Package org.forgerock.json.jose.jws

Class SigningManager

  • public class SigningManager
extends Object
    A service to get the appropriate SigningHandler for a specific Java Cryptographic signing algorithm.

    For details of all supported signing algorithms see JwsAlgorithm

    Since:
    2.0.0

    • Method Detail

      • newNopSigningHandler

        @Deprecated
public SigningHandler newNopSigningHandler()
        Deprecated.
        This method is inherently insecure and shouldn't be used.
        Constructs an implementation of the SigningHandler which does not perform any signing or verifying.
        Returns:
        an implementation of the SigningHandler which does not perform any signing or verifying.

      • newRsaSigningHandler

        @Deprecated
public SigningHandler newRsaSigningHandler​(Key key)
        Deprecated.
        use newRsaVerificationHandler(VerificationKey) instead
        Constructs a new RSASigningHandler, with a SignatureUtil instance to delegate the signing and verifying calls to.
        Parameters:
        key - The key used to sign and verify the signature.
        Returns:
        a new RSASigningHandler, with a SignatureUtil instance to delegate the signing and verifying calls to.

      • newEcdsaSigningHandler

        @Deprecated
public SigningHandler newEcdsaSigningHandler​(PrivateKey key)
        Deprecated.
        use newEcdsaSigningHandler(SigningKey)} instead
        Constructs a new handler for signing ES256 signatures.
        Parameters:
        key - the elliptic curve private key. Should use the required curve for the given signing algorithm (P-256 for ES256).
        Returns:
        the signing handler.

      • newEcdsaSigningHandler

        @Deprecated
public SigningHandler newEcdsaSigningHandler​(ECPrivateKey key)
        Deprecated.
        use newEcdsaSigningHandler(SigningKey)} instead
        Constructs a new handler for signing ES256 signatures.
        Parameters:
        key - the elliptic curve private key. Should use the required curve for the given signing algorithm (P-256 for ES256).
        Returns:
        the signing handler.

      • newEcdsaVerificationHandler

        @Deprecated
public SigningHandler newEcdsaVerificationHandler​(ECPublicKey key)
        Deprecated.
        use newEcdsaVerificationHandler(VerificationKey) instead
        Constructs a new handler for verifying ES256 signatures.
        Parameters:
        key - the elliptic curve public key. Should use the required curve for the given signing algorithm (P-256 for ES256).
        Returns:
        the signing handler configured for verification.

      • newEdDsaSigningHandler

        @Deprecated
public SigningHandler newEdDsaSigningHandler​(byte[] privateKey)
        Deprecated.
        Use newEdDsaSigningHandler(SigningKey) instead
        Constructs a new handler for signing EdDSA signatures.
        Parameters:
        privateKey - the raw private key bytes.
        Returns:
        the signing handler.

      • newEdDsaSigningHandler

        public SigningHandler newEdDsaSigningHandler​(SigningKey signingKey)
        Constructs a new handler for signing EdDSA signatures.
        Parameters:
        signingKey - the EdDSA signing key.
        Returns:
        the signing handler.

      • newEdDsaVerificationHandler

        public SigningHandler newEdDsaVerificationHandler​(VerificationKey verificationKey)
        Constructs a new handler for verifying EdDSA signatures.
        Parameters:
        verificationKey - EdDSA public verification key.
        Returns:
        the signing handler.

      • newSigningHandler

        public SigningHandler newSigningHandler​(SigningKey key)
        Returns the signing handler from the given SigningKey which will be used to sign the JWT.
        Parameters:
        key - The SigningKey use to sign the JWT.
        Returns:
        the signing handler to use for signing the JWT.
        Throws:
        IllegalArgumentException - if no handler can be determined for the given key.

      • newVerificationHandler

        public SigningHandler newVerificationHandler​(VerificationKey key)
        Returns the signing handler from the given VerificationKey which will be used to verify the JWT.
        Parameters:
        key - The VerificationKey use to verify the JWT.
        Returns:
        the signing handler to use for verifying the JWT.
        Throws:
        IllegalArgumentException - if no handler can be determined for the given key.

      • newRsaSigningHandler

        public SigningHandler newRsaSigningHandler​(SigningKey key)
        Constructs a new SecretRSASigningHandler configured for signature validation.
        Parameters:
        key - Key to use for signing
        Returns:
        a new SigningHandler that can only do signing

      • newRsaVerificationHandler

        public SigningHandler newRsaVerificationHandler​(VerificationKey key)
        Constructs a new SecretRSASigningHandler configured for signature validation.
        Parameters:
        key - Key to use for signature verification
        Returns:
        a new SigningHandler that can only do verification

      • newHmacSigningHandler

        public SigningHandler newHmacSigningHandler​(SigningKey key)
        Constructs a new SecretHmacSigningHandler configured for signature validation.
        Parameters:
        key - Key to use for signing
        Returns:
        a new SigningHandler that can only do signing

      • newHmacVerificationHandler

        public SigningHandler newHmacVerificationHandler​(VerificationKey key)
        Constructs a new SecretHmacSigningHandler configured for signature validation.
        Parameters:
        key - Key to use for signature verification
        Returns:
        a new SigningHandler that can only do verification

      • newEcdsaSigningHandler

        public SigningHandler newEcdsaSigningHandler​(SigningKey key)
        Constructs a new handler for signing ES256 signatures.
        Parameters:
        key - the elliptic curve signing key. Should use the required curve for the given signing algorithm (P-256 for ES256).
        Returns:
        the signing handler.

      • newEcdsaVerificationHandler

        public SigningHandler newEcdsaVerificationHandler​(VerificationKey key)
        Constructs a new handler for verifying ES256 signatures.
        Parameters:
        key - the elliptic curve verification key. Should use the required curve for the given signing algorithm (P-256 for ES256).
        Returns:
        the signing handler configured for verification.

      • newSigningHandler

        @Deprecated
public SigningHandler newSigningHandler​(Key key)
        Deprecated.
        Use newSigningHandler(SigningKey) instead
        Returns the signing handler from the given Key which will be used to verify the JWT.
        Parameters:
        key - The Key use to sign the JWT.
        Returns:
        the signing handler to use for signing the JWT.
        Throws:
        IllegalArgumentException - if no handler can be determined for the given key.

      • newSigningHandler

        public SigningHandler newSigningHandler​(JWK jwk)
        Returns a signing handler from the given JSON Web Key (JWK) which will be used to sign a JWT.
        Parameters:
        jwk - The JSON Web Key (JWK).
        Returns:
        the signing handler to use for signing the JWT.
        Throws:
        IllegalArgumentException - if the jwk cannot be converted to an appropriate signing key.

      • newSigningHandler

        public SigningHandler newSigningHandler​(JWK jwk,
                                        Purpose<SigningKey> purpose)
        Returns a signing handler from the given JSON Web Key (JWK) which will be used to sign a JWT.
        Parameters:
        jwk - The JSON Web Key (JWK).
        purpose - The purpose for which the JWT is being signed.
        Returns:
        the signing handler to use for signing the JWT.
        Throws:
        IllegalArgumentException - if the jwk cannot be converted to an appropriate signing key.

      • newSigningHandler

        public SigningHandler newSigningHandler​(JWK jwk,
                                        Purpose<SigningKey> purpose,
                                        Instant expiry)
        Returns a signing handler from the given JSON Web Key (JWK) which will be used to sign a JWT.
        Parameters:
        jwk - The JSON Web Key (JWK).
        purpose - The purpose for which the JWT is being signed.
        expiry - The time at which the signing handler should expire and no longer be used.
        Returns:
        the signing handler to use for signing the JWT.
        Throws:
        IllegalArgumentException - if the jwk cannot be converted to an appropriate signing key.

      • newVerificationHandler

        public SigningHandler newVerificationHandler​(JWK jwk)
        Returns the signing handler from the given JSON Web Key (JWK) which will be used to verify the JWT. The resulting handler will be constructed for the generic Purpose.VERIFY purpose and will not expire.
        Parameters:
        jwk - The JSON Web Key (JWK).
        Returns:
        the signing handler to use for verifying the JWT.
        Throws:
        IllegalArgumentException - if the jwk cannot be converted to an appropriate verification key.

      • newVerificationHandler

        public SigningHandler newVerificationHandler​(JWK jwk,
                                             Purpose<VerificationKey> purpose)
        Returns a signing handler from the given JSON Web Key (JWK) which will be used to verify a JWT. The resulting handler will never expire.
        Parameters:
        jwk - The JSON Web Key (JWK).
        purpose - The Purpose for which verification is being performed.
        Returns:
        the signing handler to use for verifying the JWT.
        Throws:
        IllegalArgumentException - if the jwk cannot be converted to an appropriate verification key.

      • newVerificationHandler

        public SigningHandler newVerificationHandler​(JWK jwk,
                                             Purpose<VerificationKey> purpose,
                                             Instant expiry)
        Returns a signing handler from the given JSON Web Key (JWK) which will be used to verify a JWT.
        Parameters:
        jwk - The JSON Web Key (JWK).
        purpose - The Purpose for which verification is being performed.
        expiry - The time at which the verification handler should expire and no longer be used.
        Returns:
        the signing handler to use for verifying the JWT.
        Throws:
        IllegalArgumentException - if the jwk cannot be converted to an appropriate verification key.