Package com.nimbusds.jose.crypto.impl

Class ECDSA

  • public class ECDSA
extends Object
    Elliptic Curve Digital Signature Algorithm (ECDSA) functions and utilities.
    Version:
    2020-12-27
    Author:
    Vladimir Dzhuvinov, Aleksei Doroganov

    • Method Detail

      • resolveAlgorithm

        public static JWSAlgorithm resolveAlgorithm​(ECKey ecKey)
                                     throws JOSEException
        Resolves the matching EC DSA algorithm for the specified EC key (public or private).
        Parameters:
        ecKey - The EC key. Must not be null.
        Returns:
        The matching EC DSA algorithm.
        Throws:
        JOSEException - If the elliptic curve of key is not supported.

      • resolveAlgorithm

        public static JWSAlgorithm resolveAlgorithm​(Curve curve)
                                     throws JOSEException
        Resolves the matching EC DSA algorithm for the specified elliptic curve.
        Parameters:
        curve - The elliptic curve. May be null.
        Returns:
        The matching EC DSA algorithm.
        Throws:
        JOSEException - If the elliptic curve of key is not supported.

      • getSignerAndVerifier

        public static Signature getSignerAndVerifier​(JWSAlgorithm alg,
                                             Provider jcaProvider)
                                      throws JOSEException
        Creates a new JCA signer / verifier for ECDSA.
        Parameters:
        alg - The ECDSA JWS algorithm. Must not be null.
        jcaProvider - The JCA provider, null if not specified.
        Returns:
        The JCA signer / verifier instance.
        Throws:
        JOSEException - If a JCA signer / verifier couldn't be created.

      • getSignatureByteArrayLength

        public static int getSignatureByteArrayLength​(JWSAlgorithm alg)
                                       throws JOSEException
        Returns the expected signature byte array length (R + S parts) for the specified ECDSA algorithm.
        Parameters:
        alg - The ECDSA algorithm. Must be supported and not null.
        Returns:
        The expected byte array length for the signature.
        Throws:
        JOSEException - If the algorithm is not supported.

      • transcodeSignatureToConcat

        public static byte[] transcodeSignatureToConcat​(byte[] derSignature,
                                                int outputLength)
                                         throws JOSEException
        Transcodes the JCA ASN.1/DER-encoded signature into the concatenated R + S format expected by ECDSA JWS.
        Parameters:
        derSignature - The ASN1./DER-encoded. Must not be null.
        outputLength - The expected length of the ECDSA JWS signature.
        Returns:
        The ECDSA JWS encoded signature.
        Throws:
        JOSEException - If the ASN.1/DER signature format is invalid.

      • transcodeSignatureToDER

        public static byte[] transcodeSignatureToDER​(byte[] jwsSignature)
                                      throws JOSEException
        Transcodes the ECDSA JWS signature into ASN.1/DER format for use by the JCA verifier.
        Parameters:
        jwsSignature - The JWS signature, consisting of the concatenated R and S values. Must not be null.
        Returns:
        The ASN.1/DER encoded signature.
        Throws:
        JOSEException - If the ECDSA JWS signature format is invalid.