Package com.nimbusds.jose.crypto

Class RSASSASigner

    • Constructor Detail

      • RSASSASigner

        public RSASSASigner​(PrivateKey privateKey)
        Creates a new RSA Signature-Scheme-with-Appendix (RSASSA) signer. This constructor can also accept a private RSA key located in a PKCS#11 store that doesn't expose the private key parameters (such as a smart card or HSM).
        Parameters:
        privateKey - The private RSA key. Its algorithm must be "RSA" and its length at least 2048 bits. Note that the length of an RSA key in a PKCS#11 store cannot be checked. Must not be null.

      • RSASSASigner

        @Deprecated
public RSASSASigner​(PrivateKey privateKey,
                    boolean allowWeakKey)
        Deprecated.
        Creates a new RSA Signature-Scheme-with-Appendix (RSASSA) signer. This constructor can also accept a private RSA key located in a PKCS#11 store that doesn't expose the private key parameters (such as a smart card or HSM).
        Parameters:
        privateKey - The private RSA key. Its algorithm must be "RSA" and its length at least 2048 bits. Note that the length of an RSA key in a PKCS#11 store cannot be checked. Must not be null.
        allowWeakKey - true to allow an RSA key shorter than 2048 bits.

      • RSASSASigner

        public RSASSASigner​(PrivateKey privateKey,
                    Set<JWSSignerOption> opts)
        Creates a new RSA Signature-Scheme-with-Appendix (RSASSA) signer. This constructor can also accept a private RSA key located in a PKCS#11 store that doesn't expose the private key parameters (such as a smart card or HSM).
        Parameters:
        privateKey - The private RSA key. Its algorithm must be "RSA" and its length at least 2048 bits. Note that the length of an RSA key in a PKCS#11 store cannot be checked. Must not be null.
        opts - The signing options, empty or null if none.

      • RSASSASigner

        public RSASSASigner​(RSAKey rsaJWK)
             throws JOSEException
        Creates a new RSA Signature-Scheme-with-Appendix (RSASSA) signer.
        Parameters:
        rsaJWK - The RSA JSON Web Key (JWK). Must contain or reference a private part. Its length must be at least 2048 bits. Note that the length of an RSA key in a PKCS#11 store cannot be checked. Must not be null.
        Throws:
        JOSEException - If the RSA JWK doesn't contain a private part or its extraction failed.

      • RSASSASigner

        @Deprecated
public RSASSASigner​(RSAKey rsaJWK,
                    boolean allowWeakKey)
             throws JOSEException
        Deprecated.
        Creates a new RSA Signature-Scheme-with-Appendix (RSASSA) signer.
        Parameters:
        rsaJWK - The RSA JSON Web Key (JWK). Must contain or reference a private part. Its length must be at least 2048 bits. Note that the length of an RSA key in a PKCS#11 store cannot be checked. Must not be null.
        allowWeakKey - true to allow an RSA key shorter than 2048 bits.
        Throws:
        JOSEException - If the RSA JWK doesn't contain a private part or its extraction failed.

    • Method Detail

      • getPrivateKey

        public PrivateKey getPrivateKey()
        Gets the private RSA key.
        Returns:
        The private RSA key. Casting to RSAPrivateKey may not be possible if the key is located in a PKCS#11 store that doesn't expose the private key parameters.

      • sign

        public Base64URL sign​(JWSHeader header,
                      byte[] signingInput)
               throws JOSEException
        Description copied from interface: JWSSigner
        Signs the specified input of a JWS object.
        Specified by:
        sign in interface JWSSigner
        Parameters:
        header - The JSON Web Signature (JWS) header. Must specify a supported JWS algorithm and must not be null.
        signingInput - The input to sign. Must not be null.
        Returns:
        The resulting signature part (third part) of the JWS object.
        Throws:
        JOSEException - If the JWS algorithm is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if signing failed for some other internal reason.