Package org.forgerock.json.jose.jwk

Class JWK

java.lang.Object
org.forgerock.json.jose.jwk.JWK
Direct Known Subclasses:
EcJWK, OctJWK, OkpJWK, RsaJWK
public abstract class JWK extends Object
The abstract base class for the 3 implementations of JWK.

  • Field Details

  • Constructor Details

    • JWK

      @Deprecated protected JWK(KeyType keyType, String use, String algorithm, String keyId)
      Deprecated.
      Use the builder instead.
      Creates a JWK given the basic parameters.
      Parameters:
      keyType - the JWK key type
      use - the JWK use
      algorithm - the JWK algorithm
      keyId - the JWK key id

    • JWK

      @Deprecated protected JWK(KeyType keyType, String use, String algorithm, String keyId, String x509url, String x509Thumbprint, List<String> x509Chain)
      Deprecated.
      Use the builder instead.
      Creates a JWK given the basic parameters.
      Parameters:
      keyType - the JWK key type
      use - the JWK use
      algorithm - the JWK algorithm
      keyId - the JWK key id
      x509url - the x509 url for the key
      x509Thumbprint - the x509 thumbnail for the key
      x509Chain - the x509 chain as a list of Base64 encoded strings

    • JWK

      protected JWK(KeyType keyType, String use, Set<KeyOperation> keyOperations, Algorithm algorithm, String keyId, String x509url, String x509Thumbprint, List<String> x509Chain)
      Creates a JWK given the basic parameters.
      Parameters:
      keyType - the JWK key type
      use - the JWK use
      keyOperations - the JWK key Operations
      algorithm - the JWK algorithm
      keyId - the JWK key id
      x509url - the x509 url for the key
      x509Thumbprint - the x509 thumbprint for the key
      x509Chain - the x509 chain as a list of Base64 encoded strings

  • Method Details

    • getKeyType

      public KeyType getKeyType()
      Gets the kty parameter of the JWK.
      Returns:
      The KeyType for the JWK

    • getUse

      public String getUse()
      Gets the use parameter of the JWK.
      Returns:
      The key use.

    • getKeyOperations

      public Set<KeyOperation> getKeyOperations()
      Gets the key operations parameter of the JWK.
      Returns:
      A possibly null set of key operations representing the key operations parameter. If null, then all operations are allowed. An empty set mean that no key operations are allowed.

    • getAlgorithm

      @Deprecated public String getAlgorithm()
      Deprecated.
      replaced by getJwaAlgorithm()
      Gets the alg parameter of the JWK.
      Returns:
      The algorithm name representing the alg parameter

    • getJwaAlgorithm

      public Algorithm getJwaAlgorithm()
      Gets the alg parameter of the JWK.
      Returns:
      The algorithm

    • getKeyId

      public String getKeyId()
      Gets the keyId parameter of the JWK.
      Returns:
      A String representing the keyId parameter

    • toJsonString

      public String toJsonString()
      Prints the JWK Object as a json string.
      Returns:
      A String representing JWK

    • toJsonValue

      public JsonValue toJsonValue()
      Returns a json representation of the JWK.
      Returns:
      A JSON representation.

    • putField

      protected void putField(JsonValue jsonValue, String key, Object value)
      Add a string value into a json only if it's not null.
      Parameters:
      jsonValue - the json
      key - the Map key or List index identifying the child value to set.
      value - the value to assign to the member.

    • parse

      public static JWK parse(String json)
      Parses a String into the proper JWK type.
      Parameters:
      json - The json String.
      Returns:
      A JWK object
      Throws:
      JsonException - If there is a problem parsing the json String.

    • parse

      public static JWK parse(JsonValue jwk)
      Parses a JsonValue into the proper JWK type.
      Parameters:
      jwk - The JsonValue Object.
      Returns:
      A JWK object
      Throws:
      JsonException - If there is a problem analyzing the JsonValue Object.

    • loadJWKFromJson

      protected static void loadJWKFromJson(JWK.Builder builder, JsonValue json)
      Load the generic JWK attributes from the json, by side effect.
      Parameters:
      builder - builder will be modified by side effect.
      json - the json value.

    • getAlgorithm

      public static Algorithm getAlgorithm(String algorithmName)
      Get the algorithm corresponding.
      Parameters:
      algorithmName - The algorithm name..
      Returns:
      An algorithm
      Throws:
      IllegalArgumentException - If the algorithm is not supported.

    • toJsonValue

      protected static JsonValue toJsonValue(String json)
      Converts a String into a JsonValue.
      Parameters:
      json - The json String.
      Returns:
      A JsonValue object.
      Throws:
      JsonException - If there is a problem parsing the json String.

    • getX509URL

      public String getX509URL()
      Gets the X509 URL.
      Returns:
      the url of the 509 cert header or null

    • getX509Thumbprint

      public String getX509Thumbprint()
      Gets the X509 thumbprint.
      Returns:
      Base64url of the X509 thumbprint.

    • getX509Thumbnail

      @Deprecated public String getX509Thumbnail()
      Deprecated.
      Use getX509Thumbprint() instead.
      Gets the X509 thumbprint.
      Returns:
      Base64url of the X509 thumbnail

    • getX509ThumbprintS256

      public String getX509ThumbprintS256()
      Gets the X.509 SHA-256 thumbprint.
      Returns:
      Base64url of the X.509 SHA-256 thumbprint.

    • getX509Chain

      public List<String> getX509Chain()
      Gets a List of X509 chain certs.
      Returns:
      X509 Cert Chain as list of encoded strings or null if none are available.

    • isPrivate

      public boolean isPrivate()
      Indicates if any private key attributes are present in the JWK.
      Returns:
      true if this JWK contains any private key attributes.

    • toPublicJwk

      public Optional<JWK> toPublicJwk()
      For asymmetric keys, get the public JWK representation of this JWK.
      Returns:
      The public JWK.

    • getPublicJwkBuilder

      protected abstract Optional<JWK.Builder<?>> getPublicJwkBuilder()
      Return a builder with all the values set for representing the public components of the JWK. Common JWK attributes will be added in toPublicJwk().
      Returns:
      The builder.

    • getJwkThumbprint

      public String getJwkThumbprint(String hashAlgorithm)
      Calculates the JWK Thumbprint of this JWK.
      Parameters:
      hashAlgorithm - the hash algorithm, e.g. SHA-256.
      Returns:
      the JWK thumbprint.

    • toSecretBuilder

      public SecretBuilder toSecretBuilder()
      Get a SecretBuilder capable of building a Secret subclass object from this JWK. Public and private key material is copied to the resulting object, as is any certificate chain. Any algorithm or key usage constraints are also applied to the resulting key object.
      Returns:
      A SecretBuilder capable of building a secret.

    • toCryptoKey

      public <T extends CryptoKey> T toCryptoKey(Purpose<T> purpose, Instant expiry) throws NoSuchSecretException
      Converts this JWK into a CryptoKey subclass object for use with the Secrets API. Public and private key material is copied to the resulting object, as is any certificate chain. Any algorithm or key usage constraints are also applied to the resulting key object.
      Type Parameters:
      T - the type of key to be built.
      Parameters:
      purpose - the purpose that the key will be used for.
      expiry - the expiry time for the resulting key object.
      Returns:
      the constructed key object.
      Throws:
      NoSuchSecretException - if the key cannot be built for any reason, is is not allowed to be used for the given purpose.