@Immutable public final class ECKey extends JWK implements AssymetricJWK
Elliptic Curve
JSON Web Key (JWK).
Uses the BouncyCastle.org provider for EC key import and export. This class
is immutable.
Example JSON object representation of a public EC JWK:
{ "kty" : "EC", "crv" : "P-256", "x" : "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", "y" : "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", "use" : "enc", "kid" : "1" }
Example JSON object representation of a public and private EC JWK:
{ "kty" : "EC", "crv" : "P-256", "x" : "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", "y" : "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", "d" : "870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", "use" : "enc", "kid" : "1" }
See http://en.wikipedia.org/wiki/Elliptic_curve_cryptography
Modifier and Type | Class and Description |
---|---|
static class |
ECKey.Builder
Builder for constructing Elliptic Curve JWKs.
|
static class |
ECKey.Curve
Cryptographic curve.
|
Constructor and Description |
---|
ECKey(ECKey.Curve crv,
Base64URL x,
Base64URL y,
Base64URL d,
KeyUse use,
Set<KeyOperation> ops,
Algorithm alg,
String kid,
URI x5u,
Base64URL x5t,
List<Base64> x5c)
Creates a new public / private Elliptic Curve JSON Web Key (JWK)
with the specified parameters.
|
ECKey(ECKey.Curve crv,
Base64URL x,
Base64URL y,
KeyUse use,
Set<KeyOperation> ops,
Algorithm alg,
String kid,
URI x5u,
Base64URL x5t,
List<Base64> x5c)
Creates a new public Elliptic Curve JSON Web Key (JWK) with the
specified parameters.
|
ECKey(ECKey.Curve crv,
ECPublicKey pub,
ECPrivateKey priv,
KeyUse use,
Set<KeyOperation> ops,
Algorithm alg,
String kid,
URI x5u,
Base64URL x5t,
List<Base64> x5c)
Creates a new public / private Elliptic Curve JSON Web Key (JWK)
with the specified parameters.
|
ECKey(ECKey.Curve crv,
ECPublicKey pub,
KeyUse use,
Set<KeyOperation> ops,
Algorithm alg,
String kid,
URI x5u,
Base64URL x5t,
List<Base64> x5c)
Creates a new public Elliptic Curve JSON Web Key (JWK) with the
specified parameters.
|
Modifier and Type | Method and Description |
---|---|
static Base64URL |
encodeCoordinate(int fieldSize,
BigInteger coordinate)
Returns the Base64URL encoding of the specified elliptic curve 'x',
'y' or 'd' coordinate, with leading zero padding up to the specified
field size in bits.
|
ECKey.Curve |
getCurve()
Gets the cryptographic curve.
|
Base64URL |
getD()
Gets the private 'd' coordinate for the elliptic curve point.
|
LinkedHashMap<String,?> |
getRequiredParams()
Returns the required JWK parameters.
|
Base64URL |
getX()
Gets the public 'x' coordinate for the elliptic curve point.
|
Base64URL |
getY()
Gets the public 'y' coordinate for the elliptic curve point.
|
boolean |
isPrivate()
Returns
true if this JWK contains private or sensitive
(non-public) parameters. |
static ECKey |
parse(net.minidev.json.JSONObject jsonObject)
Parses a public / private Elliptic Curve JWK from the specified JSON
object representation.
|
static ECKey |
parse(String s)
Parses a public / private Elliptic Curve JWK from the specified JSON
object string representation.
|
ECPrivateKey |
toECPrivateKey()
Returns a standard
java.security.interfaces.ECPrivateKey
representation of this Elliptic Curve JWK. |
ECPrivateKey |
toECPrivateKey(Provider provider)
Returns a standard
java.security.interfaces.ECPrivateKey
representation of this Elliptic Curve JWK. |
ECPublicKey |
toECPublicKey()
Returns a standard
java.security.interfaces.ECPublicKey
representation of this Elliptic Curve JWK. |
ECPublicKey |
toECPublicKey(Provider provider)
Returns a standard
java.security.interfaces.ECPublicKey
representation of this Elliptic Curve JWK. |
net.minidev.json.JSONObject |
toJSONObject()
Returns a JSON object representation of this JWK.
|
KeyPair |
toKeyPair()
Returns a standard
java.security.KeyPair representation of
this Elliptic Curve JWK. |
KeyPair |
toKeyPair(Provider provider)
Returns a standard
java.security.KeyPair representation of
this Elliptic Curve JWK. |
PrivateKey |
toPrivateKey()
Returns a Java private key representation of this JWK.
|
ECKey |
toPublicJWK()
Returns a copy of this Elliptic Curve JWK with any private values
removed.
|
PublicKey |
toPublicKey()
Returns a Java public key representation of the JWK.
|
computeThumbprint, computeThumbprint, getAlgorithm, getKeyID, getKeyOperations, getKeyType, getKeyUse, getX509CertChain, getX509CertThumbprint, getX509CertURL, toJSONString, toString
public ECKey(ECKey.Curve crv, Base64URL x, Base64URL y, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, List<Base64> x5c)
crv
- The cryptographic curve. Must not be null
.x
- The public 'x' coordinate for the elliptic curve point.
It is represented as the Base64URL encoding of the
coordinate's big endian representation. Must not be
null
.y
- The public 'y' coordinate for the elliptic curve point.
It is represented as the Base64URL encoding of the
coordinate's big endian representation. Must not be
null
.use
- The key use, null
if not specified or if the key
is intended for signing as well as encryption.ops
- The key operations, null
if not specified.alg
- The intended JOSE algorithm for the key, null
if
not specified.kid
- The key ID, null
if not specified.x5u
- The X.509 certificate URL, null
if not specified.x5t
- The X.509 certificate thumbprint, null
if not
specified.x5c
- The X.509 certificate chain, null
if not
specified.public ECKey(ECKey.Curve crv, Base64URL x, Base64URL y, Base64URL d, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, List<Base64> x5c)
crv
- The cryptographic curve. Must not be null
.x
- The public 'x' coordinate for the elliptic curve point.
It is represented as the Base64URL encoding of the
coordinate's big endian representation. Must not be
null
.y
- The public 'y' coordinate for the elliptic curve point.
It is represented as the Base64URL encoding of the
coordinate's big endian representation. Must not be
null
.d
- The private 'd' coordinate for the elliptic curve point.
It is represented as the Base64URL encoding of the
coordinate's big endian representation. Must not be
null
.use
- The key use, null
if not specified or if the key
is intended for signing as well as encryption.ops
- The key operations, null
if not specified.alg
- The intended JOSE algorithm for the key, null
if
not specified.kid
- The key ID, null
if not specified.x5u
- The X.509 certificate URL, null
if not specified.x5t
- The X.509 certificate thumbprint, null
if not
specified.x5c
- The X.509 certificate chain, null
if not
specified.public ECKey(ECKey.Curve crv, ECPublicKey pub, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, List<Base64> x5c)
crv
- The cryptographic curve. Must not be null
.pub
- The public EC key to represent. Must not be null
.use
- The key use, null
if not specified or if the key
is intended for signing as well as encryption.ops
- The key operations, null
if not specified.alg
- The intended JOSE algorithm for the key, null
if
not specified.kid
- The key ID, null
if not specified.x5u
- The X.509 certificate URL, null
if not specified.x5t
- The X.509 certificate thumbprint, null
if not
specified.x5c
- The X.509 certificate chain, null
if not
specified.public ECKey(ECKey.Curve crv, ECPublicKey pub, ECPrivateKey priv, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, List<Base64> x5c)
crv
- The cryptographic curve. Must not be null
.pub
- The public EC key to represent. Must not be
null
.priv
- The private EC key to represent. Must not be
null
.use
- The key use, null
if not specified or if the key
is intended for signing as well as encryption.ops
- The key operations, null
if not specified.alg
- The intended JOSE algorithm for the key, null
if
not specified.kid
- The key ID, null
if not specified.x5u
- The X.509 certificate URL, null
if not
specified.x5t
- The X.509 certificate thumbprint, null
if not
specified.x5c
- The X.509 certificate chain, null
if not
specified.public static Base64URL encodeCoordinate(int fieldSize, BigInteger coordinate)
fieldSize
- The field size in bits.coordinate
- The elliptic curve coordinate. Must not be
null
.public ECKey.Curve getCurve()
public Base64URL getX()
public Base64URL getY()
public Base64URL getD()
null
if not specified (for a public key).public ECPublicKey toECPublicKey() throws JOSEException
java.security.interfaces.ECPublicKey
representation of this Elliptic Curve JWK. Uses the default JCA
provider.JOSEException
- If EC is not supported by the underlying Java
Cryptography (JCA) provider or if the JWK
parameters are invalid for a public EC key.public ECPublicKey toECPublicKey(Provider provider) throws JOSEException
java.security.interfaces.ECPublicKey
representation of this Elliptic Curve JWK.provider
- The specific JCA provider to use, null
implies the default one.JOSEException
- If EC is not supported by the underlying Java
Cryptography (JCA) provider or if the JWK
parameters are invalid for a public EC key.public ECPrivateKey toECPrivateKey() throws JOSEException
java.security.interfaces.ECPrivateKey
representation of this Elliptic Curve JWK. Uses the default JCA
provider.null
if not
specified by this JWK.JOSEException
- If EC is not supported by the underlying Java
Cryptography (JCA) provider or if the JWK
parameters are invalid for a private EC key.public ECPrivateKey toECPrivateKey(Provider provider) throws JOSEException
java.security.interfaces.ECPrivateKey
representation of this Elliptic Curve JWK.provider
- The specific JCA provider to use, null
implies the default one.null
if not
specified by this JWK.JOSEException
- If EC is not supported by the underlying Java
Cryptography (JCA) provider or if the JWK
parameters are invalid for a private EC key.public PublicKey toPublicKey() throws JOSEException
AssymetricJWK
toPublicKey
in interface AssymetricJWK
JOSEException
- If conversion failed.public PrivateKey toPrivateKey() throws JOSEException
AssymetricJWK
toPrivateKey
in interface AssymetricJWK
null
if not specified.JOSEException
- If conversion failed.public KeyPair toKeyPair() throws JOSEException
java.security.KeyPair
representation of
this Elliptic Curve JWK. Uses the default JCA provider.toKeyPair
in interface AssymetricJWK
null
if not specified.JOSEException
- If EC is not supported by the underlying Java
Cryptography (JCA) provider or if the JWK
parameters are invalid for a public and / or
private EC key.public KeyPair toKeyPair(Provider provider) throws JOSEException
java.security.KeyPair
representation of
this Elliptic Curve JWK.provider
- The specific JCA provider to use, null
implies the default one.null
if not specified.JOSEException
- If EC is not supported by the underlying Java
Cryptography (JCA) provider or if the JWK
parameters are invalid for a public and / or
private EC key.public LinkedHashMap<String,?> getRequiredParams()
JWK
getRequiredParams
in class JWK
public boolean isPrivate()
JWK
true
if this JWK contains private or sensitive
(non-public) parameters.public ECKey toPublicJWK()
toPublicJWK
in class JWK
public net.minidev.json.JSONObject toJSONObject()
JWK
Example:
{ "kty" : "RSA", "use" : "sig", "kid" : "fd28e025-8d24-48bc-a51a-e2ffc8bc274b" }
toJSONObject
in class JWK
public static ECKey parse(String s) throws ParseException
s
- The JSON object string to parse. Must not be null
.ParseException
- If the string couldn't be parsed to an
Elliptic Curve JWK.public static ECKey parse(net.minidev.json.JSONObject jsonObject) throws ParseException
jsonObject
- The JSON object to parse. Must not be
null
.ParseException
- If the JSON object couldn't be parsed to an
Elliptic Curve JWK.Copyright © 2015 Connect2id Ltd.. All Rights Reserved.