Package com.bfo.json
Class JWK
java.lang.Object
com.bfo.json.Json
com.bfo.json.JWK
A class representing a single "JSON Web Key", a JSON representation of an asymmetric key/keypair, or a symmetric key.
It may contain one
java.security.Key
or two (public AND private). Currently supports
- Elliptic Curve - ES256, ES384, ES512. ES256K (prior to its removal in Java 15)
- RSASSA-PSS - PS256, PS384, PS512
- RSA - RS256, RS384, RS512 (not used in COSE, only JWT)
- EdDSA - Ed25519 and Ed448 (requires Java 15 or later)
javax.crypto.SecretKey
- Hmac - HS256, HS384, HS512
- AES Key Wrap - A128KW, A192KW, A256KW
- AES GCM Key Wrap - A128GCMKW, A192GCMKW, A256GCMKW
-
Field Summary
-
Constructor Summary
ConstructorDescriptionJWK()
Create a new, empty JWKCreate a new JWK key from a DER encoded secret, public or private key, or PEM encoded versions of public, private or both keysCreate a new JWK from the specified Json, sharing its contentCreate a new JWK from the supplied KeyCreate a new JWK from the supplied KeyPair -
Method Summary
Modifier and TypeMethodDescriptionstatic JWK
fromCOSEKey
(Json in) Convert a COSE Key (https://datatracker.ietf.org/doc/html/rfc9052#section-7) to a JWT versionReturn the algorithm name, if setReturn the list of X.509 certificates specified in the JWK, downloading them if required.getId()
Return the key id, if set.getKeys()
Retrieve the Keys specified in this JWK.getOps()
Return the key operations, if setReturn the PrivateKey fromgetKeys()
, or null if none existsReturn the Provider set bysetProvider(java.security.Provider)
Return the PublicKey fromgetKeys()
, or null if none existsReturn the SecretKey fromgetKeys()
, or null if none existsgetUse()
Return the key use, if set.void
setCertificates
(List<X509Certificate> certs, String url) Set the list of X.509 certificates specified in the JWK, either as a url or inline.void
Set the key idvoid
setKeys
(Collection<Key> keys) Set the Key on this JWK.void
setOps
(Collection<String> ops) Set the key operationsvoid
setProvider
(Provider provider) Set the Provider to be used for any cryptographic operationsvoid
Set the key useConvert this JWK key to a COSE Key (https://datatracker.ietf.org/doc/html/rfc9052#section-7)Methods inherited from class com.bfo.json.Json
addListener, booleanValue, booleanValue, bufferValue, bufferValue, doubleValue, doubleValue, duplicate, equals, find, floatValue, floatValue, get, getFactory, getListeners, getPath, getTag, has, hashCode, hasPath, intValue, intValue, isBoolean, isBoolean, isBuffer, isBuffer, isEmpty, isList, isList, isMap, isMap, isNull, isNull, isNumber, isNumber, isString, isString, isUndefined, isUndefined, leafIterator, listValue, listValue, longValue, longValue, mapValue, mapValue, numberValue, numberValue, objectValue, parent, put, putPath, read, read, read, readCbor, readCbor, readMsgpack, readMsgpack, remove, removeListener, removePath, setFactory, setTag, setValue, size, sort, stringValue, stringValue, toCbor, toCbor, toString, toString, type, value, write, writeCbor, writeMsgpack
-
Constructor Details
-
JWK
public JWK()Create a new, empty JWK -
JWK
Create a new JWK from the supplied Key- Parameters:
key
- the Key, which should be public, private or secret
-
JWK
Create a new JWK from the supplied KeyPair- Parameters:
pair
- the KeyPair
-
JWK
Create a new JWK from the specified Json, sharing its content- Parameters:
jwk
- the JWK
-
JWK
Create a new JWK key from a DER encoded secret, public or private key, or PEM encoded versions of public, private or both keys- Parameters:
data
- the DER or PEM encoded keyalg
- the algorithm - required for secret keys, optional for public/private- Throws:
IllegalArgumentException
- if the key cannot be parsed- Since:
- 5
-
-
Method Details
-
fromCOSEKey
Convert a COSE Key (https://datatracker.ietf.org/doc/html/rfc9052#section-7) to a JWT version- Parameters:
in
- the COSE Key, with numeric values like 1 for "kty"- Returns:
- the equivalent key as a JWK key
-
toCOSEKey
Convert this JWK key to a COSE Key (https://datatracker.ietf.org/doc/html/rfc9052#section-7)- Returns:
- the equivalent key as a COSE key
-
setProvider
Set the Provider to be used for any cryptographic operations- Parameters:
provider
- the crypto Provider to use, or null to use the default
-
getProvider
Return the Provider set bysetProvider(java.security.Provider)
- Returns:
- the provider
-
getAlgorithm
Return the algorithm name, if set- Returns:
- the algorithm name
-
getId
Return the key id, if set.- Returns:
- the key id
-
getUse
Return the key use, if set.- Returns:
- the key use
-
setId
Set the key id- Parameters:
id
- the key id, or null to remove it
-
setUse
Set the key use- Parameters:
use
- the key use, or null to remove it
-
getOps
Return the key operations, if set- Returns:
- the key operations, or an empty collection if they're not set
-
setOps
Set the key operations- Parameters:
ops
- the key operations, or null to remove any existing ops. Duplicates are discarded
-
getCertificates
Return the list of X.509 certificates specified in the JWK, downloading them if required. If none are specified, return an empty collection- Returns:
- the list of X.509 certificates referenced from this jWK
-
setCertificates
Set the list of X.509 certificates specified in the JWK, either as a url or inline.- If both the url and certs are specified, it's presumed the URL would retrieve the supplied list. A checksum is calculated and stored.
- If only the certs are specified, they are stored in the JWK
- If only the URL is specified, it's stored in the JWK
- If neither are specified, any existing certificates are removed
- Parameters:
certs
- the list of certificates, or nullurl
- the URL to download the certificates from, or null- Throws:
IllegalArgumentException
- if they cannot be generated for any reason
-
getKeys
Retrieve the Keys specified in this JWK. If the certificates have been retrieved and no key was otherwise specified, return the key from the first certificate- Returns:
- key the keys - either a single SecretKey, PublicKey or PrivateKey, or a paired PublicKey and PrivateKey. If no keys are found, return an empty list.
- Throws:
IllegalArgumentException
- if the Keys cannot be generated for any reason
-
getPublicKey
Return the PublicKey fromgetKeys()
, or null if none exists- Returns:
- the key
-
getPrivateKey
Return the PrivateKey fromgetKeys()
, or null if none exists- Returns:
- the key
-
getSecretKey
Return the SecretKey fromgetKeys()
, or null if none exists- Returns:
- the key
-
setKeys
Set the Key on this JWK. This removes any existing key, but does not clear any X509Certificates from the JWK.- Parameters:
keys
- the keys to store, or null to remove any existing key
-