Package org.forgerock.json.jose.jws

Class SigningManager

java.lang.Object
org.forgerock.json.jose.jws.SigningManager
public class SigningManager extends Object
A service to get the appropriate SigningHandler for a specific Java Cryptographic signing algorithm.

For details of all supported signing algorithms see JwsAlgorithm

Since:
2.0.0

  • Constructor Details

  • Method Details

    • newNopSigningHandler

      @Deprecated public SigningHandler newNopSigningHandler()
      Deprecated.
      This method is inherently insecure and shouldn't be used.
      Constructs an implementation of the SigningHandler which does not perform any signing or verifying.
      Returns:
      an implementation of the SigningHandler which does not perform any signing or verifying.

    • newHmacSigningHandler

      @Deprecated public SigningHandler newHmacSigningHandler(byte[] sharedSecret)
      Deprecated.
      use newHmacSigningHandler(SigningKey) instead
      Constructs a new HmacSigningHandler. Callers should prefer to use newHmacSigningHandler(SecretKey) in most cases.
      Parameters:
      sharedSecret - The shared secret to use to sign the data.
      Returns:
      a new HmacSigningHandler.

    • newHmacSigningHandler

      @Deprecated public SigningHandler newHmacSigningHandler(SecretKey secretKey)
      Deprecated.
      use newHmacSigningHandler(SigningKey) instead
      Constructs a new HmacSigningHandler.
      Parameters:
      secretKey - The secret key to use to sign the data.
      Returns:
      a new HmacSigningHandler.

    • newRsaSigningHandler

      @Deprecated public SigningHandler newRsaSigningHandler(Key key)
      Deprecated.
      use newRsaVerificationHandler(VerificationKey) instead
      Constructs a new RSASigningHandler, with a SignatureUtil instance to delegate the signing and verifying calls to.
      Parameters:
      key - The key used to sign and verify the signature.
      Returns:
      a new RSASigningHandler, with a SignatureUtil instance to delegate the signing and verifying calls to.

    • newEcdsaSigningHandler

      @Deprecated public SigningHandler newEcdsaSigningHandler(PrivateKey key)
      Deprecated.
      use newEcdsaSigningHandler(SigningKey)} instead
      Constructs a new handler for signing ES256 signatures.
      Parameters:
      key - the elliptic curve private key. Should use the required curve for the given signing algorithm (P-256 for ES256).
      Returns:
      the signing handler.

    • newEcdsaSigningHandler

      @Deprecated public SigningHandler newEcdsaSigningHandler(ECPrivateKey key)
      Deprecated.
      use newEcdsaSigningHandler(SigningKey)} instead
      Constructs a new handler for signing ES256 signatures.
      Parameters:
      key - the elliptic curve private key. Should use the required curve for the given signing algorithm (P-256 for ES256).
      Returns:
      the signing handler.

    • newEcdsaVerificationHandler

      @Deprecated public SigningHandler newEcdsaVerificationHandler(ECPublicKey key)
      Deprecated.
      use newEcdsaVerificationHandler(VerificationKey) instead
      Constructs a new handler for verifying ES256 signatures.
      Parameters:
      key - the elliptic curve public key. Should use the required curve for the given signing algorithm (P-256 for ES256).
      Returns:
      the signing handler configured for verification.

    • newEdDsaSigningHandler

      @Deprecated public SigningHandler newEdDsaSigningHandler(byte[] privateKey)
      Deprecated.
      Use newEdDsaSigningHandler(SigningKey) instead
      Constructs a new handler for signing EdDSA signatures.
      Parameters:
      privateKey - the raw private key bytes.
      Returns:
      the signing handler.

    • newEdDsaVerificationHandler

      @Deprecated public SigningHandler newEdDsaVerificationHandler(byte[] publicKey)
      Deprecated.
      Use newEdDsaVerificationHandler(VerificationKey) instead.
      Constructs a new handler for verifying EdDSA signatures.
      Parameters:
      publicKey - the raw public key bytes.
      Returns:
      the signing handler.

    • newEdDsaSigningHandler

      public SigningHandler newEdDsaSigningHandler(SigningKey signingKey)
      Constructs a new handler for signing EdDSA signatures.
      Parameters:
      signingKey - the EdDSA signing key.
      Returns:
      the signing handler.

    • newEdDsaVerificationHandler

      public SigningHandler newEdDsaVerificationHandler(VerificationKey verificationKey)
      Constructs a new handler for verifying EdDSA signatures.
      Parameters:
      verificationKey - EdDSA public verification key.
      Returns:
      the signing handler.

    • newSigningHandler

      public Promise<SigningHandler,NoSuchSecretException> newSigningHandler(Purpose<SigningKey> purpose)
      Constructs a new SigningHandler configured for signing with the provided secret purpose.

      Note that the current implementation doesn't support EdDSA. If needed, use directly newSigningHandler(JWK) or newEdDsaSigningHandler(byte[]).

      Parameters:
      purpose - Signing secret purpose (cannot be null)
      Returns:
      a promise of a new SigningHandler

    • newSigningHandler

      public Promise<SigningHandler,NoSuchSecretException> newSigningHandler(SecretReference<SigningKey> secretReference)
      Constructs a new SigningHandler configured for signing with the provided secret reference.

      Note that the current implementation doesn't support EdDSA. If needed, use directly newSigningHandler(JWK) or newEdDsaSigningHandler(byte[]).

      Parameters:
      secretReference - Signing secret reference (cannot be null)
      Returns:
      a promise of a new SigningHandler

    • newVerificationHandler

      public Promise<SigningHandler,NeverThrowsException> newVerificationHandler(Purpose<VerificationKey> purpose, String keyId)
      Constructs a new SigningHandler configured for verifying with the provided secret purpose.

      Note that the current implementation doesn't support EdDSA. If needed, use directly newVerificationHandler(JWK) or newEdDsaVerificationHandler(byte[]).

      Parameters:
      purpose - Verification key purpose (cannot be null)
      keyId - optional key identifier
      Returns:
      a promise of a new SigningHandler

    • newVerificationHandler

      public Promise<SigningHandler,NeverThrowsException> newVerificationHandler(ValidSecretsReference<VerificationKey,NeverThrowsException> validSecrets)
      Constructs a new SigningHandler configured for verifying with the provided valid secrets reference.

      Note that the current implementation doesn't support EdDSA. If needed, use directly newVerificationHandler(JWK) or newEdDsaVerificationHandler(byte[]).

      Parameters:
      validSecrets - a reference to the valid secrets.
      Returns:
      a promise of a new SigningHandler

    • newSigningHandler

      public SigningHandler newSigningHandler(SigningKey key)
      Returns the signing handler from the given SigningKey which will be used to sign the JWT.
      Parameters:
      key - The SigningKey use to sign the JWT.
      Returns:
      the signing handler to use for signing the JWT.
      Throws:
      IllegalArgumentException - if no handler can be determined for the given key.

    • newVerificationHandler

      public SigningHandler newVerificationHandler(VerificationKey key)
      Returns the signing handler from the given VerificationKey which will be used to verify the JWT.
      Parameters:
      key - The VerificationKey use to verify the JWT.
      Returns:
      the signing handler to use for verifying the JWT.
      Throws:
      IllegalArgumentException - if no handler can be determined for the given key.

    • newRsaSigningHandler

      public SigningHandler newRsaSigningHandler(SigningKey key)
      Constructs a new SecretRSASigningHandler configured for signature validation.
      Parameters:
      key - Key to use for signing
      Returns:
      a new SigningHandler that can only do signing

    • newRsaVerificationHandler

      public SigningHandler newRsaVerificationHandler(VerificationKey key)
      Constructs a new SecretRSASigningHandler configured for signature validation.
      Parameters:
      key - Key to use for signature verification
      Returns:
      a new SigningHandler that can only do verification

    • newHmacSigningHandler

      public SigningHandler newHmacSigningHandler(SigningKey key)
      Constructs a new SecretHmacSigningHandler configured for signature validation.
      Parameters:
      key - Key to use for signing
      Returns:
      a new SigningHandler that can only do signing

    • newHmacVerificationHandler

      public SigningHandler newHmacVerificationHandler(VerificationKey key)
      Constructs a new SecretHmacSigningHandler configured for signature validation.
      Parameters:
      key - Key to use for signature verification
      Returns:
      a new SigningHandler that can only do verification

    • newEcdsaSigningHandler

      public SigningHandler newEcdsaSigningHandler(SigningKey key)
      Constructs a new handler for signing ES256 signatures.
      Parameters:
      key - the elliptic curve signing key. Should use the required curve for the given signing algorithm (P-256 for ES256).
      Returns:
      the signing handler.

    • newEcdsaVerificationHandler

      public SigningHandler newEcdsaVerificationHandler(VerificationKey key)
      Constructs a new handler for verifying ES256 signatures.
      Parameters:
      key - the elliptic curve verification key. Should use the required curve for the given signing algorithm (P-256 for ES256).
      Returns:
      the signing handler configured for verification.

    • newSigningHandler

      @Deprecated public SigningHandler newSigningHandler(Key key)
      Deprecated.
      Use newSigningHandler(SigningKey) instead
      Returns the signing handler from the given Key which will be used to verify the JWT.
      Parameters:
      key - The Key use to sign the JWT.
      Returns:
      the signing handler to use for signing the JWT.
      Throws:
      IllegalArgumentException - if no handler can be determined for the given key.

    • newSigningHandler

      public SigningHandler newSigningHandler(JWK jwk)
      Returns a signing handler from the given JSON Web Key (JWK) which will be used to sign a JWT.
      Parameters:
      jwk - The JSON Web Key (JWK).
      Returns:
      the signing handler to use for signing the JWT.
      Throws:
      IllegalArgumentException - if the jwk cannot be converted to an appropriate signing key.

    • newSigningHandler

      public SigningHandler newSigningHandler(JWK jwk, Purpose<SigningKey> purpose)
      Returns a signing handler from the given JSON Web Key (JWK) which will be used to sign a JWT.
      Parameters:
      jwk - The JSON Web Key (JWK).
      purpose - The purpose for which the JWT is being signed.
      Returns:
      the signing handler to use for signing the JWT.
      Throws:
      IllegalArgumentException - if the jwk cannot be converted to an appropriate signing key.

    • newSigningHandler

      public SigningHandler newSigningHandler(JWK jwk, Purpose<SigningKey> purpose, Instant expiry)
      Returns a signing handler from the given JSON Web Key (JWK) which will be used to sign a JWT.
      Parameters:
      jwk - The JSON Web Key (JWK).
      purpose - The purpose for which the JWT is being signed.
      expiry - The time at which the signing handler should expire and no longer be used.
      Returns:
      the signing handler to use for signing the JWT.
      Throws:
      IllegalArgumentException - if the jwk cannot be converted to an appropriate signing key.

    • newVerificationHandler

      @Deprecated public SigningHandler newVerificationHandler(Key key)
      Deprecated.
      Use newVerificationHandler(VerificationKey) instead
      Returns the signing handler from the given Key which will be used to verify the JWT.
      Parameters:
      key - The Key use to verify the JWT.
      Returns:
      the signing handler to use for verifying the JWT.
      Throws:
      IllegalArgumentException - if no handler can be determined for the given key.

    • newVerificationHandler

      public SigningHandler newVerificationHandler(JWK jwk)
      Returns the signing handler from the given JSON Web Key (JWK) which will be used to verify the JWT. The resulting handler will be constructed for the generic Purpose.VERIFY purpose and will not expire.
      Parameters:
      jwk - The JSON Web Key (JWK).
      Returns:
      the signing handler to use for verifying the JWT.
      Throws:
      IllegalArgumentException - if the jwk cannot be converted to an appropriate verification key.

    • newVerificationHandler

      public SigningHandler newVerificationHandler(JWK jwk, Purpose<VerificationKey> purpose)
      Returns a signing handler from the given JSON Web Key (JWK) which will be used to verify a JWT. The resulting handler will never expire.
      Parameters:
      jwk - The JSON Web Key (JWK).
      purpose - The Purpose for which verification is being performed.
      Returns:
      the signing handler to use for verifying the JWT.
      Throws:
      IllegalArgumentException - if the jwk cannot be converted to an appropriate verification key.

    • newVerificationHandler

      public SigningHandler newVerificationHandler(JWK jwk, Purpose<VerificationKey> purpose, Instant expiry)
      Returns a signing handler from the given JSON Web Key (JWK) which will be used to verify a JWT.
      Parameters:
      jwk - The JSON Web Key (JWK).
      purpose - The Purpose for which verification is being performed.
      expiry - The time at which the verification handler should expire and no longer be used.
      Returns:
      the signing handler to use for verifying the JWT.
      Throws:
      IllegalArgumentException - if the jwk cannot be converted to an appropriate verification key.