java.lang.Object
io.helidon.security.jwt.jwk.Jwk
A JWK (JSON Web key) is a representation of data needed to sign, encrypt, verify
and /or decrypt data (e.g a public and/or private key; password for symmetric ciphers).
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringAlgorithm defining there is no security (e.g.static final StringKey type of elliptic curve keys.static final StringKey type of octet keys.static final StringKey type of RSA keys.static final JwkA jwk with no fields filled andALG_NONEalgorithm.static final StringDecrypt content and validate decryption, if applicable.static final StringDerive bits not to be used as a key.static final StringDerive key.static final StringEncrypt content.static final StringCompute digital signature or MAC.static final StringDecrypt key and validate decryption, if applicable.static final StringVerify digital signature or MAC.static final StringEncrypt key.static final StringJWK parameter for algorithm.static final StringJWK parameter for key id.static final StringJWK parameter for key type.static final StringJWK parameters for permitted operations.static final StringJWK parameter for usage.static final StringKey can be used for encryption only.static final StringKey can be used for signatures only. -
Method Summary
Modifier and TypeMethodDescriptionThe algorithm used when signing/encrypting this key.static Jwkcreate(JsonObject json) Create an instance from Json object.keyId()The key id (kid) of this JWK.keyType()The key type (kty) of this JWK.Permitted operations of this JWK.final byte[]sign(byte[] bytesToSign) Sign the bytes to sign using this JWK type and algorithm.toString()usage()Permitted usage of this JWK.final booleanverifySignature(byte[] signedBytes, byte[] signature) Verify that the signature is indeed for the signed bytes based on this JWK type and algorithm.
-
Field Details
-
ALG_NONE
Algorithm defining there is no security (e.g. signature) at all.- See Also:
-
KEY_TYPE_EC
Key type of elliptic curve keys. See RFC 7518, section 6.1.- See Also:
-
KEY_TYPE_RSA
Key type of RSA keys. See RFC 7518, section 6.1.- See Also:
-
KEY_TYPE_OCT
Key type of octet keys. See RFC 7518, 6.1.- See Also:
-
USE_ENCRYPTION
Key can be used for encryption only. See RFC 7517, section 4.2.- See Also:
-
USE_SIGNATURE
Key can be used for signatures only. See RFC 7517, section 4.2.- See Also:
-
OPERATION_SIGN
Compute digital signature or MAC. See RFC 7517, section 4.3.- See Also:
-
OPERATION_VERIFY
Verify digital signature or MAC. See RFC 7517, section 4.3.- See Also:
-
OPERATION_ENCRYPT
Encrypt content. See RFC 7517, section 4.3.- See Also:
-
OPERATION_DECRYPT
Decrypt content and validate decryption, if applicable. See RFC 7517, section 4.3.- See Also:
-
OPERATION_WRAP_KEY
Encrypt key. See RFC 7517, section 4.3.- See Also:
-
OPERATION_UNWRAP_KEY
Decrypt key and validate decryption, if applicable. See RFC 7517, section 4.3.- See Also:
-
OPERATION_DERIVE_KEY
Derive key. See RFC 7517, section 4.3.- See Also:
-
OPERATION_DERIVE_BITS
Derive bits not to be used as a key. See RFC 7517, section 4.3.- See Also:
-
PARAM_KEY_TYPE
JWK parameter for key type. See RFC 7517, section 4.1.- See Also:
-
PARAM_KEY_ID
JWK parameter for key id. See RFC 7517, section 4.5.- See Also:
-
PARAM_ALGORITHM
JWK parameter for algorithm. See RFC 7517, section 4.4.- See Also:
-
PARAM_USE
JWK parameter for usage. The "use" (public key use) parameter identifies the intended use of the public key. The "use" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. See RFC 7517, section 4.2.- See Also:
-
PARAM_OPERATIONS
JWK parameters for permitted operations. The "key_ops" (key operations) parameter identifies the operation(s) for which the key is intended to be used. The "key_ops" parameter is intended for use cases in which public, private, or symmetric keys may be present. See RFC 7517, section 4.3.- See Also:
-
NONE_JWK
A jwk with no fields filled andALG_NONEalgorithm.
-
-
Method Details
-
create
Create an instance from Json object.- Parameters:
json- with definition of a web key (any key type)- Returns:
- new instance of a descendant of this class constructed from json, based on key type
-
keyType
The key type (kty) of this JWK.- Returns:
- the key type
- See Also:
-
keyId
The key id (kid) of this JWK. The key id is used to reference a key in configuration (e.g. a JWT comes with a signature and key id; we should have a key from a JWK keys with that key id configured and use it to verify the signature). See RFC 7517, section 4.5.- Returns:
- key id of this JWK
- See Also:
-
algorithm
The algorithm used when signing/encrypting this key. See RFC 7517, section 4.4.- Returns:
- algorithm if present (some types have defaults).
- See Also:
-
usage
Permitted usage of this JWK. See RFC 7517, section 4.2.- Returns:
- usage of this JWK or empty if not defined.
- See Also:
-
operations
Permitted operations of this JWK. See RFC 7517, section 4.3.- Returns:
- list of operations allowed, or empty if not defined
-
verifySignature
public final boolean verifySignature(byte[] signedBytes, byte[] signature) Verify that the signature is indeed for the signed bytes based on this JWK type and algorithm.- Parameters:
signedBytes- bytes that are signed (e.g. content of a JWT, raw bytes)signature- signature bytes (raw bytes)- Returns:
- true if signature is valid, false otherwise
-
sign
public final byte[] sign(byte[] bytesToSign) Sign the bytes to sign using this JWK type and algorithm.- Parameters:
bytesToSign- byte to be signed (e.g. content of a JWT, raw bytes)- Returns:
- signature bytes (raw bytes)
-
toString
-