Package io.helidon.security.jwt.jwk
Class Jwk
- java.lang.Object
-
- io.helidon.security.jwt.jwk.Jwk
-
-
Field Summary
Fields Modifier and Type Field Description static String
ALG_NONE
Algorithm defining there is no security (e.g.static String
KEY_TYPE_EC
Key type of elliptic curve keys.static String
KEY_TYPE_OCT
Key type of octet keys.static String
KEY_TYPE_RSA
Key type of RSA keys.static Jwk
NONE_JWK
A jwk with no fields filled andALG_NONE
algorithm.static String
OPERATION_DECRYPT
Decrypt content and validate decryption, if applicable.static String
OPERATION_DERIVE_BITS
Derive bits not to be used as a key.static String
OPERATION_DERIVE_KEY
Derive key.static String
OPERATION_ENCRYPT
Encrypt content.static String
OPERATION_SIGN
Compute digital signature or MAC.static String
OPERATION_UNWRAP_KEY
Decrypt key and validate decryption, if applicable.static String
OPERATION_VERIFY
Verify digital signature or MAC.static String
OPERATION_WRAP_KEY
Encrypt key.static String
PARAM_ALGORITHM
JWK parameter for algorithm.static String
PARAM_KEY_ID
JWK parameter for key id.static String
PARAM_KEY_TYPE
JWK parameter for key type.static String
PARAM_OPERATIONS
JWK parameters for permitted operations.static String
PARAM_USE
JWK parameter for usage.static String
USE_ENCRYPTION
Key can be used for encryption only.static String
USE_SIGNATURE
Key can be used for signatures only.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description String
algorithm()
The algorithm used when signing/encrypting this key.static Jwk
create(JsonObject json)
Create an instance from Json object.String
keyId()
The key id (kid) of this JWK.String
keyType()
The key type (kty) of this JWK.Optional<List<String>>
operations()
Permitted operations of this JWK.byte[]
sign(byte[] bytesToSign)
Sign the bytes to sign using this JWK type and algorithm.String
toString()
Optional<String>
usage()
Permitted usage of this JWK.boolean
verifySignature(byte[] signedBytes, byte[] signature)
Verify that the signature is indeed for the signed bytes based on this JWK type and algorithm.
-
-
-
Field Detail
-
ALG_NONE
public static final String ALG_NONE
Algorithm defining there is no security (e.g. signature) at all.- See Also:
- Constant Field Values
-
KEY_TYPE_EC
public static final String KEY_TYPE_EC
Key type of elliptic curve keys. See RFC 7518, section 6.1.- See Also:
- Constant Field Values
-
KEY_TYPE_RSA
public static final String KEY_TYPE_RSA
Key type of RSA keys. See RFC 7518, section 6.1.- See Also:
- Constant Field Values
-
KEY_TYPE_OCT
public static final String KEY_TYPE_OCT
Key type of octet keys. See RFC 7518, 6.1.- See Also:
- Constant Field Values
-
USE_ENCRYPTION
public static final String USE_ENCRYPTION
Key can be used for encryption only. See RFC 7517, section 4.2.- See Also:
- Constant Field Values
-
USE_SIGNATURE
public static final String USE_SIGNATURE
Key can be used for signatures only. See RFC 7517, section 4.2.- See Also:
- Constant Field Values
-
OPERATION_SIGN
public static final String OPERATION_SIGN
Compute digital signature or MAC. See RFC 7517, section 4.3.- See Also:
PARAM_OPERATIONS
, Constant Field Values
-
OPERATION_VERIFY
public static final String OPERATION_VERIFY
Verify digital signature or MAC. See RFC 7517, section 4.3.- See Also:
PARAM_OPERATIONS
, Constant Field Values
-
OPERATION_ENCRYPT
public static final String OPERATION_ENCRYPT
Encrypt content. See RFC 7517, section 4.3.- See Also:
PARAM_OPERATIONS
, Constant Field Values
-
OPERATION_DECRYPT
public static final String OPERATION_DECRYPT
Decrypt content and validate decryption, if applicable. See RFC 7517, section 4.3.- See Also:
PARAM_OPERATIONS
, Constant Field Values
-
OPERATION_WRAP_KEY
public static final String OPERATION_WRAP_KEY
Encrypt key. See RFC 7517, section 4.3.- See Also:
PARAM_OPERATIONS
, Constant Field Values
-
OPERATION_UNWRAP_KEY
public static final String OPERATION_UNWRAP_KEY
Decrypt key and validate decryption, if applicable. See RFC 7517, section 4.3.- See Also:
PARAM_OPERATIONS
, Constant Field Values
-
OPERATION_DERIVE_KEY
public static final String OPERATION_DERIVE_KEY
Derive key. See RFC 7517, section 4.3.- See Also:
PARAM_OPERATIONS
, Constant Field Values
-
OPERATION_DERIVE_BITS
public static final String OPERATION_DERIVE_BITS
Derive bits not to be used as a key. See RFC 7517, section 4.3.- See Also:
PARAM_OPERATIONS
, Constant Field Values
-
PARAM_KEY_TYPE
public static final String PARAM_KEY_TYPE
JWK parameter for key type. See RFC 7517, section 4.1.- See Also:
- Constant Field Values
-
PARAM_KEY_ID
public static final String PARAM_KEY_ID
JWK parameter for key id. See RFC 7517, section 4.5.- See Also:
- Constant Field Values
-
PARAM_ALGORITHM
public static final String PARAM_ALGORITHM
JWK parameter for algorithm. See RFC 7517, section 4.4.- See Also:
- Constant Field Values
-
PARAM_USE
public static final String PARAM_USE
JWK parameter for usage. The "use" (public key use) parameter identifies the intended use of the public key. The "use" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. See RFC 7517, section 4.2.- See Also:
- Constant Field Values
-
PARAM_OPERATIONS
public static final String PARAM_OPERATIONS
JWK parameters for permitted operations. The "key_ops" (key operations) parameter identifies the operation(s) for which the key is intended to be used. The "key_ops" parameter is intended for use cases in which public, private, or symmetric keys may be present. See RFC 7517, section 4.3.- See Also:
- Constant Field Values
-
-
Method Detail
-
create
public static Jwk create(JsonObject json)
Create an instance from Json object.- Parameters:
json
- with definition of a web key (any key type)- Returns:
- new instance of a descendant of this class constructed from json, based on key type
-
keyType
public String keyType()
The key type (kty) of this JWK.- Returns:
- the key type
- See Also:
PARAM_KEY_TYPE
,KEY_TYPE_EC
,KEY_TYPE_RSA
,KEY_TYPE_EC
-
keyId
public String keyId()
The key id (kid) of this JWK. The key id is used to reference a key in configuration (e.g. a JWT comes with a signature and key id; we should have a key from a JWK keys with that key id configured and use it to verify the signature). See RFC 7517, section 4.5.- Returns:
- key id of this JWK
- See Also:
PARAM_KEY_ID
-
algorithm
public String algorithm()
The algorithm used when signing/encrypting this key. See RFC 7517, section 4.4.- Returns:
- algorithm if present (some types have defaults).
- See Also:
PARAM_ALGORITHM
-
usage
public Optional<String> usage()
Permitted usage of this JWK. See RFC 7517, section 4.2.- Returns:
- usage of this JWK or empty if not defined.
- See Also:
PARAM_USE
,USE_ENCRYPTION
,USE_SIGNATURE
-
operations
public Optional<List<String>> operations()
Permitted operations of this JWK. See RFC 7517, section 4.3.- Returns:
- list of operations allowed, or empty if not defined
-
verifySignature
public final boolean verifySignature(byte[] signedBytes, byte[] signature)
Verify that the signature is indeed for the signed bytes based on this JWK type and algorithm.- Parameters:
signedBytes
- bytes that are signed (e.g. content of a JWT, raw bytes)signature
- signature bytes (raw bytes)- Returns:
- true if signature is valid, false otherwise
-
sign
public final byte[] sign(byte[] bytesToSign)
Sign the bytes to sign using this JWK type and algorithm.- Parameters:
bytesToSign
- byte to be signed (e.g. content of a JWT, raw bytes)- Returns:
- signature bytes (raw bytes)
-
-