Package io.helidon.security.jwt.jwk

Class Jwk

java.lang.Object

io.helidon.security.jwt.jwk.Jwk

Direct Known Subclasses:

JwkEC, JwkOctet, JwkRSA

public abstract class Jwk
extends java.lang.Object

A JWK (JSON Web key) is a representation of data needed to sign, encrypt, verify and /or decrypt data (e.g a public and/or private key; password for symmetric ciphers).

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	ALG_NONE Algorithm defining there is no security (e.g.
static java.lang.String	KEY_TYPE_EC Key type of elliptic curve keys.
static java.lang.String	KEY_TYPE_OCT Key type of octet keys.
static java.lang.String	KEY_TYPE_RSA Key type of RSA keys.
static Jwk	NONE_JWK A jwk with no fields filled and ALG_NONE algorithm.
static java.lang.String	OPERATION_DECRYPT Decrypt content and validate decryption, if applicable.
static java.lang.String	OPERATION_DERIVE_BITS Derive bits not to be used as a key.
static java.lang.String	OPERATION_DERIVE_KEY Derive key.
static java.lang.String	OPERATION_ENCRYPT Encrypt content.
static java.lang.String	OPERATION_SIGN Compute digital signature or MAC.
static java.lang.String	OPERATION_UNWRAP_KEY Decrypt key and validate decryption, if applicable.
static java.lang.String	OPERATION_VERIFY Verify digital signature or MAC.
static java.lang.String	OPERATION_WRAP_KEY Encrypt key.
static java.lang.String	PARAM_ALGORITHM JWK parameter for algorithm.
static java.lang.String	PARAM_KEY_ID JWK parameter for key id.
static java.lang.String	PARAM_KEY_TYPE JWK parameter for key type.
static java.lang.String	PARAM_OPERATIONS JWK parameters for permitted operations.
static java.lang.String	PARAM_USE JWK parameter for usage.
static java.lang.String	USE_ENCRYPTION Key can be used for encryption only.
static java.lang.String	USE_SIGNATURE Key can be used for signatures only.

Method Summary

Modifier and Type	Method and Description
static Jwk	fromJson(JsonObject json) Create an instance from Json object.
java.lang.String	getAlgorithm() The algorithm used when signing/encrypting this key.
java.lang.String	getKeyId() The key id (kid) of this JWK.
java.lang.String	getKeyType() The key type (kty) of this JWK.
java.util.Optional<java.util.List<java.lang.String>>	getOperations() Permitted operations of this JWK.
java.util.Optional<java.lang.String>	getUsage() Permitted usage of this JWK.
byte[]	sign(byte[] bytesToSign) Sign the bytes to sign using this JWK type and algorithm.
java.lang.String	toString()
boolean	verifySignature(byte[] signedBytes, byte[] signature) Verify that the signature is indeed for the signed bytes based on this JWK type and algorithm.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

ALG_NONE

public static final java.lang.String ALG_NONE

Algorithm defining there is no security (e.g. signature) at all.

See Also:

Constant Field Values

KEY_TYPE_EC

public static final java.lang.String KEY_TYPE_EC

Key type of elliptic curve keys. See RFC 7518, section 6.1.

See Also:

Constant Field Values

KEY_TYPE_RSA

public static final java.lang.String KEY_TYPE_RSA

Key type of RSA keys. See RFC 7518, section 6.1.

See Also:

Constant Field Values

KEY_TYPE_OCT

public static final java.lang.String KEY_TYPE_OCT

Key type of octet keys. See RFC 7518, 6.1.

See Also:

Constant Field Values

USE_ENCRYPTION

public static final java.lang.String USE_ENCRYPTION

Key can be used for encryption only. See RFC 7517, section 4.2.

See Also:

Constant Field Values

USE_SIGNATURE

public static final java.lang.String USE_SIGNATURE

Key can be used for signatures only. See RFC 7517, section 4.2.

See Also:

Constant Field Values

OPERATION_SIGN

public static final java.lang.String OPERATION_SIGN

Compute digital signature or MAC. See RFC 7517, section 4.3.

See Also:

PARAM_OPERATIONS, Constant Field Values

OPERATION_VERIFY

public static final java.lang.String OPERATION_VERIFY

Verify digital signature or MAC. See RFC 7517, section 4.3.

See Also:

PARAM_OPERATIONS, Constant Field Values

OPERATION_ENCRYPT

public static final java.lang.String OPERATION_ENCRYPT

Encrypt content. See RFC 7517, section 4.3.

See Also:

PARAM_OPERATIONS, Constant Field Values

OPERATION_DECRYPT

public static final java.lang.String OPERATION_DECRYPT

Decrypt content and validate decryption, if applicable. See RFC 7517, section 4.3.

See Also:

PARAM_OPERATIONS, Constant Field Values

OPERATION_WRAP_KEY

public static final java.lang.String OPERATION_WRAP_KEY

Encrypt key. See RFC 7517, section 4.3.

See Also:

PARAM_OPERATIONS, Constant Field Values

OPERATION_UNWRAP_KEY

public static final java.lang.String OPERATION_UNWRAP_KEY

Decrypt key and validate decryption, if applicable. See RFC 7517, section 4.3.

See Also:

PARAM_OPERATIONS, Constant Field Values

OPERATION_DERIVE_KEY

public static final java.lang.String OPERATION_DERIVE_KEY

Derive key. See RFC 7517, section 4.3.

See Also:

PARAM_OPERATIONS, Constant Field Values

OPERATION_DERIVE_BITS

public static final java.lang.String OPERATION_DERIVE_BITS

Derive bits not to be used as a key. See RFC 7517, section 4.3.

See Also:

PARAM_OPERATIONS, Constant Field Values

PARAM_KEY_TYPE

public static final java.lang.String PARAM_KEY_TYPE

JWK parameter for key type. See RFC 7517, section 4.1.

See Also:

Constant Field Values

PARAM_KEY_ID

public static final java.lang.String PARAM_KEY_ID

JWK parameter for key id. See RFC 7517, section 4.5.

See Also:

Constant Field Values

PARAM_ALGORITHM

public static final java.lang.String PARAM_ALGORITHM

JWK parameter for algorithm. See RFC 7517, section 4.4.

See Also:

Constant Field Values

PARAM_USE

public static final java.lang.String PARAM_USE

JWK parameter for usage. The "use" (public key use) parameter identifies the intended use of the public key. The "use" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. See RFC 7517, section 4.2.

See Also:

Constant Field Values

PARAM_OPERATIONS

public static final java.lang.String PARAM_OPERATIONS

JWK parameters for permitted operations. The "key_ops" (key operations) parameter identifies the operation(s) for which the key is intended to be used. The "key_ops" parameter is intended for use cases in which public, private, or symmetric keys may be present. See RFC 7517, section 4.3.

See Also:

Constant Field Values

NONE_JWK

public static final Jwk NONE_JWK

A jwk with no fields filled and ALG_NONE algorithm.

Method Detail

fromJson

public static Jwk fromJson(JsonObject json)

Create an instance from Json object.

Parameters:

json - with definition of a web key (any key type)

Returns:

new instance of a descendant of this class constructed from json, based on key type

getKeyType

public java.lang.String getKeyType()

The key type (kty) of this JWK.

Returns:

the key type

See Also:

PARAM_KEY_TYPE, KEY_TYPE_EC, KEY_TYPE_RSA, KEY_TYPE_EC

getKeyId

public java.lang.String getKeyId()

The key id (kid) of this JWK. The key id is used to reference a key in configuration (e.g. a JWT comes with a signature and key id; we should have a key from a JWK keys with that key id configured and use it to verify the signature). See RFC 7517, section 4.5.

Returns:

key id of this JWK

See Also:

PARAM_KEY_ID

getAlgorithm

public java.lang.String getAlgorithm()

The algorithm used when signing/encrypting this key. See RFC 7517, section 4.4.

Returns:

algorithm if present (some types have defaults).

See Also:

PARAM_ALGORITHM

getUsage

public java.util.Optional<java.lang.String> getUsage()

Permitted usage of this JWK. See RFC 7517, section 4.2.

Returns:

usage of this JWK or empty if not defined.

See Also:

PARAM_USE, USE_ENCRYPTION, USE_SIGNATURE

getOperations

public java.util.Optional<java.util.List<java.lang.String>> getOperations()

Permitted operations of this JWK. See RFC 7517, section 4.3.

Returns:

list of operations allowed, or empty if not defined

verifySignature

public final boolean verifySignature(byte[] signedBytes,
                                     byte[] signature)

Verify that the signature is indeed for the signed bytes based on this JWK type and algorithm.

Parameters:

signedBytes - bytes that are signed (e.g. content of a JWT, raw bytes)

signature - signature bytes (raw bytes)

Returns:

true if signature is valid, false otherwise

sign

public final byte[] sign(byte[] bytesToSign)

Sign the bytes to sign using this JWK type and algorithm.

Parameters:

bytesToSign - byte to be signed (e.g. content of a JWT, raw bytes)

Returns:

signature bytes (raw bytes)

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object