Collection<String> ops)
      Set the key operations
      Parameters:
      ops - the key operations, or null to remove any existing ops. Duplicates are discarded

    • getCertificates

      public List<X509Certificate> getCertificates()
      Return the list of X.509 certificates specified in the JWK, downloading them if required. If none are specified, return an empty collection
      Returns:
      the list of X.509 certificates referenced from this jWK

    • setCertificates

      public void setCertificates(List<X509Certificate> certs, String url)
      Set the list of X.509 certificates specified in the JWK, either as a url or inline.
      • If both the url and certs are specified, it's presumed the URL would retrieve the supplied list. A checksum is calculated and stored.
      • If only the certs are specified, they are stored in the JWK
      • If only the URL is specified, it's stored in the JWK
      • If neither are specified, any existing certificates are removed
      Parameters:
      certs - the list of certificates, or null
      url - the URL to download the certificates from, or null
      Throws:
      IllegalArgumentException - if they cannot be generated for any reason

    • getKeys

      public List<Key> getKeys()
      Retrieve the Keys specified in this JWK. If the certificates have been retrieved and no key was otherwise specified, return the key from the first certificate
      Returns:
      key the keys - either a single SecretKey, PublicKey or PrivateKey, or a paired PublicKey and PrivateKey. If no keys are found, return an empty list.
      Throws:
      IllegalArgumentException - if the Keys cannot be generated for any reason

    • getPublicKey

      public PublicKey getPublicKey()
      Return the PublicKey from getKeys(), or null if none exists
      Returns:
      the key

    • getPrivateKey

      public PrivateKey getPrivateKey()
      Return the PrivateKey from getKeys(), or null if none exists
      Returns:
      the key

    • getSecretKey

      public SecretKey getSecretKey()
      Return the SecretKey from getKeys(), or null if none exists
      Returns:
      the key

    • setKeys

      public void setKeys(Collection<Key> keys)
      Set the Key on this JWK. This removes any existing key, but does not clear any X509Certificates from the JWK.
      Parameters:
      keys - the keys to store, or null to remove any existing key