Package io.helidon.security.jwt.jwk

Class Jwk

java.lang.Object

io.helidon.security.jwt.jwk.Jwk

Direct Known Subclasses:

JwkEC, JwkOctet, JwkRSA

public abstract class Jwk
extends Object

A JWK (JSON Web key) is a representation of data needed to sign, encrypt, verify and /or decrypt data (e.g a public and/or private key; password for symmetric ciphers).

Field Summary

Fields

Modifier and Type	Field and Description
static String	ALG_NONE Algorithm defining there is no security (e.g.
static String	KEY_TYPE_EC Key type of elliptic curve keys.
static String	KEY_TYPE_OCT Key type of octet keys.
static String	KEY_TYPE_RSA Key type of RSA keys.
static Jwk	NONE_JWK A jwk with no fields filled and ALG_NONE algorithm.
static String	OPERATION_DECRYPT Decrypt content and validate decryption, if applicable.
static String	OPERATION_DERIVE_BITS Derive bits not to be used as a key.
static String	OPERATION_DERIVE_KEY Derive key.
static String	OPERATION_ENCRYPT Encrypt content.
static String	OPERATION_SIGN Compute digital signature or MAC.
static String	OPERATION_UNWRAP_KEY Decrypt key and validate decryption, if applicable.
static String	OPERATION_VERIFY Verify digital signature or MAC.
static String	OPERATION_WRAP_KEY Encrypt key.
static String	PARAM_ALGORITHM JWK parameter for algorithm.
static String	PARAM_KEY_ID JWK parameter for key id.
static String	PARAM_KEY_TYPE JWK parameter for key type.
static String	PARAM_OPERATIONS JWK parameters for permitted operations.
static String	PARAM_USE JWK parameter for usage.
static String	USE_ENCRYPTION Key can be used for encryption only.
static String	USE_SIGNATURE Key can be used for signatures only.

Method Summary

Modifier and Type	Method and Description
String	algorithm() The algorithm used when signing/encrypting this key.
static Jwk	create(JsonObject json) Create an instance from Json object.
String	keyId() The key id (kid) of this JWK.
String	keyType() The key type (kty) of this JWK.
Optional<List<String>>	operations() Permitted operations of this JWK.
byte[]	sign(byte[] bytesToSign) Sign the bytes to sign using this JWK type and algorithm.
String	toString()
Optional<String>	usage() Permitted usage of this JWK.
boolean	verifySignature(byte[] signedBytes, byte[] signature) Verify that the signature is indeed for the signed bytes based on this JWK type and algorithm.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

ALG_NONE

public static final String ALG_NONE

Algorithm defining there is no security (e.g. signature) at all.

See Also:

Constant Field Values

KEY_TYPE_EC

public static final String KEY_TYPE_EC

Key type of elliptic curve keys. See RFC 7518, section 6.1.

See Also:

Constant Field Values

KEY_TYPE_RSA

public static final String KEY_TYPE_RSA

Key type of RSA keys. See RFC 7518, section 6.1.

See Also:

Constant Field Values

KEY_TYPE_OCT

public static final String KEY_TYPE_OCT

Key type of octet keys. See RFC 7518, 6.1.

See Also:

Constant Field Values

USE_ENCRYPTION

public static final String USE_ENCRYPTION

Key can be used for encryption only. See RFC 7517, section 4.2.

See Also:

Constant Field Values

USE_SIGNATURE

public static final String USE_SIGNATURE

Key can be used for signatures only. See RFC 7517, section 4.2.

See Also:

Constant Field Values

OPERATION_SIGN

public static final String OPERATION_SIGN

Compute digital signature or MAC. See RFC 7517, section 4.3.

See Also:

PARAM_OPERATIONS, Constant Field Values

OPERATION_VERIFY

public static final String OPERATION_VERIFY

Verify digital signature or MAC. See RFC 7517, section 4.3.

See Also:

PARAM_OPERATIONS, Constant Field Values

OPERATION_ENCRYPT

public static final String OPERATION_ENCRYPT

Encrypt content. See RFC 7517, section 4.3.

See Also:

PARAM_OPERATIONS, Constant Field Values

OPERATION_DECRYPT

public static final String OPERATION_DECRYPT

Decrypt content and validate decryption, if applicable. See RFC 7517, section 4.3.

See Also:

PARAM_OPERATIONS, Constant Field Values

OPERATION_WRAP_KEY

public static final String OPERATION_WRAP_KEY

Encrypt key. See RFC 7517, section 4.3.

See Also:

PARAM_OPERATIONS, Constant Field Values

OPERATION_UNWRAP_KEY

public static final String OPERATION_UNWRAP_KEY

Decrypt key and validate decryption, if applicable. See RFC 7517, section 4.3.

See Also:

PARAM_OPERATIONS, Constant Field Values

OPERATION_DERIVE_KEY

public static final String OPERATION_DERIVE_KEY

Derive key. See RFC 7517, section 4.3.

See Also:

PARAM_OPERATIONS, Constant Field Values

OPERATION_DERIVE_BITS

public static final String OPERATION_DERIVE_BITS

Derive bits not to be used as a key. See RFC 7517, section 4.3.

See Also:

PARAM_OPERATIONS, Constant Field Values

PARAM_KEY_TYPE

public static final String PARAM_KEY_TYPE

JWK parameter for key type. See RFC 7517, section 4.1.

See Also:

Constant Field Values

PARAM_KEY_ID

public static final String PARAM_KEY_ID

JWK parameter for key id. See RFC 7517, section 4.5.

See Also:

Constant Field Values

PARAM_ALGORITHM

public static final String PARAM_ALGORITHM

JWK parameter for algorithm. See RFC 7517, section 4.4.

See Also:

Constant Field Values

PARAM_USE

public static final String PARAM_USE

JWK parameter for usage. The "use" (public key use) parameter identifies the intended use of the public key. The "use" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. See RFC 7517, section 4.2.

See Also:

Constant Field Values

PARAM_OPERATIONS

public static final String PARAM_OPERATIONS

JWK parameters for permitted operations. The "key_ops" (key operations) parameter identifies the operation(s) for which the key is intended to be used. The "key_ops" parameter is intended for use cases in which public, private, or symmetric keys may be present. See RFC 7517, section 4.3.

See Also:

Constant Field Values

NONE_JWK

public static final Jwk NONE_JWK

A jwk with no fields filled and ALG_NONE algorithm.

Method Detail

create

public static Jwk create(JsonObject json)

Create an instance from Json object.

Parameters:

json - with definition of a web key (any key type)

Returns:

new instance of a descendant of this class constructed from json, based on key type

keyType

public String keyType()

The key type (kty) of this JWK.

Returns:

the key type

See Also:

PARAM_KEY_TYPE, KEY_TYPE_EC, KEY_TYPE_RSA, KEY_TYPE_EC

keyId

public String keyId()

The key id (kid) of this JWK. The key id is used to reference a key in configuration (e.g. a JWT comes with a signature and key id; we should have a key from a JWK keys with that key id configured and use it to verify the signature). See RFC 7517, section 4.5.

Returns:

key id of this JWK

See Also:

PARAM_KEY_ID

algorithm

public String algorithm()

The algorithm used when signing/encrypting this key. See RFC 7517, section 4.4.

Returns:

algorithm if present (some types have defaults).

See Also:

PARAM_ALGORITHM

usage

public Optional<String> usage()

Permitted usage of this JWK. See RFC 7517, section 4.2.

Returns:

usage of this JWK or empty if not defined.

See Also:

PARAM_USE, USE_ENCRYPTION, USE_SIGNATURE

operations

public Optional<List<String>> operations()

Permitted operations of this JWK. See RFC 7517, section 4.3.

Returns:

list of operations allowed, or empty if not defined

verifySignature

public final boolean verifySignature(byte[] signedBytes,
                                     byte[] signature)

Verify that the signature is indeed for the signed bytes based on this JWK type and algorithm.

Parameters:

signedBytes - bytes that are signed (e.g. content of a JWT, raw bytes)

signature - signature bytes (raw bytes)

Returns:

true if signature is valid, false otherwise

sign

public final byte[] sign(byte[] bytesToSign)

Sign the bytes to sign using this JWK type and algorithm.

Parameters:

bytesToSign - byte to be signed (e.g. content of a JWT, raw bytes)

Returns:

signature bytes (raw bytes)

toString

public String toString()

Overrides:

toString in class Object