Class JWK

  • Direct Known Subclasses:
    EcJWK, OctJWK, OkpJWK, RsaJWK

    public abstract class JWK
    extends Object
    The abstract base class for the 3 implementations of JWK.
    • Constructor Detail

      • JWK

        @Deprecated
        protected JWK​(KeyType keyType,
                      String use,
                      String algorithm,
                      String keyId)
        Deprecated.
        Use the builder instead.
        Creates a JWK given the basic parameters.
        Parameters:
        keyType - the JWK key type
        use - the JWK use
        algorithm - the JWK algorithm
        keyId - the JWK key id
      • JWK

        @Deprecated
        protected JWK​(KeyType keyType,
                      String use,
                      String algorithm,
                      String keyId,
                      String x509url,
                      String x509Thumbprint,
                      List<String> x509Chain)
        Deprecated.
        Use the builder instead.
        Creates a JWK given the basic parameters.
        Parameters:
        keyType - the JWK key type
        use - the JWK use
        algorithm - the JWK algorithm
        keyId - the JWK key id
        x509url - the x509 url for the key
        x509Thumbprint - the x509 thumbnail for the key
        x509Chain - the x509 chain as a list of Base64 encoded strings
      • JWK

        protected JWK​(KeyType keyType,
                      String use,
                      Set<KeyOperation> keyOperations,
                      Algorithm algorithm,
                      String keyId,
                      String x509url,
                      String x509Thumbprint,
                      List<String> x509Chain)
        Creates a JWK given the basic parameters.
        Parameters:
        keyType - the JWK key type
        use - the JWK use
        keyOperations - the JWK key Operations
        algorithm - the JWK algorithm
        keyId - the JWK key id
        x509url - the x509 url for the key
        x509Thumbprint - the x509 thumbprint for the key
        x509Chain - the x509 chain as a list of Base64 encoded strings
    • Method Detail

      • getKeyType

        public KeyType getKeyType()
        Gets the kty parameter of the JWK.
        Returns:
        The KeyType for the JWK
      • getUse

        public String getUse()
        Gets the use parameter of the JWK.
        Returns:
        The key use.
      • getKeyOperations

        public Set<KeyOperation> getKeyOperations()
        Gets the key operations parameter of the JWK.
        Returns:
        A possibly null set of key operations representing the key operations parameter. If null, then all operations are allowed. An empty set mean that no key operations are allowed.
      • getAlgorithm

        @Deprecated
        public String getAlgorithm()
        Deprecated.
        replaced by getJwaAlgorithm()
        Gets the alg parameter of the JWK.
        Returns:
        The algorithm name representing the alg parameter
      • getJwaAlgorithm

        public Algorithm getJwaAlgorithm()
        Gets the alg parameter of the JWK.
        Returns:
        The algorithm
      • getKeyId

        public String getKeyId()
        Gets the keyId parameter of the JWK.
        Returns:
        A String representing the keyId parameter
      • toJsonString

        public String toJsonString()
        Prints the JWK Object as a json string.
        Returns:
        A String representing JWK
      • toJsonValue

        public JsonValue toJsonValue()
        Returns a json representation of the JWK.
        Returns:
        A JSON representation.
      • putField

        protected void putField​(JsonValue jsonValue,
                                String key,
                                Object value)
        Add a string value into a json only if it's not null.
        Parameters:
        jsonValue - the json
        key - the Map key or List index identifying the child value to set.
        value - the value to assign to the member.
      • parse

        public static JWK parse​(String json)
        Parses a String into the proper JWK type.
        Parameters:
        json - The json String.
        Returns:
        A JWK object
        Throws:
        JsonException - If there is a problem parsing the json String.
      • parse

        public static JWK parse​(JsonValue jwk)
        Parses a JsonValue into the proper JWK type.
        Parameters:
        jwk - The JsonValue Object.
        Returns:
        A JWK object
        Throws:
        JsonException - If there is a problem analyzing the JsonValue Object.
      • loadJWKFromJson

        protected static void loadJWKFromJson​(JWK.Builder builder,
                                              JsonValue json)
        Load the generic JWK attributes from the json, by side effect.
        Parameters:
        builder - builder will be modified by side effect.
        json - the json value.
      • getAlgorithm

        public static Algorithm getAlgorithm​(String algorithmName)
        Get the algorithm corresponding.
        Parameters:
        algorithmName - The algorithm name..
        Returns:
        An algorithm
        Throws:
        IllegalArgumentException - If the algorithm is not supported.
      • toJsonValue

        protected static JsonValue toJsonValue​(String json)
        Converts a String into a JsonValue.
        Parameters:
        json - The json String.
        Returns:
        A JsonValue object.
        Throws:
        JsonException - If there is a problem parsing the json String.
      • getX509URL

        public String getX509URL()
        Gets the X509 URL.
        Returns:
        the url of the 509 cert header or null
      • getX509Thumbprint

        public String getX509Thumbprint()
        Gets the X509 thumbprint.
        Returns:
        Base64url of the X509 thumbprint.
      • getX509ThumbprintS256

        public String getX509ThumbprintS256()
        Gets the X.509 SHA-256 thumbprint.
        Returns:
        Base64url of the X.509 SHA-256 thumbprint.
      • getX509Chain

        public List<String> getX509Chain()
        Gets a List of X509 chain certs.
        Returns:
        X509 Cert Chain as list of encoded strings or null if none are available.
      • isPrivate

        public boolean isPrivate()
        Indicates if any private key attributes are present in the JWK.
        Returns:
        true if this JWK contains any private key attributes.
      • toPublicJwk

        public Optional<JWK> toPublicJwk()
        For asymmetric keys, get the public JWK representation of this JWK.
        Returns:
        The public JWK.
      • getPublicJwkBuilder

        protected abstract Optional<JWK.Builder<?>> getPublicJwkBuilder()
        Return a builder with all the values set for representing the public components of the JWK. Common JWK attributes will be added in toPublicJwk().
        Returns:
        The builder.
      • getJwkThumbprint

        public String getJwkThumbprint​(String hashAlgorithm)
        Calculates the JWK Thumbprint of this JWK.
        Parameters:
        hashAlgorithm - the hash algorithm, e.g. SHA-256.
        Returns:
        the JWK thumbprint.
      • toSecretBuilder

        public SecretBuilder toSecretBuilder()
        Get a SecretBuilder capable of building a Secret subclass object from this JWK. Public and private key material is copied to the resulting object, as is any certificate chain. Any algorithm or key usage constraints are also applied to the resulting key object.
        Returns:
        A SecretBuilder capable of building a secret.
      • toCryptoKey

        public <T extends CryptoKey> T toCryptoKey​(Purpose<T> purpose,
                                                   Instant expiry)
                                            throws NoSuchSecretException
        Converts this JWK into a CryptoKey subclass object for use with the Secrets API. Public and private key material is copied to the resulting object, as is any certificate chain. Any algorithm or key usage constraints are also applied to the resulting key object.
        Type Parameters:
        T - the type of key to be built.
        Parameters:
        purpose - the purpose that the key will be used for.
        expiry - the expiry time for the resulting key object.
        Returns:
        the constructed key object.
        Throws:
        NoSuchSecretException - if the key cannot be built for any reason, is is not allowed to be used for the given purpose.