com.nimbusds.jose.jwk

Class JWK

java.lang.Object

com.nimbusds.jose.jwk.JWK

All Implemented Interfaces:

net.minidev.json.JSONAware

Direct Known Subclasses:

ECKey, OctetSequenceKey, RSAKey

public abstract class JWK
extends Object
implements net.minidev.json.JSONAware

The base abstract class for JSON Web Keys (JWKs). It serialises to a JSON object.

The following JSON object members are common to all JWK types:

• kty (required)
• use (optional)
• key_ops (optional)
• kid (optional)

Example JWK (of the Elliptic Curve type):

 {
   "kty" : "EC",
   "crv" : "P-256",
   "x"   : "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
   "y"   : "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
   "use" : "enc",
   "kid" : "1"
 }
 

Version:

2015-09-28

Author:

Vladimir Dzhuvinov, Justin Richer

Field Summary

Fields

Modifier and Type	Field and Description
static String	MIME_TYPE The MIME type of JWK objects: application/jwk+json; charset=UTF-8

Constructor Summary

Constructors

Constructor and Description
JWK(KeyType kty, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, List<Base64> x5c) Creates a new JSON Web Key (JWK).

Method Summary

Methods

Modifier and Type	Method and Description
Base64URL	computeThumbprint() Computes the SHA-256 thumbprint of this JWK.
Base64URL	computeThumbprint(String hashAlg) Computes the thumbprint of this JWK using the specified hash algorithm.
Algorithm	getAlgorithm() Gets the intended JOSE algorithm (alg) for this JWK.
String	getKeyID() Gets the ID (kid) of this JWK.
Set<KeyOperation>	getKeyOperations() Gets the operations (key_ops) for this JWK.
KeyType	getKeyType() Gets the type (kty) of this JWK.
KeyUse	getKeyUse() Gets the use (use) of this JWK.
abstract LinkedHashMap<String,?>	getRequiredParams() Returns the required JWK parameters.
List<Base64>	getX509CertChain() Gets the X.509 certificate chain (x5c) of this JWK.
Base64URL	getX509CertThumbprint() Gets the X.509 certificate thumbprint (x5t) of this JWK.
URI	getX509CertURL() Gets the X.509 certificate URL (x5u) of this JWK.
abstract boolean	isPrivate() Returns true if this JWK contains private or sensitive (non-public) parameters.
static JWK	parse(net.minidev.json.JSONObject jsonObject) Parses a JWK from the specified JSON object representation.
static JWK	parse(String s) Parses a JWK from the specified JSON object string representation.
net.minidev.json.JSONObject	toJSONObject() Returns a JSON object representation of this JWK.
String	toJSONString() Returns the JSON object string representation of this JWK.
abstract JWK	toPublicJWK() Creates a copy of this JWK with all private or sensitive parameters removed.
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

MIME_TYPE

public static final String MIME_TYPE

The MIME type of JWK objects: application/jwk+json; charset=UTF-8

See Also:

Constant Field Values

Constructor Detail

JWK

public JWK(KeyType kty,
   KeyUse use,
   Set<KeyOperation> ops,
   Algorithm alg,
   String kid,
   URI x5u,
   Base64URL x5t,
   List<Base64> x5c)

Creates a new JSON Web Key (JWK).

Parameters:

kty - The key type. Must not be null.

use - The key use, null if not specified or if the key is intended for signing as well as encryption.

ops - The key operations, null if not specified.

alg - The intended JOSE algorithm for the key, null if not specified.

kid - The key ID, null if not specified.

x5u - The X.509 certificate URL, null if not specified.

x5t - The X.509 certificate thumbprint, null if not specified.

x5c - The X.509 certificate chain, null if not specified.

Method Detail

getKeyType

public KeyType getKeyType()

Gets the type (kty) of this JWK.

Returns:

The key type.

getKeyUse

public KeyUse getKeyUse()

Gets the use (use) of this JWK.

Returns:

The key use, null if not specified or if the key is intended for signing as well as encryption.

getKeyOperations

public Set<KeyOperation> getKeyOperations()

Gets the operations (key_ops) for this JWK.

Returns:

The key operations, null if not specified.

getAlgorithm

public Algorithm getAlgorithm()

Gets the intended JOSE algorithm (alg) for this JWK.

Returns:

The intended JOSE algorithm, null if not specified.

getKeyID

public String getKeyID()

Gets the ID (kid) of this JWK. The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.

Returns:

The key ID, null if not specified.

getX509CertURL

public URI getX509CertURL()

Gets the X.509 certificate URL (x5u) of this JWK.

Returns:

The X.509 certificate URL, null if not specified.

getX509CertThumbprint

public Base64URL getX509CertThumbprint()

Gets the X.509 certificate thumbprint (x5t) of this JWK.

Returns:

The X.509 certificate thumbprint, null if not specified.

getX509CertChain

public List<Base64> getX509CertChain()

Gets the X.509 certificate chain (x5c) of this JWK.

Returns:

The X.509 certificate chain as a unmodifiable list, null if not specified.

getRequiredParams

public abstract LinkedHashMap<String,?> getRequiredParams()

Returns the required JWK parameters. Intended as input for JWK thumbprint computation. See RFC 7638 for more information.

Returns:

The required JWK parameters, sorted alphanumerically by key name and ready for JSON serialisation.

computeThumbprint

public Base64URL computeThumbprint()
                            throws JOSEException

Computes the SHA-256 thumbprint of this JWK. See RFC 7638 for more information.

Returns:

The SHA-256 thumbprint.

Throws:

JOSEException - If the SHA-256 hash algorithm is not supported.

computeThumbprint

public Base64URL computeThumbprint(String hashAlg)
                            throws JOSEException

Computes the thumbprint of this JWK using the specified hash algorithm. See RFC 7638 for more information.

Parameters:

hashAlg - The hash algorithm. Must not be null.

Returns:

The SHA-256 thumbprint.

Throws:

JOSEException - If the hash algorithm is not supported.

isPrivate

public abstract boolean isPrivate()

Returns true if this JWK contains private or sensitive (non-public) parameters.

Returns:

true if this JWK contains private parameters, else false.

toPublicJWK

public abstract JWK toPublicJWK()

Creates a copy of this JWK with all private or sensitive parameters removed.

Returns:

The newly created public JWK, or null if none can be created.

toJSONObject

public net.minidev.json.JSONObject toJSONObject()

Returns a JSON object representation of this JWK. This method is intended to be called from extending classes.

Example:

 {
   "kty" : "RSA",
   "use" : "sig",
   "kid" : "fd28e025-8d24-48bc-a51a-e2ffc8bc274b"
 }
 

Returns:

The JSON object representation.

toJSONString

public String toJSONString()

Returns the JSON object string representation of this JWK.

Specified by:

toJSONString in interface net.minidev.json.JSONAware

Returns:

The JSON object string representation.

toString

public String toString()

Overrides:

toString in class Object

See Also:

toJSONString()

parse

public static JWK parse(String s)
                 throws ParseException

Parses a JWK from the specified JSON object string representation. The JWK must be an ECKey, an RSAKey, or a OctetSequenceKey.

Parameters:

s - The JSON object string to parse. Must not be null.

Returns:

The JWK.

Throws:

ParseException - If the string couldn't be parsed to a supported JWK.

parse

public static JWK parse(net.minidev.json.JSONObject jsonObject)
                 throws ParseException

Parses a JWK from the specified JSON object representation. The JWK must be an ECKey, an RSAKey, or a OctetSequenceKey.

Parameters:

jsonObject - The JSON object to parse. Must not be null.

Returns:

The JWK.

Throws:

ParseException - If the JSON object couldn't be parsed to a supported JWK.