public class EcJWK extends JWK
Modifier and Type | Class and Description |
---|---|
static class |
EcJWK.Builder
EC JWK builder.
|
JSON_KEY_ALG, JSON_KEY_KID, JSON_KEY_KTY, JSON_KEY_OPERATIONS, JSON_KEY_USE, JSON_KEY_X5C, JSON_KEY_X5T, JSON_KEY_X5U
Constructor and Description |
---|
EcJWK(ECPublicKey publicKey,
ECPrivateKey privateKey,
KeyUse use,
String kid)
Deprecated.
Use the builder instead.
|
EcJWK(ECPublicKey publicKey,
KeyUse use,
String kid)
Deprecated.
Use the builder instead.
|
EcJWK(KeyUse use,
String alg,
String kid,
String x,
String y,
String curve,
String x5u,
String x5t,
List<String> x5c)
Deprecated.
Use the builder instead.
|
EcJWK(KeyUse use,
String alg,
String kid,
String x,
String y,
String d,
String curve,
String x5u,
String x5t,
List<String> x5c)
Deprecated.
Use the builder instead.
|
Modifier and Type | Method and Description |
---|---|
static EcJWK.Builder |
builder(ECPublicKey publicKey)
Get the builder.
|
static EcJWK.Builder |
builder(String curve,
String x,
String y)
Get the builder.
|
static EcJWK.Builder |
builder(SupportedEllipticCurve curve,
String x,
String y)
Get the builder.
|
static BigInteger |
decodeCoordinate(String encodedCoordinate)
Decode the unsigned big-endian base64 url encoding of an elliptical curve point.
|
static String |
encodeCoordinate(int fieldSize,
BigInteger coordinate)
Base64url encode the unsigned big-endian representation of an elliptical curve point.
|
String |
getCurve()
Deprecated.
replaced by
getEllipticCurve() . |
String |
getD()
Gets the unsigned big-endian base64 url encoding of the d value for the elliptical curve private key.
|
SupportedEllipticCurve |
getEllipticCurve()
Gets the elliptic curve.
|
String |
getX()
Gets the unsigned big-endian base64 url encoding of the elliptical curve point x coordinate.
|
String |
getY()
Gets the unsigned big-endian base64 url encoding of the elliptical curve point y coordinate.
|
boolean |
isPublicKeyValid()
Checks for validity of the public key portion of this JWK as per
isPublicKeyValid(ECPublicKey, SupportedEllipticCurve) . |
static boolean |
isPublicKeyValid(ECPublicKey publicKey,
SupportedEllipticCurve curve)
Checks whether the public key actually lies on the curve it claims to be on.
|
static EcJWK |
parse(JsonValue json)
Parses a JWK from a JsonValue json object.
|
static EcJWK |
parse(String json)
Parses a JWK from a string json object.
|
ECPrivateKey |
toECPrivateKey()
Converts the JWK to a ECPrivateKey.
|
ECPublicKey |
toECPublicKey()
Converts the JWK to a ECPublicKey.
|
JsonValue |
toJsonValue()
Returns a json representation of the JWK.
|
KeyPair |
toKeyPair()
Converts the JWK to a KeyPair.
|
getAlgorithm, getAlgorithm, getJwaAlgorithm, getKeyId, getKeyOperations, getKeyType, getUse, getX509Chain, getX509Thumbnail, getX509URL, loadJWKFromJson, putField, toJsonString, toJsonValue
@Deprecated public EcJWK(ECPublicKey publicKey, KeyUse use, String kid)
publicKey
- The public key for the JWKuse
- The value of the use JWK parameterkid
- The key id of the JWK@Deprecated public EcJWK(ECPublicKey publicKey, ECPrivateKey privateKey, KeyUse use, String kid)
publicKey
- The public key for the JWKprivateKey
- The private key for the JWKuse
- The value of the use JWK parameterkid
- The key id of the JWK@Deprecated public EcJWK(KeyUse use, String alg, String kid, String x, String y, String curve, String x5u, String x5t, List<String> x5c)
use
- The value of the use JWK parameteralg
- The value of the alg JWK parameterkid
- The key id of the JWKx
- The unsigned big-endian base64 url encoding of the elliptical curve point x coordinatey
- The unsigned big-endian base64 url encoding of the elliptical curve point y coordinatecurve
- The known curve to use. For example "NIST P-256".x5u
- the x509 url for the keyx5t
- the x509 thumbnail for the keyx5c
- the x509 chain as a list of Base64 encoded strings@Deprecated public EcJWK(KeyUse use, String alg, String kid, String x, String y, String d, String curve, String x5u, String x5t, List<String> x5c)
use
- The value of the use JWK parameteralg
- The value of the alg JWK parameterkid
- The key id of the JWKx
- The unsigned big-endian base64 url encoding of the elliptical curve point x coordinatey
- The unsigned big-endian base64 url encoding of the elliptical curve point y coordinated
- The unsigned big-endian base64 url encoding of the d value for the elliptical curve private keycurve
- The known curve to use. For example "NIST P-256".x5u
- the x509 url for the keyx5t
- the x509 thumbnail for the keyx5c
- the x509 chain as a list of Base64 encoded stringspublic static EcJWK.Builder builder(SupportedEllipticCurve curve, String x, String y)
curve
- The known curve to use. For example "NIST P-256".x
- The unsigned big-endian base64 url encoding of the elliptical curve point x coordinatey
- The unsigned big-endian base64 url encoding of the elliptical curve point y coordinatepublic static EcJWK.Builder builder(String curve, String x, String y)
curve
- The known curve to use. For example "NIST P-256".x
- The unsigned big-endian base64 url encoding of the elliptical curve point x coordinatey
- The unsigned big-endian base64 url encoding of the elliptical curve point y coordinatepublic static EcJWK.Builder builder(ECPublicKey publicKey)
publicKey
- The public key for the JWKpublic String getX()
public String getY()
public String getD()
@Deprecated public String getCurve()
getEllipticCurve()
.public SupportedEllipticCurve getEllipticCurve()
public static EcJWK parse(String json)
json
- string json objectpublic static EcJWK parse(JsonValue json)
json
- JsonValue json objectpublic JsonValue toJsonValue()
JWK
toJsonValue
in class JWK
public ECPublicKey toECPublicKey()
public ECPrivateKey toECPrivateKey()
public KeyPair toKeyPair()
public static BigInteger decodeCoordinate(String encodedCoordinate)
encodedCoordinate
- the unsigned big-endian base64 url encoding of a the elliptical curve pointpublic static String encodeCoordinate(int fieldSize, BigInteger coordinate)
fieldSize
- the EC field size in bits.coordinate
- the elliptical curve pointpublic boolean isPublicKeyValid()
isPublicKeyValid(ECPublicKey, SupportedEllipticCurve)
.public static boolean isPublicKeyValid(ECPublicKey publicKey, SupportedEllipticCurve curve)
NB: This bug has been fixed in the Oracle JRE/OpenJDK since 1.6.0_101, 1.7.0_85, and 1.8.0_51, but we include the check here for completeness and security when running on other JREs which may not implement the check.
The checks performed are those from NIST SP 800-56A (rev. 2), section 5.6.2.3.3 - ECC Partial Public-Key Validation Routine. This is a sufficient check for validating public keys used in "Cofactor Diffie Hellman" (ECC CDH), as defined in SP 800-56A. The JWA spec actually uses non-cofactor Diffie Hellman (ECDH), but because the cofactor for all of the NIST prime order curves in use here (P-256, P-384 and P-521) is 1 (i.e., h = 1), the two schemes are equivalent. This is confirmed by SEC 1: Elliptic Curve Cryptography, section 3.2.2.1 - Elliptic Curve Public Key Validation Primitive:
“In Step 4, it may not be necessary to compute the point nQ. For example, if h = 1, then nQ = O is implied by the checks in Steps 2 and 3, because this property holds for all points Q ∈ E”
publicKey
- the public key to check.curve
- the supported elliptic curve parameters to check the public key against.Copyright 2010-2020 ForgeRock AS.