001/* 002 * nimbus-jose-jwt 003 * 004 * Copyright 2012-2016, Connect2id Ltd. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.jose; 019 020 021import com.nimbusds.jose.util.ArrayUtils; 022import net.jcip.annotations.Immutable; 023 024 025/** 026 * JSON Web Signature (JWS) algorithm name, represents the {@code alg} header 027 * parameter in JWS objects. Also used to represent integrity algorithm 028 * ({@code ia}) header parameters in JWE objects. This class is immutable. 029 * 030 * <p>Includes constants for the following standard JWS algorithm names: 031 * 032 * <ul> 033 * <li>{@link #HS256} 034 * <li>{@link #HS384} 035 * <li>{@link #HS512} 036 * <li>{@link #RS256} 037 * <li>{@link #RS384} 038 * <li>{@link #RS512} 039 * <li>{@link #ES256} 040 * <li>{@link #ES384} 041 * <li>{@link #ES512} 042 * <li>{@link #PS256} 043 * <li>{@link #PS384} 044 * <li>{@link #PS512} 045 * </ul> 046 * 047 * <p>Additional JWS algorithm names can be defined using the constructors. 048 * 049 * @author Vladimir Dzhuvinov 050 * @version 2016-08-24 051 */ 052@Immutable 053public final class JWSAlgorithm extends Algorithm { 054 055 056 private static final long serialVersionUID = 1L; 057 058 059 /** 060 * HMAC using SHA-256 hash algorithm (required). 061 */ 062 public static final JWSAlgorithm HS256 = new JWSAlgorithm("HS256", Requirement.REQUIRED); 063 064 065 /** 066 * HMAC using SHA-384 hash algorithm (optional). 067 */ 068 public static final JWSAlgorithm HS384 = new JWSAlgorithm("HS384", Requirement.OPTIONAL); 069 070 071 /** 072 * HMAC using SHA-512 hash algorithm (optional). 073 */ 074 public static final JWSAlgorithm HS512 = new JWSAlgorithm("HS512", Requirement.OPTIONAL); 075 076 077 /** 078 * RSASSA-PKCS-v1_5 using SHA-256 hash algorithm (recommended). 079 */ 080 public static final JWSAlgorithm RS256 = new JWSAlgorithm("RS256", Requirement.RECOMMENDED); 081 082 083 /** 084 * RSASSA-PKCS-v1_5 using SHA-384 hash algorithm (optional). 085 */ 086 public static final JWSAlgorithm RS384 = new JWSAlgorithm("RS384", Requirement.OPTIONAL); 087 088 089 /** 090 * RSASSA-PKCS-v1_5 using SHA-512 hash algorithm (optional). 091 */ 092 public static final JWSAlgorithm RS512 = new JWSAlgorithm("RS512", Requirement.OPTIONAL); 093 094 095 /** 096 * ECDSA using P-256 curve and SHA-256 hash algorithm (recommended). 097 */ 098 public static final JWSAlgorithm ES256 = new JWSAlgorithm("ES256", Requirement.RECOMMENDED); 099 100 101 /** 102 * ECDSA using P-384 curve and SHA-384 hash algorithm (optional). 103 */ 104 public static final JWSAlgorithm ES384 = new JWSAlgorithm("ES384", Requirement.OPTIONAL); 105 106 107 /** 108 * ECDSA using P-521 curve and SHA-512 hash algorithm (optional). 109 */ 110 public static final JWSAlgorithm ES512 = new JWSAlgorithm("ES512", Requirement.OPTIONAL); 111 112 113 /** 114 * RSASSA-PSS using SHA-256 hash algorithm and MGF1 mask generation 115 * function with SHA-256 (optional). 116 */ 117 public static final JWSAlgorithm PS256 = new JWSAlgorithm("PS256", Requirement.OPTIONAL); 118 119 120 /** 121 * RSASSA-PSS using SHA-384 hash algorithm and MGF1 mask generation 122 * function with SHA-384 (optional). 123 */ 124 public static final JWSAlgorithm PS384 = new JWSAlgorithm("PS384", Requirement.OPTIONAL); 125 126 127 /** 128 * RSASSA-PSS using SHA-512 hash algorithm and MGF1 mask generation 129 * function with SHA-512 (optional). 130 */ 131 public static final JWSAlgorithm PS512 = new JWSAlgorithm("PS512", Requirement.OPTIONAL); 132 133 134 /** 135 * JWS algorithm family. 136 */ 137 public static final class Family extends AlgorithmFamily<JWSAlgorithm> { 138 139 140 private static final long serialVersionUID = 1L; 141 142 143 /** 144 * HMAC using a SHA-2 hash. 145 */ 146 public static final Family HMAC_SHA = new Family(HS256, HS384, HS512); 147 148 149 /** 150 * RSA signature (RSASSA-PKCS-v1_5 or RSASSA-PSS) using a SHA-2 151 * hash. 152 */ 153 public static final Family RSA = new Family(RS256, RS384, RS512, PS256, PS384, PS512); 154 155 156 /** 157 * Elliptic Curve signature (ECDSA) using a SHA-2 hash. 158 */ 159 public static final Family EC = new Family(ES256, ES384, ES512); 160 161 162 /** 163 * Super family of all digital signature based JWS algorithms. 164 */ 165 public static final Family SIGNATURE = new Family(ArrayUtils.concat( 166 RSA.toArray(new JWSAlgorithm[]{}), 167 EC.toArray(new JWSAlgorithm[]{}))); 168 169 170 /*** 171 * Creates a new JWS algorithm family. 172 * 173 * @param algs The JWS algorithms of the family. Must not be 174 * {@code null}. 175 */ 176 public Family(final JWSAlgorithm ... algs) { 177 super(algs); 178 } 179 } 180 181 182 /** 183 * Creates a new JSON Web Signature (JWS) algorithm name. 184 * 185 * @param name The algorithm name. Must not be {@code null}. 186 * @param req The implementation requirement, {@code null} if not 187 * known. 188 */ 189 public JWSAlgorithm(final String name, final Requirement req) { 190 191 super(name, req); 192 } 193 194 195 /** 196 * Creates a new JSON Web Signature (JWS) algorithm name. 197 * 198 * @param name The algorithm name. Must not be {@code null}. 199 */ 200 public JWSAlgorithm(final String name) { 201 202 super(name, null); 203 } 204 205 206 /** 207 * Parses a JWS algorithm from the specified string. 208 * 209 * @param s The string to parse. Must not be {@code null}. 210 * 211 * @return The JWS algorithm (matching standard algorithm constant, else 212 * a newly created algorithm). 213 */ 214 public static JWSAlgorithm parse(final String s) { 215 216 if (s.equals(HS256.getName())) { 217 return HS256; 218 } else if (s.equals(HS384.getName())) { 219 return HS384; 220 } else if (s.equals(HS512.getName())) { 221 return HS512; 222 } else if (s.equals(RS256.getName())) { 223 return RS256; 224 } else if (s.equals(RS384.getName())) { 225 return RS384; 226 } else if (s.equals(RS512.getName())) { 227 return RS512; 228 } else if (s.equals(ES256.getName())) { 229 return ES256; 230 } else if (s.equals(ES384.getName())) { 231 return ES384; 232 } else if (s.equals(ES512.getName())) { 233 return ES512; 234 } else if (s.equals(PS256.getName())) { 235 return PS256; 236 } else if (s.equals(PS384.getName())) { 237 return PS384; 238 } else if (s.equals(PS512.getName())) { 239 return PS512; 240 } else { 241 return new JWSAlgorithm(s); 242 } 243 } 244}