001/* 002 * nimbus-jose-jwt 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.jose.jwk.gen; 019 020 021import java.security.InvalidAlgorithmParameterException; 022import java.security.KeyPair; 023import java.security.KeyPairGenerator; 024import java.security.NoSuchAlgorithmException; 025import java.security.interfaces.ECPublicKey; 026import java.security.spec.ECParameterSpec; 027 028import com.nimbusds.jose.JOSEException; 029import com.nimbusds.jose.jwk.Curve; 030import com.nimbusds.jose.jwk.ECKey; 031 032 033/** 034 * Elliptic Curve (EC) JSON Web Key (JWK) generator. 035 * 036 * <p>Supported curves: 037 * 038 * <ul> 039 * <li>{@link Curve#P_256 P-256} 040 * <li>{@link Curve#SECP256K1 secp256k1} 041 * <li>{@link Curve#P_384 P-384} 042 * <li>{@link Curve#P_521 P-512} 043 * </ul> 044 * 045 * @author Vladimir Dzhuvinov 046 * @version 2019-04-17 047 */ 048public class ECKeyGenerator extends JWKGenerator<ECKey> { 049 050 051 /** 052 * The curve. 053 */ 054 private final Curve crv; 055 056 057 /** 058 * Creates a new EC JWK generator. 059 * 060 * @param crv The curve. Must not be {@code null}. 061 */ 062 public ECKeyGenerator(final Curve crv) { 063 064 if (crv == null) { 065 throw new IllegalArgumentException("The curve must not be null"); 066 } 067 this.crv = crv; 068 } 069 070 071 @Override 072 public ECKey generate() 073 throws JOSEException { 074 075 ECParameterSpec ecSpec = crv.toECParameterSpec(); 076 077 KeyPairGenerator generator; 078 try { 079 if (keyStore != null) { 080 // For PKCS#11 081 generator = KeyPairGenerator.getInstance("EC", keyStore.getProvider()); 082 } else { 083 generator = KeyPairGenerator.getInstance("EC"); 084 } 085 generator.initialize(ecSpec); 086 } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException e) { 087 throw new JOSEException(e.getMessage(), e); 088 } 089 090 KeyPair kp = generator.generateKeyPair(); 091 092 ECKey.Builder builder = new ECKey.Builder(crv, (ECPublicKey) kp.getPublic()) 093 .privateKey(kp.getPrivate()) 094 .keyUse(use) 095 .keyOperations(ops) 096 .algorithm(alg) 097 .keyStore(keyStore); 098 099 if (x5tKid) { 100 builder.keyIDFromThumbprint(); 101 } else { 102 builder.keyID(kid); 103 } 104 105 return builder.build(); 106 } 107}