001/* 002 * nimbus-jose-jwt 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.jose.jwk.gen; 019 020 021import java.security.KeyPair; 022import java.security.KeyPairGenerator; 023import java.security.NoSuchAlgorithmException; 024import java.security.interfaces.RSAPublicKey; 025 026import com.nimbusds.jose.JOSEException; 027import com.nimbusds.jose.jwk.RSAKey; 028 029 030/** 031 * RSA JSON Web Key (JWK) generator. 032 * 033 * @author Vladimir Dzhuvinov 034 * @version 2019-04-17 035 */ 036public class RSAKeyGenerator extends JWKGenerator<RSAKey> { 037 038 039 /** 040 * The minimum size of generated keys. 041 */ 042 public static final int MIN_KEY_SIZE_BITS = 2048; 043 044 045 /** 046 * The RSA key size, in bits. 047 */ 048 private final int size; 049 050 051 /** 052 * Creates a new RSA JWK generator. 053 * 054 * @param size The RSA key size, in bits. Must be at least 2048 bits 055 * long for sufficient strength. 056 */ 057 public RSAKeyGenerator(final int size) { 058 059 this(size, false); 060 } 061 062 063 /** 064 * Creates a new RSA JWK generator. 065 * 066 * @param size The RSA key size, in bits. Must be at least 067 * 2048 bits long for sufficient strength. 068 * @param allowWeakKeys {@code true} to allow generation of keys 069 * shorter than 2048 bits. 070 */ 071 public RSAKeyGenerator(final int size, final boolean allowWeakKeys) { 072 073 if (! allowWeakKeys && size < MIN_KEY_SIZE_BITS) { 074 throw new IllegalArgumentException("The key size must be at least " + MIN_KEY_SIZE_BITS + " bits"); 075 } 076 this.size = size; 077 } 078 079 080 @Override 081 public RSAKey generate() 082 throws JOSEException { 083 084 KeyPairGenerator generator; 085 try { 086 if (keyStore != null) { 087 // For PKCS#11 088 generator = KeyPairGenerator.getInstance("RSA", keyStore.getProvider()); 089 } else { 090 generator = KeyPairGenerator.getInstance("RSA"); 091 } 092 generator.initialize(size); 093 } catch (NoSuchAlgorithmException e) { 094 throw new JOSEException(e.getMessage(), e); 095 } 096 097 KeyPair kp = generator.generateKeyPair(); 098 099 RSAKey.Builder builder = new RSAKey.Builder((RSAPublicKey) kp.getPublic()) 100 .privateKey(kp.getPrivate()) 101 .keyUse(use) 102 .keyOperations(ops) 103 .algorithm(alg) 104 .keyStore(keyStore); 105 106 if (x5tKid) { 107 builder.keyIDFromThumbprint(); 108 } else { 109 builder.keyID(kid); 110 } 111 112 return builder.build(); 113 } 114}