001/* 002 * nimbus-jose-jwt 003 * 004 * Copyright 2012-2016, Connect2id Ltd. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.jose.jwk; 019 020 021import java.io.Serializable; 022import java.math.BigInteger; 023import java.net.URI; 024import java.security.*; 025import java.security.cert.CertificateEncodingException; 026import java.security.cert.X509Certificate; 027import java.security.interfaces.RSAMultiPrimePrivateCrtKey; 028import java.security.interfaces.RSAPrivateCrtKey; 029import java.security.interfaces.RSAPrivateKey; 030import java.security.interfaces.RSAPublicKey; 031import java.security.spec.*; 032import java.text.ParseException; 033import java.util.*; 034 035import net.jcip.annotations.Immutable; 036 037import com.nimbusds.jose.Algorithm; 038import com.nimbusds.jose.JOSEException; 039import com.nimbusds.jose.util.Base64; 040import com.nimbusds.jose.util.*; 041 042 043/** 044 * Public and private {@link KeyType#RSA RSA} JSON Web Key (JWK). This class is 045 * immutable. 046 * 047 * <p>Provides RSA JWK import from / export to the following standard Java 048 * interfaces and classes: 049 * 050 * <ul> 051 * <li>{@link java.security.interfaces.RSAPublicKey} 052 * <li>{@link java.security.interfaces.RSAPrivateKey} 053 * <ul> 054 * <li>{@link java.security.interfaces.RSAPrivateCrtKey} 055 * <li>{@link java.security.interfaces.RSAMultiPrimePrivateCrtKey} 056 * </ul> 057 * <li>{@link java.security.PrivateKey} for an RSA key in a PKCS#11 store 058 * <li>{@link java.security.KeyPair} 059 * </ul> 060 * 061 * <p>Example JSON object representation of a public RSA JWK: 062 * 063 * <pre> 064 * { 065 * "kty" : "RSA", 066 * "n" : "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 067 * 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs 068 * tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 069 * QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI 070 * SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb 071 * w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 072 * "e" : "AQAB", 073 * "alg" : "RS256", 074 * "kid" : "2011-04-29" 075 * } 076 * </pre> 077 * 078 * <p>Example JSON object representation of a public and private RSA JWK (with 079 * both the first and the second private key representations): 080 * 081 * <pre> 082 * { 083 * "kty" : "RSA", 084 * "n" : "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 085 * 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs 086 * tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 087 * QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI 088 * SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb 089 * w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 090 * "e" : "AQAB", 091 * "d" : "X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9 092 * M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij 093 * wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d 094 * _cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz 095 * nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz 096 * me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", 097 * "p" : "83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV 098 * nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV 099 * WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", 100 * "q" : "3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum 101 * qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx 102 * kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", 103 * "dp" : "G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim 104 * YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu 105 * YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", 106 * "dq" : "s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU 107 * vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9 108 * GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", 109 * "qi" : "GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg 110 * UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx 111 * yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", 112 * "alg" : "RS256", 113 * "kid" : "2011-04-29" 114 * } 115 * </pre> 116 * 117 * <p>Use the builder to create a new RSA JWK: 118 * 119 * <pre> 120 * RSAKey key = new RSAKey.Builder(n, e) 121 * .keyUse(KeyUse.SIGNATURE) 122 * .keyID("123") 123 * .build(); 124 * </pre> 125 * 126 * <p>See RFC 3447. 127 * 128 * <p>See http://en.wikipedia.org/wiki/RSA_%28algorithm%29 129 * 130 * @author Vladimir Dzhuvinov 131 * @author Justin Richer 132 * @author Cedric Staub 133 * @version 2022-12-26 134 */ 135@Immutable 136public final class RSAKey extends JWK implements AsymmetricJWK { 137 138 139 private static final long serialVersionUID = 1L; 140 141 142 /** 143 * Other Primes Info, represents the private {@code oth} parameter of a 144 * RSA JWK. This class is immutable. 145 */ 146 @Immutable 147 public static class OtherPrimesInfo implements Serializable { 148 149 150 private static final long serialVersionUID = 1L; 151 152 153 /** 154 * The prime factor. 155 */ 156 private final Base64URL r; 157 158 159 /** 160 * The factor Chinese Remainder Theorem (CRT) exponent. 161 */ 162 private final Base64URL d; 163 164 165 /** 166 * The factor Chinese Remainder Theorem (CRT) coefficient. 167 */ 168 private final Base64URL t; 169 170 171 /** 172 * Creates a new JWK Other Primes Info with the specified 173 * parameters. 174 * 175 * @param r The prime factor. Must not be {@code null}. 176 * @param d The factor Chinese Remainder Theorem (CRT) 177 * exponent. Must not be {@code null}. 178 * @param t The factor Chinese Remainder Theorem (CRT) 179 * coefficient. Must not be {@code null}. 180 */ 181 public OtherPrimesInfo(final Base64URL r, final Base64URL d, final Base64URL t) { 182 183 if (r == null) { 184 185 throw new IllegalArgumentException("The prime factor must not be null"); 186 } 187 188 this.r = r; 189 190 if (d == null) { 191 192 throw new IllegalArgumentException("The factor CRT exponent must not be null"); 193 } 194 195 this.d = d; 196 197 if (t == null) { 198 199 throw new IllegalArgumentException("The factor CRT coefficient must not be null"); 200 } 201 202 this.t = t; 203 } 204 205 206 /** 207 * Creates a new JWK Other Primes Info from the specified 208 * {@code java.security.spec.RSAOtherPrimeInfo} instance. 209 * 210 * @param oth The RSA Other Primes Info instance. Must not be 211 * {@code null}. 212 */ 213 public OtherPrimesInfo(final RSAOtherPrimeInfo oth) { 214 215 r = Base64URL.encode(oth.getPrime()); 216 d = Base64URL.encode(oth.getExponent()); 217 t = Base64URL.encode(oth.getCrtCoefficient()); 218 } 219 220 221 /** 222 * Gets the prime factor ({@code r}). 223 * 224 * @return The prime factor. 225 */ 226 public Base64URL getPrimeFactor() { 227 228 return r; 229 } 230 231 232 /** 233 * Gets factor Chinese Remainder Theorem (CRT) exponent 234 * ({@code d}). 235 * 236 * @return The factor Chinese Remainder Theorem (CRT) exponent. 237 */ 238 public Base64URL getFactorCRTExponent() { 239 240 return d; 241 } 242 243 244 /** 245 * The factor Chinese Remainder Theorem (CRT) coefficient 246 * ({@code t}). 247 * 248 * @return The factor Chinese Remainder Theorem (CRT) 249 * coefficient. 250 */ 251 public Base64URL getFactorCRTCoefficient() { 252 253 return t; 254 } 255 256 257 /** 258 * Converts the specified array of 259 * {@code java.security.spec.RSAOtherPrimeInfo} instances to a 260 * list of JWK Other Prime Infos. 261 * 262 * @param othArray Array of RSA Other Primes Info instances. 263 * May be be {@code null}. 264 * 265 * @return The corresponding list of JWK Other Prime Infos, or 266 * empty list of the array was {@code null}. 267 */ 268 public static List<OtherPrimesInfo> toList(final RSAOtherPrimeInfo[] othArray) { 269 270 List<OtherPrimesInfo> list = new ArrayList<>(); 271 272 if (othArray == null) { 273 274 // Return empty list 275 return list; 276 } 277 278 for (RSAOtherPrimeInfo oth: othArray) { 279 280 list.add(new OtherPrimesInfo(oth)); 281 } 282 283 return list; 284 } 285 } 286 287 288 /** 289 * Builder for constructing RSA JWKs. 290 * 291 * <p>Example usage: 292 * 293 * <pre> 294 * RSAKey key = new RSAKey.Builder(n, e). 295 * privateExponent(d). 296 * algorithm(JWSAlgorithm.RS512). 297 * keyID("456"). 298 * build(); 299 * </pre> 300 */ 301 public static class Builder { 302 303 304 // Public RSA params 305 306 /** 307 * The modulus value for the RSA key. 308 */ 309 private final Base64URL n; 310 311 312 /** 313 * The public exponent of the RSA key. 314 */ 315 private final Base64URL e; 316 317 318 // Private RSA params, 1st representation 319 320 /** 321 * The private exponent of the RSA key. 322 */ 323 private Base64URL d; 324 325 326 // Private RSA params, 2nd representation 327 328 /** 329 * The first prime factor of the private RSA key. 330 */ 331 private Base64URL p; 332 333 334 /** 335 * The second prime factor of the private RSA key. 336 */ 337 private Base64URL q; 338 339 340 /** 341 * The first factor Chinese Remainder Theorem exponent of the 342 * private RSA key. 343 */ 344 private Base64URL dp; 345 346 347 /** 348 * The second factor Chinese Remainder Theorem exponent of the 349 * private RSA key. 350 */ 351 private Base64URL dq; 352 353 354 /** 355 * The first Chinese Remainder Theorem coefficient of the private RSA 356 * key. 357 */ 358 private Base64URL qi; 359 360 361 /** 362 * The other primes information of the private RSA key, should 363 * they exist. When only two primes have been used (the normal 364 * case), this parameter MUST be omitted. When three or more 365 * primes have been used, the number of array elements MUST be 366 * the number of primes used minus two. 367 */ 368 private List<OtherPrimesInfo> oth; 369 370 371 // Private RSA key, as PKCS#11 handle 372 373 /** 374 * The private RSA key, as PKCS#11 handle. 375 */ 376 private PrivateKey priv; 377 378 379 /** 380 * The key use, optional. 381 */ 382 private KeyUse use; 383 384 385 /** 386 * The key operations, optional. 387 */ 388 private Set<KeyOperation> ops; 389 390 391 /** 392 * The intended JOSE algorithm for the key, optional. 393 */ 394 private Algorithm alg; 395 396 397 /** 398 * The key ID, optional. 399 */ 400 private String kid; 401 402 403 /** 404 * X.509 certificate URL, optional. 405 */ 406 private URI x5u; 407 408 409 /** 410 * X.509 certificate SHA-1 thumbprint, optional. 411 */ 412 @Deprecated 413 private Base64URL x5t; 414 415 416 /** 417 * X.509 certificate SHA-256 thumbprint, optional. 418 */ 419 private Base64URL x5t256; 420 421 422 /** 423 * The X.509 certificate chain, optional. 424 */ 425 private List<Base64> x5c; 426 427 428 /** 429 * The key expiration time, optional. 430 */ 431 private Date exp; 432 433 434 /** 435 * The key not-before time, optional. 436 */ 437 private Date nbf; 438 439 440 /** 441 * The key issued-at time, optional. 442 */ 443 private Date iat; 444 445 446 /** 447 * Reference to the underlying key store, {@code null} if none. 448 */ 449 private KeyStore ks; 450 451 452 /** 453 * Creates a new RSA JWK builder. 454 * 455 * @param n The the modulus value for the public RSA key. It is 456 * represented as the Base64URL encoding of value's 457 * big endian representation. Must not be 458 * {@code null}. 459 * @param e The exponent value for the public RSA key. It is 460 * represented as the Base64URL encoding of value's 461 * big endian representation. Must not be 462 * {@code null}. 463 */ 464 public Builder(final Base64URL n, final Base64URL e) { 465 466 // Ensure the public params are defined 467 468 if (n == null) { 469 throw new IllegalArgumentException("The modulus value must not be null"); 470 } 471 472 this.n = n; 473 474 475 if (e == null) { 476 throw new IllegalArgumentException("The public exponent value must not be null"); 477 } 478 479 this.e = e; 480 } 481 482 483 /** 484 * Creates a new RSA JWK builder. 485 * 486 * @param pub The public RSA key to represent. Must not be 487 * {@code null}. 488 */ 489 public Builder(final RSAPublicKey pub) { 490 491 n = Base64URL.encode(pub.getModulus()); 492 e = Base64URL.encode(pub.getPublicExponent()); 493 } 494 495 496 /** 497 * Creates a new RSA JWK builder. 498 * 499 * @param rsaJWK The RSA JWK to start with. Must not be 500 * {@code null}. 501 */ 502 public Builder(final RSAKey rsaJWK) { 503 504 n = rsaJWK.n; 505 e = rsaJWK.e; 506 d = rsaJWK.d; 507 p = rsaJWK.p; 508 q = rsaJWK.q; 509 dp = rsaJWK.dp; 510 dq = rsaJWK.dq; 511 qi = rsaJWK.qi; 512 oth = rsaJWK.oth; 513 priv = rsaJWK.privateKey; 514 use = rsaJWK.getKeyUse(); 515 ops = rsaJWK.getKeyOperations(); 516 alg = rsaJWK.getAlgorithm(); 517 kid = rsaJWK.getKeyID(); 518 x5u = rsaJWK.getX509CertURL(); 519 x5t = rsaJWK.getX509CertThumbprint(); 520 x5t256 = rsaJWK.getX509CertSHA256Thumbprint(); 521 x5c = rsaJWK.getX509CertChain(); 522 exp = rsaJWK.getExpirationTime(); 523 nbf = rsaJWK.getNotBeforeTime(); 524 iat = rsaJWK.getIssueTime(); 525 ks = rsaJWK.getKeyStore(); 526 } 527 528 529 /** 530 * Sets the private exponent ({@code d}) of the RSA key. 531 * 532 * @param d The private RSA key exponent. It is represented as 533 * the Base64URL encoding of the value's big endian 534 * representation. {@code null} if not specified (for 535 * a public key or a private key using the second 536 * representation only). 537 * 538 * @return This builder. 539 */ 540 public Builder privateExponent(final Base64URL d) { 541 542 this.d = d; 543 return this; 544 } 545 546 547 /** 548 * Sets the private RSA key, using the first representation. 549 * 550 * @param priv The private RSA key, used to obtain the private 551 * exponent ({@code d}). Must not be {@code null}. 552 * 553 * @return This builder. 554 */ 555 public Builder privateKey(final RSAPrivateKey priv) { 556 557 if (priv instanceof RSAPrivateCrtKey) { 558 return this.privateKey((RSAPrivateCrtKey) priv); 559 } else if (priv instanceof RSAMultiPrimePrivateCrtKey) { 560 return this.privateKey((RSAMultiPrimePrivateCrtKey) priv); 561 } else { 562 this.d = Base64URL.encode(priv.getPrivateExponent()); 563 return this; 564 } 565 } 566 567 568 /** 569 * Sets the private RSA key, typically for a key located in a 570 * PKCS#11 store that doesn't expose the private key parameters 571 * (such as a smart card or HSM). 572 * 573 * @param priv The private RSA key reference. Its algorithm 574 * must be "RSA". Must not be {@code null}. 575 * 576 * @return This builder. 577 */ 578 public Builder privateKey(final PrivateKey priv) { 579 if (priv instanceof RSAPrivateKey) { 580 return privateKey((RSAPrivateKey) priv); 581 } 582 583 if (! "RSA".equalsIgnoreCase(priv.getAlgorithm())) { 584 throw new IllegalArgumentException("The private key algorithm must be RSA"); 585 } 586 587 this.priv = priv; 588 return this; 589 } 590 591 592 /** 593 * Sets the first prime factor ({@code p}) of the private RSA 594 * key. 595 * 596 * @param p The RSA first prime factor. It is represented as 597 * the Base64URL encoding of the value's big endian 598 * representation. {@code null} if not specified (for 599 * a public key or a private key using the first 600 * representation only). 601 * 602 * @return This builder. 603 */ 604 public Builder firstPrimeFactor(final Base64URL p) { 605 606 this.p = p; 607 return this; 608 } 609 610 611 /** 612 * Sets the second prime factor ({@code q}) of the private RSA 613 * key. 614 * 615 * @param q The RSA second prime factor. It is represented as 616 * the Base64URL encoding of the value's big endian 617 * representation. {@code null} if not specified (for 618 * a public key or a private key using the first 619 * representation only). 620 * 621 * @return This builder. 622 */ 623 public Builder secondPrimeFactor(final Base64URL q) { 624 625 this.q = q; 626 return this; 627 } 628 629 630 /** 631 * Sets the first factor Chinese Remainder Theorem (CRT) 632 * exponent ({@code dp}) of the private RSA key. 633 * 634 * @param dp The RSA first factor CRT exponent. It is 635 * represented as the Base64URL encoding of the 636 * value's big endian representation. {@code null} 637 * if not specified (for a public key or a private 638 * key using the first representation only). 639 * 640 * @return This builder. 641 */ 642 public Builder firstFactorCRTExponent(final Base64URL dp) { 643 644 this.dp = dp; 645 return this; 646 } 647 648 649 /** 650 * Sets the second factor Chinese Remainder Theorem (CRT) 651 * exponent ({@code dq}) of the private RSA key. 652 * 653 * @param dq The RSA second factor CRT exponent. It is 654 * represented as the Base64URL encoding of the 655 * value's big endian representation. {@code null} if 656 * not specified (for a public key or a private key 657 * using the first representation only). 658 * 659 * @return This builder. 660 */ 661 public Builder secondFactorCRTExponent(final Base64URL dq) { 662 663 this.dq = dq; 664 return this; 665 } 666 667 668 /** 669 * Sets the first Chinese Remainder Theorem (CRT) coefficient 670 * ({@code qi}) of the private RSA key. 671 * 672 * @param qi The RSA first CRT coefficient. It is represented 673 * as the Base64URL encoding of the value's big 674 * endian representation. {@code null} if not 675 * specified (for a public key or a private key using 676 * the first representation only). 677 * 678 * @return This builder. 679 */ 680 public Builder firstCRTCoefficient(final Base64URL qi) { 681 682 this.qi = qi; 683 return this; 684 } 685 686 687 /** 688 * Sets the other primes information ({@code oth}) for the 689 * private RSA key, should they exist. 690 * 691 * @param oth The RSA other primes information, {@code null} or 692 * empty list if not specified. 693 * 694 * @return This builder. 695 */ 696 public Builder otherPrimes(final List<OtherPrimesInfo> oth) { 697 698 this.oth = oth; 699 return this; 700 } 701 702 703 /** 704 * Sets the private RSA key, using the second representation 705 * (see RFC 3447, section 3.2). 706 * 707 * @param priv The private RSA key, used to obtain the private 708 * exponent ({@code d}), the first prime factor 709 * ({@code p}), the second prime factor 710 * ({@code q}), the first factor CRT exponent 711 * ({@code dp}), the second factor CRT exponent 712 * ({@code dq}) and the first CRT coefficient 713 * ({@code qi}). Must not be {@code null}. 714 * 715 * @return This builder. 716 */ 717 public Builder privateKey(final RSAPrivateCrtKey priv) { 718 719 d = Base64URL.encode(priv.getPrivateExponent()); 720 p = Base64URL.encode(priv.getPrimeP()); 721 q = Base64URL.encode(priv.getPrimeQ()); 722 dp = Base64URL.encode(priv.getPrimeExponentP()); 723 dq = Base64URL.encode(priv.getPrimeExponentQ()); 724 qi = Base64URL.encode(priv.getCrtCoefficient()); 725 726 return this; 727 } 728 729 730 /** 731 * Sets the private RSA key, using the second representation, 732 * with optional other primes info (see RFC 3447, section 3.2). 733 * 734 * @param priv The private RSA key, used to obtain the private 735 * exponent ({@code d}), the first prime factor 736 * ({@code p}), the second prime factor 737 * ({@code q}), the first factor CRT exponent 738 * ({@code dp}), the second factor CRT exponent 739 * ({@code dq}), the first CRT coefficient 740 * ({@code qi}) and the other primes info 741 * ({@code oth}). Must not be {@code null}. 742 * 743 * @return This builder. 744 */ 745 public Builder privateKey(final RSAMultiPrimePrivateCrtKey priv) { 746 747 d = Base64URL.encode(priv.getPrivateExponent()); 748 p = Base64URL.encode(priv.getPrimeP()); 749 q = Base64URL.encode(priv.getPrimeQ()); 750 dp = Base64URL.encode(priv.getPrimeExponentP()); 751 dq = Base64URL.encode(priv.getPrimeExponentQ()); 752 qi = Base64URL.encode(priv.getCrtCoefficient()); 753 oth = OtherPrimesInfo.toList(priv.getOtherPrimeInfo()); 754 755 return this; 756 } 757 758 759 /** 760 * Sets the use ({@code use}) of the JWK. 761 * 762 * @param use The key use, {@code null} if not specified or if 763 * the key is intended for signing as well as 764 * encryption. 765 * 766 * @return This builder. 767 */ 768 public Builder keyUse(final KeyUse use) { 769 770 this.use = use; 771 return this; 772 } 773 774 775 /** 776 * Sets the operations ({@code key_ops}) of the JWK (for a 777 * non-public key). 778 * 779 * @param ops The key operations, {@code null} if not 780 * specified. 781 * 782 * @return This builder. 783 */ 784 public Builder keyOperations(final Set<KeyOperation> ops) { 785 786 this.ops = ops; 787 return this; 788 } 789 790 791 /** 792 * Sets the intended JOSE algorithm ({@code alg}) for the JWK. 793 * 794 * @param alg The intended JOSE algorithm, {@code null} if not 795 * specified. 796 * 797 * @return This builder. 798 */ 799 public Builder algorithm(final Algorithm alg) { 800 801 this.alg = alg; 802 return this; 803 } 804 805 /** 806 * Sets the ID ({@code kid}) of the JWK. The key ID can be used 807 * to match a specific key. This can be used, for instance, to 808 * choose a key within a {@link JWKSet} during key rollover. 809 * The key ID may also correspond to a JWS/JWE {@code kid} 810 * header parameter value. 811 * 812 * @param kid The key ID, {@code null} if not specified. 813 * 814 * @return This builder. 815 */ 816 public Builder keyID(final String kid) { 817 818 this.kid = kid; 819 return this; 820 } 821 822 823 /** 824 * Sets the ID ({@code kid}) of the JWK to its SHA-256 JWK 825 * thumbprint (RFC 7638). The key ID can be used to match a 826 * specific key. This can be used, for instance, to choose a 827 * key within a {@link JWKSet} during key rollover. The key ID 828 * may also correspond to a JWS/JWE {@code kid} header 829 * parameter value. 830 * 831 * @return This builder. 832 * 833 * @throws JOSEException If the SHA-256 hash algorithm is not 834 * supported. 835 */ 836 public Builder keyIDFromThumbprint() 837 throws JOSEException { 838 839 return keyIDFromThumbprint("SHA-256"); 840 } 841 842 843 /** 844 * Sets the ID ({@code kid}) of the JWK to its JWK thumbprint 845 * (RFC 7638). The key ID can be used to match a specific key. 846 * This can be used, for instance, to choose a key within a 847 * {@link JWKSet} during key rollover. The key ID may also 848 * correspond to a JWS/JWE {@code kid} header parameter value. 849 * 850 * @param hashAlg The hash algorithm for the JWK thumbprint 851 * computation. Must not be {@code null}. 852 * 853 * @return This builder. 854 * 855 * @throws JOSEException If the hash algorithm is not 856 * supported. 857 */ 858 public Builder keyIDFromThumbprint(final String hashAlg) 859 throws JOSEException { 860 861 // Put mandatory params in sorted order 862 LinkedHashMap<String,Object> requiredParams = new LinkedHashMap<>(); 863 requiredParams.put(JWKParameterNames.RSA_EXPONENT, e.toString()); 864 requiredParams.put(JWKParameterNames.KEY_TYPE, KeyType.RSA.getValue()); 865 requiredParams.put(JWKParameterNames.RSA_MODULUS, n.toString()); 866 this.kid = ThumbprintUtils.compute(hashAlg, requiredParams).toString(); 867 return this; 868 } 869 870 871 /** 872 * Sets the X.509 certificate URL ({@code x5u}) of the JWK. 873 * 874 * @param x5u The X.509 certificate URL, {@code null} if not 875 * specified. 876 * 877 * @return This builder. 878 */ 879 public Builder x509CertURL(final URI x5u) { 880 881 this.x5u = x5u; 882 return this; 883 } 884 885 886 /** 887 * Sets the X.509 certificate SHA-1 thumbprint ({@code x5t}) of 888 * the JWK. 889 * 890 * @param x5t The X.509 certificate SHA-1 thumbprint, 891 * {@code null} if not specified. 892 * 893 * @return This builder. 894 */ 895 @Deprecated 896 public Builder x509CertThumbprint(final Base64URL x5t) { 897 898 this.x5t = x5t; 899 return this; 900 } 901 902 903 /** 904 * Sets the X.509 certificate SHA-256 thumbprint 905 * ({@code x5t#S256}) of the JWK. 906 * 907 * @param x5t256 The X.509 certificate SHA-256 thumbprint, 908 * {@code null} if not specified. 909 * 910 * @return This builder. 911 */ 912 public Builder x509CertSHA256Thumbprint(final Base64URL x5t256) { 913 914 this.x5t256 = x5t256; 915 return this; 916 } 917 918 919 /** 920 * Sets the X.509 certificate chain ({@code x5c}) of the JWK. 921 * 922 * @param x5c The X.509 certificate chain as a unmodifiable 923 * list, {@code null} if not specified. 924 * 925 * @return This builder. 926 */ 927 public Builder x509CertChain(final List<Base64> x5c) { 928 929 this.x5c = x5c; 930 return this; 931 } 932 933 934 /** 935 * Sets the expiration time ({@code exp}) of the JWK. 936 * 937 * @param exp The expiration time, {@code null} if not 938 * specified. 939 * 940 * @return This builder. 941 */ 942 public Builder expirationTime(final Date exp) { 943 944 this.exp = exp; 945 return this; 946 } 947 948 949 /** 950 * Sets the not-before time ({@code nbf}) of the JWK. 951 * 952 * @param nbf The not-before time, {@code null} if not 953 * specified. 954 * 955 * @return This builder. 956 */ 957 public Builder notBeforeTime(final Date nbf) { 958 959 this.nbf = nbf; 960 return this; 961 } 962 963 964 /** 965 * Sets the issued-at time ({@code iat}) of the JWK. 966 * 967 * @param iat The issued-at time, {@code null} if not 968 * specified. 969 * 970 * @return This builder. 971 */ 972 public Builder issueTime(final Date iat) { 973 974 this.iat = iat; 975 return this; 976 } 977 978 979 /** 980 * Sets the underlying key store. 981 * 982 * @param keyStore Reference to the underlying key store, 983 * {@code null} if none. 984 * 985 * @return This builder. 986 */ 987 public Builder keyStore(final KeyStore keyStore) { 988 989 this.ks = keyStore; 990 return this; 991 } 992 993 994 /** 995 * Builds a new RSA JWK. 996 * 997 * @return The RSA JWK. 998 * 999 * @throws IllegalStateException If the JWK parameters were 1000 * inconsistently specified. 1001 */ 1002 public RSAKey build() { 1003 1004 try { 1005 // The full constructor 1006 return new RSAKey(n, e, d, p, q, dp, dq, qi, oth, 1007 priv, 1008 use, ops, alg, kid, x5u, x5t, x5t256, x5c, 1009 exp, nbf, iat, 1010 ks); 1011 1012 } catch (IllegalArgumentException e) { 1013 1014 throw new IllegalStateException(e.getMessage(), e); 1015 } 1016 } 1017 } 1018 1019 1020 // Public RSA params 1021 1022 /** 1023 * The modulus value of the RSA key. 1024 */ 1025 private final Base64URL n; 1026 1027 1028 /** 1029 * The public exponent of the RSA key. 1030 */ 1031 private final Base64URL e; 1032 1033 1034 // Private RSA params, 1st representation 1035 1036 /** 1037 * The private exponent of the RSA key. 1038 */ 1039 private final Base64URL d; 1040 1041 1042 // Private RSA params, 2nd representation 1043 1044 /** 1045 * The first prime factor of the private RSA key. 1046 */ 1047 private final Base64URL p; 1048 1049 1050 /** 1051 * The second prime factor of the private RSA key. 1052 */ 1053 private final Base64URL q; 1054 1055 1056 /** 1057 * The first factor Chinese Remainder Theorem exponent of the private 1058 * RSA key. 1059 */ 1060 private final Base64URL dp; 1061 1062 1063 /** 1064 * The second factor Chinese Remainder Theorem exponent of the private 1065 * RSA key. 1066 */ 1067 private final Base64URL dq; 1068 1069 1070 /** 1071 * The first Chinese Remainder Theorem coefficient of the private RSA 1072 * key. 1073 */ 1074 private final Base64URL qi; 1075 1076 1077 /** 1078 * The other primes information of the private RSA key, should they 1079 * exist. When only two primes have been used (the normal case), this 1080 * parameter MUST be omitted. When three or more primes have been used, 1081 * the number of array elements MUST be the number of primes used minus 1082 * two. 1083 */ 1084 private final List<OtherPrimesInfo> oth; 1085 1086 1087 // Private RSA PKCS#11 key handle 1088 1089 /** 1090 * Private PKCS#11 key handle. 1091 */ 1092 private final PrivateKey privateKey; 1093 1094 1095 /** 1096 * Creates a new public RSA JSON Web Key (JWK) with the specified 1097 * parameters. 1098 * 1099 * @param n The the modulus value for the public RSA key. It is 1100 * represented as the Base64URL encoding of value's big 1101 * endian representation. Must not be {@code null}. 1102 * @param e The exponent value for the public RSA key. It is 1103 * represented as the Base64URL encoding of value's big 1104 * endian representation. Must not be {@code null}. 1105 * @param use The key use, {@code null} if not specified or if the 1106 * key is intended for signing as well as encryption. 1107 * @param ops The key operations, {@code null} if not specified. 1108 * @param alg The intended JOSE algorithm for the key, {@code null} 1109 * if not specified. 1110 * @param kid The key ID. {@code null} if not specified. 1111 * @param x5u The X.509 certificate URL, {@code null} if not 1112 * specified. 1113 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 1114 * if not specified. 1115 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 1116 * if not specified. 1117 * @param x5c The X.509 certificate chain, {@code null} if not 1118 * specified. 1119 * @param ks Reference to the underlying key store, {@code null} if 1120 * not specified. 1121 */ 1122 @Deprecated 1123 public RSAKey(final Base64URL n, final Base64URL e, 1124 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 1125 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c, 1126 final KeyStore ks) { 1127 1128 // Call the full constructor, all private key parameters are null 1129 this(n, e, null, null, null, null, null, null, null, null, use, ops, alg, kid, 1130 x5u, x5t, x5t256, x5c, 1131 null, null, null, 1132 ks); 1133 } 1134 1135 1136 /** 1137 * Creates a new public RSA JSON Web Key (JWK) with the specified 1138 * parameters. 1139 * 1140 * @param n The the modulus value for the public RSA key. It is 1141 * represented as the Base64URL encoding of value's big 1142 * endian representation. Must not be {@code null}. 1143 * @param e The exponent value for the public RSA key. It is 1144 * represented as the Base64URL encoding of value's big 1145 * endian representation. Must not be {@code null}. 1146 * @param use The key use, {@code null} if not specified or if the 1147 * key is intended for signing as well as encryption. 1148 * @param ops The key operations, {@code null} if not specified. 1149 * @param alg The intended JOSE algorithm for the key, {@code null} 1150 * if not specified. 1151 * @param kid The key ID. {@code null} if not specified. 1152 * @param x5u The X.509 certificate URL, {@code null} if not 1153 * specified. 1154 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 1155 * if not specified. 1156 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 1157 * if not specified. 1158 * @param x5c The X.509 certificate chain, {@code null} if not 1159 * specified. 1160 * @param exp The key expiration time, {@code null} if not 1161 * specified. 1162 * @param nbf The key not-before time, {@code null} if not 1163 * specified. 1164 * @param iat The key issued-at time, {@code null} if not specified. 1165 * @param ks Reference to the underlying key store, {@code null} if 1166 * not specified. 1167 */ 1168 public RSAKey(final Base64URL n, final Base64URL e, 1169 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 1170 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c, 1171 final Date exp, final Date nbf, final Date iat, 1172 final KeyStore ks) { 1173 1174 // Call the full constructor, all private key parameters are null 1175 this(n, e, null, null, null, null, null, null, null, null, use, ops, alg, kid, 1176 x5u, x5t, x5t256, x5c, 1177 exp, nbf, iat, 1178 ks); 1179 } 1180 1181 1182 /** 1183 * Creates a new public / private RSA JSON Web Key (JWK) with the 1184 * specified parameters. The private RSA key is specified by its first 1185 * representation (see RFC 3447, section 3.2). 1186 * 1187 * @param n The the modulus value for the public RSA key. It is 1188 * represented as the Base64URL encoding of value's big 1189 * endian representation. Must not be {@code null}. 1190 * @param e The exponent value for the public RSA key. It is 1191 * represented as the Base64URL encoding of value's big 1192 * endian representation. Must not be {@code null}. 1193 * @param d The private exponent. It is represented as the 1194 * Base64URL encoding of the value's big endian 1195 * representation. Must not be {@code null}. 1196 * @param use The key use, {@code null} if not specified or if the 1197 * key is intended for signing as well as encryption. 1198 * @param ops The key operations, {@code null} if not specified. 1199 * @param alg The intended JOSE algorithm for the key, {@code null} 1200 * if not specified. 1201 * @param kid The key ID. {@code null} if not specified. 1202 * @param x5u The X.509 certificate URL, {@code null} if not 1203 * specified. 1204 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 1205 * if not specified. 1206 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 1207 * if not specified. 1208 * @param x5c The X.509 certificate chain, {@code null} if not 1209 * specified. 1210 * @param ks Reference to the underlying key store, {@code null} if 1211 * not specified. 1212 */ 1213 @Deprecated 1214 public RSAKey(final Base64URL n, final Base64URL e, final Base64URL d, 1215 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 1216 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c, 1217 final KeyStore ks) { 1218 1219 this(n, e, d, null, null, null, null, null, null, null, use, ops, alg, kid, 1220 x5u, x5t, x5t256, x5c, 1221 null, null, null, 1222 ks); 1223 } 1224 1225 1226 /** 1227 * Creates a new public / private RSA JSON Web Key (JWK) with the 1228 * specified parameters. The private RSA key is specified by its first 1229 * representation (see RFC 3447, section 3.2). 1230 * 1231 * @param n The the modulus value for the public RSA key. It is 1232 * represented as the Base64URL encoding of value's big 1233 * endian representation. Must not be {@code null}. 1234 * @param e The exponent value for the public RSA key. It is 1235 * represented as the Base64URL encoding of value's big 1236 * endian representation. Must not be {@code null}. 1237 * @param d The private exponent. It is represented as the 1238 * Base64URL encoding of the value's big endian 1239 * representation. Must not be {@code null}. 1240 * @param use The key use, {@code null} if not specified or if the 1241 * key is intended for signing as well as encryption. 1242 * @param ops The key operations, {@code null} if not specified. 1243 * @param alg The intended JOSE algorithm for the key, {@code null} 1244 * if not specified. 1245 * @param kid The key ID. {@code null} if not specified. 1246 * @param x5u The X.509 certificate URL, {@code null} if not 1247 * specified. 1248 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 1249 * if not specified. 1250 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 1251 * if not specified. 1252 * @param x5c The X.509 certificate chain, {@code null} if not 1253 * specified. 1254 * @param exp The key expiration time, {@code null} if not 1255 * specified. 1256 * @param nbf The key not-before time, {@code null} if not 1257 * specified. 1258 * @param iat The key issued-at time, {@code null} if not specified. 1259 * @param ks Reference to the underlying key store, {@code null} if 1260 * not specified. 1261 */ 1262 public RSAKey(final Base64URL n, final Base64URL e, final Base64URL d, 1263 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 1264 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c, 1265 final Date exp, final Date nbf, final Date iat, 1266 final KeyStore ks) { 1267 1268 // Call the full constructor, the second private representation 1269 // parameters are all null 1270 this(n, e, d, null, null, null, null, null, null, null, use, ops, alg, kid, 1271 x5u, x5t, x5t256, x5c, exp, nbf, iat, ks); 1272 1273 if (d == null) { 1274 throw new IllegalArgumentException("The private exponent must not be null"); 1275 } 1276 } 1277 1278 1279 /** 1280 * Creates a new public / private RSA JSON Web Key (JWK) with the 1281 * specified parameters. The private RSA key is specified by its 1282 * second representation (see RFC 3447, section 3.2). 1283 * 1284 * @param n The the modulus value for the public RSA key. It is 1285 * represented as the Base64URL encoding of value's big 1286 * endian representation. Must not be {@code null}. 1287 * @param e The exponent value for the public RSA key. It is 1288 * represented as the Base64URL encoding of value's big 1289 * endian representation. Must not be {@code null}. 1290 * @param p The first prime factor. It is represented as the 1291 * Base64URL encoding of the value's big endian 1292 * representation. Must not be {@code null}. 1293 * @param q The second prime factor. It is represented as the 1294 * Base64URL encoding of the value's big endian 1295 * representation. Must not be {@code null}. 1296 * @param dp The first factor Chinese Remainder Theorem exponent. 1297 * It is represented as the Base64URL encoding of the 1298 * value's big endian representation. Must not be 1299 * {@code null}. 1300 * @param dq The second factor Chinese Remainder Theorem exponent. 1301 * It is represented as the Base64URL encoding of the 1302 * value's big endian representation. Must not be 1303 * {@code null}. 1304 * @param qi The first Chinese Remainder Theorem coefficient. It is 1305 * represented as the Base64URL encoding of the value's 1306 * big endian representation. Must not be {@code null}. 1307 * @param oth The other primes information, should they exist, 1308 * {@code null} or an empty list if not specified. 1309 * @param use The key use, {@code null} if not specified or if the 1310 * key is intended for signing as well as encryption. 1311 * @param ops The key operations, {@code null} if not specified. 1312 * @param alg The intended JOSE algorithm for the key, {@code null} 1313 * if not specified. 1314 * @param kid The key ID. {@code null} if not specified. 1315 * @param x5u The X.509 certificate URL, {@code null} if not 1316 * specified. 1317 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 1318 * if not specified. 1319 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 1320 * if not specified. 1321 * @param x5c The X.509 certificate chain, {@code null} if not 1322 * specified. 1323 * @param ks Reference to the underlying key store, {@code null} if 1324 * not specified. 1325 */ 1326 @Deprecated 1327 public RSAKey(final Base64URL n, final Base64URL e, 1328 final Base64URL p, final Base64URL q, 1329 final Base64URL dp, final Base64URL dq, final Base64URL qi, 1330 final List<OtherPrimesInfo> oth, 1331 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 1332 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c, 1333 final KeyStore ks) { 1334 1335 this(n, e, null, p, q, dp, dq, qi, oth, null, use, ops, alg, kid, 1336 x5u, x5t, x5t256, x5c, 1337 null, null, null, 1338 ks); 1339 } 1340 1341 1342 /** 1343 * Creates a new public / private RSA JSON Web Key (JWK) with the 1344 * specified parameters. The private RSA key is specified by its 1345 * second representation (see RFC 3447, section 3.2). 1346 * 1347 * @param n The the modulus value for the public RSA key. It is 1348 * represented as the Base64URL encoding of value's big 1349 * endian representation. Must not be {@code null}. 1350 * @param e The exponent value for the public RSA key. It is 1351 * represented as the Base64URL encoding of value's big 1352 * endian representation. Must not be {@code null}. 1353 * @param p The first prime factor. It is represented as the 1354 * Base64URL encoding of the value's big endian 1355 * representation. Must not be {@code null}. 1356 * @param q The second prime factor. It is represented as the 1357 * Base64URL encoding of the value's big endian 1358 * representation. Must not be {@code null}. 1359 * @param dp The first factor Chinese Remainder Theorem exponent. 1360 * It is represented as the Base64URL encoding of the 1361 * value's big endian representation. Must not be 1362 * {@code null}. 1363 * @param dq The second factor Chinese Remainder Theorem exponent. 1364 * It is represented as the Base64URL encoding of the 1365 * value's big endian representation. Must not be 1366 * {@code null}. 1367 * @param qi The first Chinese Remainder Theorem coefficient. It is 1368 * represented as the Base64URL encoding of the value's 1369 * big endian representation. Must not be {@code null}. 1370 * @param oth The other primes information, should they exist, 1371 * {@code null} or an empty list if not specified. 1372 * @param use The key use, {@code null} if not specified or if the 1373 * key is intended for signing as well as encryption. 1374 * @param ops The key operations, {@code null} if not specified. 1375 * @param alg The intended JOSE algorithm for the key, {@code null} 1376 * if not specified. 1377 * @param kid The key ID. {@code null} if not specified. 1378 * @param x5u The X.509 certificate URL, {@code null} if not 1379 * specified. 1380 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 1381 * if not specified. 1382 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 1383 * if not specified. 1384 * @param x5c The X.509 certificate chain, {@code null} if not 1385 * specified. 1386 * @param exp The key expiration time, {@code null} if not 1387 * specified. 1388 * @param nbf The key not-before time, {@code null} if not 1389 * specified. 1390 * @param iat The key issued-at time, {@code null} if not specified. 1391 * @param ks Reference to the underlying key store, {@code null} if 1392 * not specified. 1393 */ 1394 public RSAKey(final Base64URL n, final Base64URL e, 1395 final Base64URL p, final Base64URL q, 1396 final Base64URL dp, final Base64URL dq, final Base64URL qi, 1397 final List<OtherPrimesInfo> oth, 1398 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 1399 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c, 1400 final Date exp, final Date nbf, final Date iat, 1401 final KeyStore ks) { 1402 1403 // Call the full constructor, the first private representation 1404 // d param is null 1405 this(n, e, null, p, q, dp, dq, qi, oth, null, use, ops, alg, kid, 1406 x5u, x5t, x5t256, x5c, 1407 exp, nbf, iat, 1408 ks); 1409 1410 if (p == null) { 1411 throw new IllegalArgumentException("The first prime factor must not be null"); 1412 } 1413 1414 if (q == null) { 1415 throw new IllegalArgumentException("The second prime factor must not be null"); 1416 } 1417 1418 if (dp == null) { 1419 throw new IllegalArgumentException("The first factor CRT exponent must not be null"); 1420 } 1421 1422 if (dq == null) { 1423 throw new IllegalArgumentException("The second factor CRT exponent must not be null"); 1424 } 1425 1426 if (qi == null) { 1427 throw new IllegalArgumentException("The first CRT coefficient must not be null"); 1428 } 1429 } 1430 1431 1432 /** 1433 * Creates a new public / private RSA JSON Web Key (JWK) with the 1434 * specified parameters. The private RSA key is specified by both its 1435 * first and second representations (see RFC 3447, section 3.2). 1436 * 1437 * <p>A valid first private RSA key representation must specify the 1438 * {@code d} parameter. 1439 * 1440 * <p>A valid second private RSA key representation must specify all 1441 * required Chinese Remainder Theorem (CRT) parameters - {@code p}, 1442 * {@code q}, {@code dp}, {@code dq} and {@code qi}, else an 1443 * {@link java.lang.IllegalArgumentException} will be thrown. 1444 * 1445 * @param n The the modulus value for the public RSA key. It is 1446 * represented as the Base64URL encoding of value's big 1447 * endian representation. Must not be {@code null}. 1448 * @param e The exponent value for the public RSA key. It is 1449 * represented as the Base64URL encoding of value's big 1450 * endian representation. Must not be {@code null}. 1451 * @param d The private exponent. It is represented as the Base64URL 1452 * encoding of the value's big endian representation. May 1453 * be {@code null}. 1454 * @param p The first prime factor. It is represented as the 1455 * Base64URL encoding of the value's big endian 1456 * representation. May be {@code null}. 1457 * @param q The second prime factor. It is represented as the 1458 * Base64URL encoding of the value's big endian 1459 * representation. May be {@code null}. 1460 * @param dp The first factor Chinese Remainder Theorem exponent. It 1461 * is represented as the Base64URL encoding of the value's 1462 * big endian representation. May be {@code null}. 1463 * @param dq The second factor Chinese Remainder Theorem exponent. It 1464 * is represented as the Base64URL encoding of the value's 1465 * big endian representation. May be {@code null}. 1466 * @param qi The first Chinese Remainder Theorem coefficient. It is 1467 * represented as the Base64URL encoding of the value's big 1468 * endian representation. May be {@code null}. 1469 * @param oth The other primes information, should they exist, 1470 * {@code null} or an empty list if not specified. 1471 * @param use The key use, {@code null} if not specified or if the key 1472 * is intended for signing as well as encryption. 1473 * @param ops The key operations, {@code null} if not specified. 1474 * @param alg The intended JOSE algorithm for the key, {@code null} if 1475 * not specified. 1476 * @param kid The key ID. {@code null} if not specified. 1477 * @param x5u The X.509 certificate URL, {@code null} if not specified. 1478 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 1479 * if not specified. 1480 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 1481 * if not specified. 1482 * @param x5c The X.509 certificate chain, {@code null} if not 1483 * specified. 1484 */ 1485 @Deprecated 1486 public RSAKey(final Base64URL n, final Base64URL e, 1487 final Base64URL d, 1488 final Base64URL p, final Base64URL q, 1489 final Base64URL dp, final Base64URL dq, final Base64URL qi, 1490 final List<OtherPrimesInfo> oth, 1491 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 1492 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c) { 1493 1494 this(n, e, d, p, q, dp, dq, qi, oth, null, use, ops, alg, kid, x5u, x5t, x5t256, x5c, null); 1495 } 1496 1497 1498 /** 1499 * Creates a new public / private RSA JSON Web Key (JWK) with the 1500 * specified parameters. The private RSA key can be specified by its 1501 * first representation, its second representation (see RFC 3447, 1502 * section 3.2), or by a PKCS#11 handle as {@link PrivateKey}. 1503 * 1504 * <p>A valid first private RSA key representation must specify the 1505 * {@code d} parameter. 1506 * 1507 * <p>A valid second private RSA key representation must specify all 1508 * required Chinese Remainder Theorem (CRT) parameters - {@code p}, 1509 * {@code q}, {@code dp}, {@code dq} and {@code qi}, else an 1510 * {@link java.lang.IllegalArgumentException} will be thrown. 1511 * 1512 * @param n The the modulus value for the public RSA key. It is 1513 * represented as the Base64URL encoding of value's big 1514 * endian representation. Must not be {@code null}. 1515 * @param e The exponent value for the public RSA key. It is 1516 * represented as the Base64URL encoding of value's big 1517 * endian representation. Must not be {@code null}. 1518 * @param d The private exponent. It is represented as the Base64URL 1519 * encoding of the value's big endian representation. May 1520 * be {@code null}. 1521 * @param p The first prime factor. It is represented as the 1522 * Base64URL encoding of the value's big endian 1523 * representation. May be {@code null}. 1524 * @param q The second prime factor. It is represented as the 1525 * Base64URL encoding of the value's big endian 1526 * representation. May be {@code null}. 1527 * @param dp The first factor Chinese Remainder Theorem exponent. It 1528 * is represented as the Base64URL encoding of the value's 1529 * big endian representation. May be {@code null}. 1530 * @param dq The second factor Chinese Remainder Theorem exponent. It 1531 * is represented as the Base64URL encoding of the value's 1532 * big endian representation. May be {@code null}. 1533 * @param qi The first Chinese Remainder Theorem coefficient. It is 1534 * represented as the Base64URL encoding of the value's big 1535 * endian representation. May be {@code null}. 1536 * @param oth The other primes information, should they exist, 1537 * {@code null} or an empty list if not specified. 1538 * @param use The key use, {@code null} if not specified or if the key 1539 * is intended for signing as well as encryption. 1540 * @param ops The key operations, {@code null} if not specified. 1541 * @param alg The intended JOSE algorithm for the key, {@code null} if 1542 * not specified. 1543 * @param kid The key ID. {@code null} if not specified. 1544 * @param x5u The X.509 certificate URL, {@code null} if not specified. 1545 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 1546 * if not specified. 1547 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 1548 * if not specified. 1549 * @param x5c The X.509 certificate chain, {@code null} if not 1550 * specified. 1551 * @param ks Reference to the underlying key store, {@code null} if 1552 * not specified. 1553 */ 1554 @Deprecated 1555 public RSAKey(final Base64URL n, final Base64URL e, 1556 final Base64URL d, 1557 final Base64URL p, final Base64URL q, 1558 final Base64URL dp, final Base64URL dq, final Base64URL qi, 1559 final List<OtherPrimesInfo> oth, 1560 final PrivateKey prv, 1561 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 1562 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c, 1563 final KeyStore ks) { 1564 1565 this(n, e, d, p, q, dp, dq, qi, oth, prv, use, ops, alg, kid, x5u, x5t, x5t256, x5c, null, null, null, ks); 1566 } 1567 1568 1569 /** 1570 * Creates a new public / private RSA JSON Web Key (JWK) with the 1571 * specified parameters. The private RSA key can be specified by its 1572 * first representation, its second representation (see RFC 3447, 1573 * section 3.2), or by a PKCS#11 handle as {@link PrivateKey}. 1574 * 1575 * <p>A valid first private RSA key representation must specify the 1576 * {@code d} parameter. 1577 * 1578 * <p>A valid second private RSA key representation must specify all 1579 * required Chinese Remainder Theorem (CRT) parameters - {@code p}, 1580 * {@code q}, {@code dp}, {@code dq} and {@code qi}, else an 1581 * {@link java.lang.IllegalArgumentException} will be thrown. 1582 * 1583 * @param n The the modulus value for the public RSA key. It is 1584 * represented as the Base64URL encoding of value's big 1585 * endian representation. Must not be {@code null}. 1586 * @param e The exponent value for the public RSA key. It is 1587 * represented as the Base64URL encoding of value's big 1588 * endian representation. Must not be {@code null}. 1589 * @param d The private exponent. It is represented as the Base64URL 1590 * encoding of the value's big endian representation. May 1591 * be {@code null}. 1592 * @param p The first prime factor. It is represented as the 1593 * Base64URL encoding of the value's big endian 1594 * representation. May be {@code null}. 1595 * @param q The second prime factor. It is represented as the 1596 * Base64URL encoding of the value's big endian 1597 * representation. May be {@code null}. 1598 * @param dp The first factor Chinese Remainder Theorem exponent. It 1599 * is represented as the Base64URL encoding of the value's 1600 * big endian representation. May be {@code null}. 1601 * @param dq The second factor Chinese Remainder Theorem exponent. It 1602 * is represented as the Base64URL encoding of the value's 1603 * big endian representation. May be {@code null}. 1604 * @param qi The first Chinese Remainder Theorem coefficient. It is 1605 * represented as the Base64URL encoding of the value's big 1606 * endian representation. May be {@code null}. 1607 * @param oth The other primes information, should they exist, 1608 * {@code null} or an empty list if not specified. 1609 * @param use The key use, {@code null} if not specified or if the key 1610 * is intended for signing as well as encryption. 1611 * @param ops The key operations, {@code null} if not specified. 1612 * @param alg The intended JOSE algorithm for the key, {@code null} if 1613 * not specified. 1614 * @param kid The key ID. {@code null} if not specified. 1615 * @param x5u The X.509 certificate URL, {@code null} if not specified. 1616 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 1617 * if not specified. 1618 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 1619 * if not specified. 1620 * @param x5c The X.509 certificate chain, {@code null} if not 1621 * specified. 1622 * @param exp The key expiration time, {@code null} if not 1623 * specified. 1624 * @param nbf The key not-before time, {@code null} if not 1625 * specified. 1626 * @param iat The key issued-at time, {@code null} if not specified. 1627 * @param ks Reference to the underlying key store, {@code null} if 1628 * not specified. 1629 */ 1630 public RSAKey(final Base64URL n, final Base64URL e, 1631 final Base64URL d, 1632 final Base64URL p, final Base64URL q, 1633 final Base64URL dp, final Base64URL dq, final Base64URL qi, 1634 final List<OtherPrimesInfo> oth, 1635 final PrivateKey prv, 1636 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 1637 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c, 1638 final Date exp, final Date nbf, final Date iat, 1639 final KeyStore ks) { 1640 1641 super(KeyType.RSA, use, ops, alg, kid, x5u, x5t, x5t256, x5c, exp, nbf, iat, ks); 1642 1643 1644 // Ensure the public params are defined 1645 1646 if (n == null) { 1647 throw new IllegalArgumentException("The modulus value must not be null"); 1648 } 1649 this.n = n; 1650 1651 1652 if (e == null) { 1653 throw new IllegalArgumentException("The public exponent value must not be null"); 1654 } 1655 this.e = e; 1656 1657 if (getParsedX509CertChain() != null) { 1658 if (! matches(getParsedX509CertChain().get(0))) 1659 throw new IllegalArgumentException("The public subject key info of the first X.509 certificate in the chain must match the JWK type and public parameters"); 1660 } 1661 1662 // Private params, 1st representation 1663 1664 this.d = d; 1665 1666 1667 // Private params, 2nd representation, check for consistency 1668 1669 if (p != null && q != null && dp != null && dq != null && qi != null) { 1670 1671 // CRT params fully specified 1672 this.p = p; 1673 this.q = q; 1674 this.dp = dp; 1675 this.dq = dq; 1676 this.qi = qi; 1677 1678 // Other RSA primes info optional, default to empty list 1679 if (oth != null) { 1680 this.oth = Collections.unmodifiableList(oth); 1681 } else { 1682 this.oth = Collections.emptyList(); 1683 } 1684 1685 } else if (p == null && q == null && dp == null && dq == null && qi == null && oth == null) { 1686 1687 // No CRT params 1688 this.p = null; 1689 this.q = null; 1690 this.dp = null; 1691 this.dq = null; 1692 this.qi = null; 1693 1694 this.oth = Collections.emptyList(); 1695 1696 } else if (p != null || q != null || dp != null || dq != null || qi != null) { 1697 1698 if (p == null) { 1699 throw new IllegalArgumentException("Incomplete second private (CRT) representation: The first prime factor must not be null"); 1700 } else if (q == null) { 1701 throw new IllegalArgumentException("Incomplete second private (CRT) representation: The second prime factor must not be null"); 1702 } else if (dp == null) { 1703 throw new IllegalArgumentException("Incomplete second private (CRT) representation: The first factor CRT exponent must not be null"); 1704 } else if (dq == null) { 1705 throw new IllegalArgumentException("Incomplete second private (CRT) representation: The second factor CRT exponent must not be null"); 1706 } else { 1707 throw new IllegalArgumentException("Incomplete second private (CRT) representation: The first CRT coefficient must not be null"); 1708 } 1709 } else { 1710 // No CRT params 1711 this.p = null; 1712 this.q = null; 1713 this.dp = null; 1714 this.dq = null; 1715 this.qi = null; 1716 this.oth = Collections.emptyList(); 1717 } 1718 1719 this.privateKey = prv; // PKCS#11 handle 1720 } 1721 1722 1723 /** 1724 * Creates a new public RSA JSON Web Key (JWK) with the specified 1725 * parameters. 1726 * 1727 * @param pub The public RSA key to represent. Must not be 1728 * {@code null}. 1729 * @param use The key use, {@code null} if not specified or if the 1730 * key is intended for signing as well as encryption. 1731 * @param ops The key operations, {@code null} if not specified. 1732 * @param alg The intended JOSE algorithm for the key, {@code null} 1733 * if not specified. 1734 * @param kid The key ID. {@code null} if not specified. 1735 * @param x5u The X.509 certificate URL, {@code null} if not 1736 * specified. 1737 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 1738 * if not specified. 1739 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 1740 * if not specified. 1741 * @param x5c The X.509 certificate chain, {@code null} if not 1742 * specified. 1743 * @param ks Reference to the underlying key store, {@code null} if 1744 * not specified. 1745 */ 1746 @Deprecated 1747 public RSAKey(final RSAPublicKey pub, 1748 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 1749 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c, 1750 final KeyStore ks) { 1751 1752 this(pub, use, ops, alg, kid, x5u, x5t, x5t256, x5c, null, null, null, ks); 1753 } 1754 1755 1756 /** 1757 * Creates a new public RSA JSON Web Key (JWK) with the specified 1758 * parameters. 1759 * 1760 * @param pub The public RSA key to represent. Must not be 1761 * {@code null}. 1762 * @param use The key use, {@code null} if not specified or if the 1763 * key is intended for signing as well as encryption. 1764 * @param ops The key operations, {@code null} if not specified. 1765 * @param alg The intended JOSE algorithm for the key, {@code null} 1766 * if not specified. 1767 * @param kid The key ID. {@code null} if not specified. 1768 * @param x5u The X.509 certificate URL, {@code null} if not 1769 * specified. 1770 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 1771 * if not specified. 1772 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 1773 * if not specified. 1774 * @param x5c The X.509 certificate chain, {@code null} if not 1775 * specified. 1776 * @param exp The key expiration time, {@code null} if not 1777 * specified. 1778 * @param nbf The key not-before time, {@code null} if not 1779 * specified. 1780 * @param iat The key issued-at time, {@code null} if not specified. 1781 * @param ks Reference to the underlying key store, {@code null} if 1782 * not specified. 1783 */ 1784 public RSAKey(final RSAPublicKey pub, 1785 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 1786 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c, 1787 final Date exp, final Date nbf, final Date iat, 1788 final KeyStore ks) { 1789 1790 this(Base64URL.encode(pub.getModulus()), 1791 Base64URL.encode(pub.getPublicExponent()), 1792 use, ops, alg, kid, 1793 x5u, x5t, x5t256, x5c, 1794 exp, nbf, iat, 1795 ks); 1796 } 1797 1798 1799 /** 1800 * Creates a new public / private RSA JSON Web Key (JWK) with the 1801 * specified parameters. The private RSA key is specified by its first 1802 * representation (see RFC 3447, section 3.2). 1803 * 1804 * @param pub The public RSA key to represent. Must not be 1805 * {@code null}. 1806 * @param priv The private RSA key to represent. Must not be 1807 * {@code null}. 1808 * @param use The key use, {@code null} if not specified or if the 1809 * key is intended for signing as well as encryption. 1810 * @param ops The key operations, {@code null} if not specified. 1811 * @param alg The intended JOSE algorithm for the key, {@code null} 1812 * if not specified. 1813 * @param kid The key ID. {@code null} if not specified. 1814 * @param x5u The X.509 certificate URL, {@code null} if not 1815 * specified. 1816 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 1817 * if not specified. 1818 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 1819 * if not specified. 1820 * @param x5c The X.509 certificate chain, {@code null} if not 1821 * specified. 1822 * @param ks Reference to the underlying key store, {@code null} if 1823 * not specified. 1824 */ 1825 @Deprecated 1826 public RSAKey(final RSAPublicKey pub, final RSAPrivateKey priv, 1827 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 1828 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c, 1829 final KeyStore ks) { 1830 1831 this(pub, priv, use, ops, alg, kid, x5u, x5t, x5t256, x5c, null, null, null, ks); 1832 } 1833 1834 1835 /** 1836 * Creates a new public / private RSA JSON Web Key (JWK) with the 1837 * specified parameters. The private RSA key is specified by its first 1838 * representation (see RFC 3447, section 3.2). 1839 * 1840 * @param pub The public RSA key to represent. Must not be 1841 * {@code null}. 1842 * @param priv The private RSA key to represent. Must not be 1843 * {@code null}. 1844 * @param use The key use, {@code null} if not specified or if the 1845 * key is intended for signing as well as encryption. 1846 * @param ops The key operations, {@code null} if not specified. 1847 * @param alg The intended JOSE algorithm for the key, {@code null} 1848 * if not specified. 1849 * @param kid The key ID. {@code null} if not specified. 1850 * @param x5u The X.509 certificate URL, {@code null} if not 1851 * specified. 1852 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 1853 * if not specified. 1854 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 1855 * if not specified. 1856 * @param x5c The X.509 certificate chain, {@code null} if not 1857 * specified. 1858 * @param exp The key expiration time, {@code null} if not 1859 * specified. 1860 * @param nbf The key not-before time, {@code null} if not 1861 * specified. 1862 * @param iat The key issued-at time, {@code null} if not specified. 1863 * @param ks Reference to the underlying key store, {@code null} if 1864 * not specified. 1865 */ 1866 public RSAKey(final RSAPublicKey pub, final RSAPrivateKey priv, 1867 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 1868 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c, 1869 final Date exp, final Date nbf, final Date iat, 1870 final KeyStore ks) { 1871 1872 this(Base64URL.encode(pub.getModulus()), 1873 Base64URL.encode(pub.getPublicExponent()), 1874 Base64URL.encode(priv.getPrivateExponent()), 1875 use, ops, alg, kid, 1876 x5u, x5t, x5t256, x5c, 1877 exp, nbf, iat, 1878 ks); 1879 } 1880 1881 1882 /** 1883 * Creates a new public / private RSA JSON Web Key (JWK) with the 1884 * specified parameters. The private RSA key is specified by its second 1885 * representation (see RFC 3447, section 3.2). 1886 * 1887 * @param pub The public RSA key to represent. Must not be 1888 * {@code null}. 1889 * @param priv The private RSA key to represent. Must not be 1890 * {@code null}. 1891 * @param use The key use, {@code null} if not specified or if the 1892 * key is intended for signing as well as encryption. 1893 * @param ops The key operations, {@code null} if not specified. 1894 * @param alg The intended JOSE algorithm for the key, {@code null} 1895 * if not specified. 1896 * @param kid The key ID. {@code null} if not specified. 1897 * @param x5u The X.509 certificate URL, {@code null} if not 1898 * specified. 1899 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 1900 * if not specified. 1901 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 1902 * if not specified. 1903 * @param x5c The X.509 certificate chain, {@code null} if not 1904 * specified. 1905 * @param ks Reference to the underlying key store, {@code null} if 1906 * not specified. 1907 */ 1908 @Deprecated 1909 public RSAKey(final RSAPublicKey pub, final RSAPrivateCrtKey priv, 1910 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 1911 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c, 1912 final KeyStore ks) { 1913 1914 this(pub, priv, use, ops, alg, kid, x5u, x5t, x5t256, x5c, null, null, null, ks); 1915 } 1916 1917 1918 /** 1919 * Creates a new public / private RSA JSON Web Key (JWK) with the 1920 * specified parameters. The private RSA key is specified by its second 1921 * representation (see RFC 3447, section 3.2). 1922 * 1923 * @param pub The public RSA key to represent. Must not be 1924 * {@code null}. 1925 * @param priv The private RSA key to represent. Must not be 1926 * {@code null}. 1927 * @param use The key use, {@code null} if not specified or if the 1928 * key is intended for signing as well as encryption. 1929 * @param ops The key operations, {@code null} if not specified. 1930 * @param alg The intended JOSE algorithm for the key, {@code null} 1931 * if not specified. 1932 * @param kid The key ID. {@code null} if not specified. 1933 * @param x5u The X.509 certificate URL, {@code null} if not 1934 * specified. 1935 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 1936 * if not specified. 1937 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 1938 * if not specified. 1939 * @param x5c The X.509 certificate chain, {@code null} if not 1940 * specified. 1941 * @param exp The key expiration time, {@code null} if not 1942 * specified. 1943 * @param nbf The key not-before time, {@code null} if not 1944 * specified. 1945 * @param iat The key issued-at time, {@code null} if not specified. 1946 * @param ks Reference to the underlying key store, {@code null} if 1947 * not specified. 1948 */ 1949 public RSAKey(final RSAPublicKey pub, final RSAPrivateCrtKey priv, 1950 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 1951 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c, 1952 final Date exp, final Date nbf, final Date iat, 1953 final KeyStore ks) { 1954 1955 this(Base64URL.encode(pub.getModulus()), 1956 Base64URL.encode(pub.getPublicExponent()), 1957 Base64URL.encode(priv.getPrivateExponent()), 1958 Base64URL.encode(priv.getPrimeP()), 1959 Base64URL.encode(priv.getPrimeQ()), 1960 Base64URL.encode(priv.getPrimeExponentP()), 1961 Base64URL.encode(priv.getPrimeExponentQ()), 1962 Base64URL.encode(priv.getCrtCoefficient()), 1963 null, 1964 null, 1965 use, ops, alg, kid, 1966 x5u, x5t, x5t256, x5c, 1967 exp, nbf, iat, 1968 ks); 1969 } 1970 1971 1972 /** 1973 * Creates a new public / private RSA JSON Web Key (JWK) with the 1974 * specified parameters. The private RSA key is specified by its second 1975 * representation, with optional other primes info (see RFC 3447, 1976 * section 3.2). 1977 * 1978 * @param pub The public RSA key to represent. Must not be 1979 * {@code null}. 1980 * @param priv The private RSA key to represent. Must not be 1981 * {@code null}. 1982 * @param use The key use, {@code null} if not specified or if the 1983 * key is intended for signing as well as encryption. 1984 * @param ops The key operations, {@code null} if not specified. 1985 * @param alg The intended JOSE algorithm for the key, {@code null} 1986 * if not specified. 1987 * @param kid The key ID. {@code null} if not specified. 1988 * @param x5u The X.509 certificate URL, {@code null} if not 1989 * specified. 1990 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 1991 * if not specified. 1992 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 1993 * if not specified. 1994 * @param x5c The X.509 certificate chain, {@code null} if not 1995 * specified. 1996 * @param ks Reference to the underlying key store, {@code null} if 1997 * not specified. 1998 */ 1999 @Deprecated 2000 public RSAKey(final RSAPublicKey pub, final RSAMultiPrimePrivateCrtKey priv, 2001 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 2002 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c, 2003 final KeyStore ks) { 2004 2005 this(pub, priv, use, ops, alg, kid, x5u, x5t, x5t256, x5c, null, null, null, ks); 2006 } 2007 2008 2009 /** 2010 * Creates a new public / private RSA JSON Web Key (JWK) with the 2011 * specified parameters. The private RSA key is specified by its second 2012 * representation, with optional other primes info (see RFC 3447, 2013 * section 3.2). 2014 * 2015 * @param pub The public RSA key to represent. Must not be 2016 * {@code null}. 2017 * @param priv The private RSA key to represent. Must not be 2018 * {@code null}. 2019 * @param use The key use, {@code null} if not specified or if the 2020 * key is intended for signing as well as encryption. 2021 * @param ops The key operations, {@code null} if not specified. 2022 * @param alg The intended JOSE algorithm for the key, {@code null} 2023 * if not specified. 2024 * @param kid The key ID. {@code null} if not specified. 2025 * @param x5u The X.509 certificate URL, {@code null} if not 2026 * specified. 2027 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 2028 * if not specified. 2029 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 2030 * if not specified. 2031 * @param x5c The X.509 certificate chain, {@code null} if not 2032 * specified. 2033 * @param exp The key expiration time, {@code null} if not 2034 * specified. 2035 * @param nbf The key not-before time, {@code null} if not 2036 * specified. 2037 * @param iat The key issued-at time, {@code null} if not specified. 2038 * @param ks Reference to the underlying key store, {@code null} if 2039 * not specified. 2040 */ 2041 public RSAKey(final RSAPublicKey pub, final RSAMultiPrimePrivateCrtKey priv, 2042 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 2043 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c, 2044 final Date exp, final Date nbf, final Date iat, 2045 final KeyStore ks) { 2046 2047 this(Base64URL.encode(pub.getModulus()), 2048 Base64URL.encode(pub.getPublicExponent()), 2049 Base64URL.encode(priv.getPrivateExponent()), 2050 Base64URL.encode(priv.getPrimeP()), 2051 Base64URL.encode(priv.getPrimeQ()), 2052 Base64URL.encode(priv.getPrimeExponentP()), 2053 Base64URL.encode(priv.getPrimeExponentQ()), 2054 Base64URL.encode(priv.getCrtCoefficient()), 2055 OtherPrimesInfo.toList(priv.getOtherPrimeInfo()), 2056 null, 2057 use, ops, alg, kid, 2058 x5u, x5t, x5t256, x5c, 2059 exp, nbf, iat, 2060 ks); 2061 } 2062 2063 2064 /** 2065 * Creates a new public / private RSA JSON Web Key (JWK) with the 2066 * specified parameters. The private RSA key is specified by a PKCS#11 2067 * handle. 2068 * 2069 * @param pub The public RSA key to represent. Must not be 2070 * {@code null}. 2071 * @param priv The private RSA key as PKCS#11 handle, {@code null} if 2072 * not specified. 2073 * @param use The key use, {@code null} if not specified or if the 2074 * key is intended for signing as well as encryption. 2075 * @param ops The key operations, {@code null} if not specified. 2076 * @param alg The intended JOSE algorithm for the key, {@code null} 2077 * if not specified. 2078 * @param kid The key ID. {@code null} if not specified. 2079 * @param x5u The X.509 certificate URL, {@code null} if not 2080 * specified. 2081 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 2082 * if not specified. 2083 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 2084 * if not specified. 2085 * @param x5c The X.509 certificate chain, {@code null} if not 2086 * specified. 2087 * @param ks Reference to the underlying key store, {@code null} if 2088 * not specified. 2089 */ 2090 @Deprecated 2091 public RSAKey(final RSAPublicKey pub, final PrivateKey priv, 2092 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 2093 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c, 2094 final KeyStore ks) { 2095 2096 this(pub, priv, use, ops, alg, kid, x5u, x5t, x5t256, x5c, null, null, null, ks); 2097 } 2098 2099 2100 /** 2101 * Creates a new public / private RSA JSON Web Key (JWK) with the 2102 * specified parameters. The private RSA key is specified by a PKCS#11 2103 * handle. 2104 * 2105 * @param pub The public RSA key to represent. Must not be 2106 * {@code null}. 2107 * @param priv The private RSA key as PKCS#11 handle, {@code null} if 2108 * not specified. 2109 * @param use The key use, {@code null} if not specified or if the 2110 * key is intended for signing as well as encryption. 2111 * @param ops The key operations, {@code null} if not specified. 2112 * @param alg The intended JOSE algorithm for the key, {@code null} 2113 * if not specified. 2114 * @param kid The key ID. {@code null} if not specified. 2115 * @param x5u The X.509 certificate URL, {@code null} if not 2116 * specified. 2117 * @param x5t The X.509 certificate SHA-1 thumbprint, {@code null} 2118 * if not specified. 2119 * @param x5t256 The X.509 certificate SHA-256 thumbprint, {@code null} 2120 * if not specified. 2121 * @param x5c The X.509 certificate chain, {@code null} if not 2122 * specified. 2123 * @param exp The key expiration time, {@code null} if not 2124 * specified. 2125 * @param nbf The key not-before time, {@code null} if not 2126 * specified. 2127 * @param iat The key issued-at time, {@code null} if not specified. 2128 * @param ks Reference to the underlying key store, {@code null} if 2129 * not specified. 2130 */ 2131 public RSAKey(final RSAPublicKey pub, final PrivateKey priv, 2132 final KeyUse use, final Set<KeyOperation> ops, final Algorithm alg, final String kid, 2133 final URI x5u, final Base64URL x5t, final Base64URL x5t256, final List<Base64> x5c, 2134 final Date exp, final Date nbf, final Date iat, 2135 final KeyStore ks) { 2136 2137 this(Base64URL.encode(pub.getModulus()), 2138 Base64URL.encode(pub.getPublicExponent()), 2139 null, 2140 null, 2141 null, 2142 null, 2143 null, 2144 null, 2145 null, 2146 priv, 2147 use, ops, alg, kid, 2148 x5u, x5t, x5t256, x5c, 2149 exp, nbf, iat, 2150 ks); 2151 } 2152 2153 2154 /** 2155 * Gets the modulus value ({@code n}) of the RSA key. 2156 * 2157 * @return The RSA key modulus. It is represented as the Base64URL 2158 * encoding of the value's big endian representation. 2159 */ 2160 public Base64URL getModulus() { 2161 2162 return n; 2163 } 2164 2165 2166 /** 2167 * Gets the public exponent ({@code e}) of the RSA key. 2168 * 2169 * @return The public RSA key exponent. It is represented as the 2170 * Base64URL encoding of the value's big endian representation. 2171 */ 2172 public Base64URL getPublicExponent() { 2173 2174 return e; 2175 } 2176 2177 2178 /** 2179 * Gets the private exponent ({@code d}) of the RSA key. 2180 * 2181 * @return The private RSA key exponent. It is represented as the 2182 * Base64URL encoding of the value's big endian representation. 2183 * {@code null} if not specified (for a public key or a private 2184 * key using the second representation only). 2185 */ 2186 public Base64URL getPrivateExponent() { 2187 2188 return d; 2189 } 2190 2191 2192 /** 2193 * Gets the first prime factor ({@code p}) of the private RSA key. 2194 * 2195 * @return The RSA first prime factor. It is represented as the 2196 * Base64URL encoding of the value's big endian representation. 2197 * {@code null} if not specified (for a public key or a private 2198 * key using the first representation only). 2199 */ 2200 public Base64URL getFirstPrimeFactor() { 2201 2202 return p; 2203 } 2204 2205 2206 /** 2207 * Gets the second prime factor ({@code q}) of the private RSA key. 2208 * 2209 * @return The RSA second prime factor. It is represented as the 2210 * Base64URL encoding of the value's big endian representation. 2211 * {@code null} if not specified (for a public key or a private 2212 * key using the first representation only). 2213 */ 2214 public Base64URL getSecondPrimeFactor() { 2215 2216 return q; 2217 } 2218 2219 2220 /** 2221 * Gets the first factor Chinese Remainder Theorem (CRT) exponent 2222 * ({@code dp}) of the private RSA key. 2223 * 2224 * @return The RSA first factor CRT exponent. It is represented as the 2225 * Base64URL encoding of the value's big endian representation. 2226 * {@code null} if not specified (for a public key or a private 2227 * key using the first representation only). 2228 */ 2229 public Base64URL getFirstFactorCRTExponent() { 2230 2231 return dp; 2232 } 2233 2234 2235 /** 2236 * Gets the second factor Chinese Remainder Theorem (CRT) exponent 2237 * ({@code dq}) of the private RSA key. 2238 * 2239 * @return The RSA second factor CRT exponent. It is represented as the 2240 * Base64URL encoding of the value's big endian representation. 2241 * {@code null} if not specified (for a public key or a private 2242 * key using the first representation only). 2243 */ 2244 public Base64URL getSecondFactorCRTExponent() { 2245 2246 return dq; 2247 } 2248 2249 2250 /** 2251 * Gets the first Chinese Remainder Theorem (CRT) coefficient 2252 * ({@code qi})} of the private RSA key. 2253 * 2254 * @return The RSA first CRT coefficient. It is represented as the 2255 * Base64URL encoding of the value's big endian representation. 2256 * {@code null} if not specified (for a public key or a private 2257 * key using the first representation only). 2258 */ 2259 public Base64URL getFirstCRTCoefficient() { 2260 2261 return qi; 2262 } 2263 2264 2265 /** 2266 * Gets the other primes information ({@code oth}) for the private RSA 2267 * key, should they exist. 2268 * 2269 * @return The RSA other primes information, {@code null} or empty list 2270 * if not specified. 2271 */ 2272 public List<OtherPrimesInfo> getOtherPrimes() { 2273 2274 return oth; 2275 } 2276 2277 2278 /** 2279 * Returns a standard {@code java.security.interfaces.RSAPublicKey} 2280 * representation of this RSA JWK. 2281 * 2282 * @return The public RSA key. 2283 * 2284 * @throws JOSEException If RSA is not supported by the underlying Java 2285 * Cryptography (JCA) provider or if the JWK 2286 * parameters are invalid for a public RSA key. 2287 */ 2288 public RSAPublicKey toRSAPublicKey() 2289 throws JOSEException { 2290 2291 BigInteger modulus = n.decodeToBigInteger(); 2292 BigInteger exponent = e.decodeToBigInteger(); 2293 2294 RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus, exponent); 2295 2296 try { 2297 KeyFactory factory = KeyFactory.getInstance("RSA"); 2298 2299 return (RSAPublicKey) factory.generatePublic(spec); 2300 2301 } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { 2302 2303 throw new JOSEException(e.getMessage(), e); 2304 } 2305 } 2306 2307 2308 /** 2309 * Returns a standard {@code java.security.interfaces.RSAPrivateKey} 2310 * representation of this RSA JWK. 2311 * 2312 * @return The private RSA key, {@code null} if not specified by this 2313 * JWK. 2314 * 2315 * @throws JOSEException If RSA is not supported by the underlying Java 2316 * Cryptography (JCA) provider or if the JWK 2317 * parameters are invalid for a private RSA key. 2318 */ 2319 public RSAPrivateKey toRSAPrivateKey() 2320 throws JOSEException { 2321 2322 if (d == null) { 2323 // no private key 2324 return null; 2325 } 2326 2327 BigInteger modulus = n.decodeToBigInteger(); 2328 BigInteger privateExponent = d.decodeToBigInteger(); 2329 2330 RSAPrivateKeySpec spec; 2331 2332 if (p == null) { 2333 // Use 1st representation 2334 spec = new RSAPrivateKeySpec(modulus, privateExponent); 2335 2336 } else { 2337 // Use 2nd (CRT) representation 2338 BigInteger publicExponent = e.decodeToBigInteger(); 2339 BigInteger primeP = p.decodeToBigInteger(); 2340 BigInteger primeQ = q.decodeToBigInteger(); 2341 BigInteger primeExponentP = dp.decodeToBigInteger(); 2342 BigInteger primeExponentQ = dq.decodeToBigInteger(); 2343 BigInteger crtCoefficient = qi.decodeToBigInteger(); 2344 2345 if (oth != null && ! oth.isEmpty()) { 2346 // Construct other info spec 2347 RSAOtherPrimeInfo[] otherInfo = new RSAOtherPrimeInfo[oth.size()]; 2348 2349 for (int i=0; i < oth.size(); i++) { 2350 2351 OtherPrimesInfo opi = oth.get(i); 2352 2353 BigInteger otherPrime = opi.getPrimeFactor().decodeToBigInteger(); 2354 BigInteger otherPrimeExponent = opi.getFactorCRTExponent().decodeToBigInteger(); 2355 BigInteger otherCrtCoefficient = opi.getFactorCRTCoefficient().decodeToBigInteger(); 2356 2357 otherInfo[i] = new RSAOtherPrimeInfo(otherPrime, 2358 otherPrimeExponent, 2359 otherCrtCoefficient); 2360 } 2361 2362 spec = new RSAMultiPrimePrivateCrtKeySpec(modulus, 2363 publicExponent, 2364 privateExponent, 2365 primeP, 2366 primeQ, 2367 primeExponentP, 2368 primeExponentQ, 2369 crtCoefficient, 2370 otherInfo); 2371 } else { 2372 // Construct spec with no other info 2373 spec = new RSAPrivateCrtKeySpec(modulus, 2374 publicExponent, 2375 privateExponent, 2376 primeP, 2377 primeQ, 2378 primeExponentP, 2379 primeExponentQ, 2380 crtCoefficient); 2381 } 2382 } 2383 2384 try { 2385 KeyFactory factory = KeyFactory.getInstance("RSA"); 2386 2387 return (RSAPrivateKey) factory.generatePrivate(spec); 2388 2389 } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { 2390 2391 throw new JOSEException(e.getMessage(), e); 2392 } 2393 } 2394 2395 2396 @Override 2397 public PublicKey toPublicKey() 2398 throws JOSEException { 2399 2400 return toRSAPublicKey(); 2401 } 2402 2403 2404 @Override 2405 public PrivateKey toPrivateKey() 2406 throws JOSEException { 2407 2408 PrivateKey prv = toRSAPrivateKey(); 2409 2410 if (prv != null) { 2411 // Return private RSA key with key material 2412 return prv; 2413 } 2414 2415 // Return private RSA key as PKCS#11 handle, or null 2416 return privateKey; 2417 } 2418 2419 2420 /** 2421 * Returns a standard {@code java.security.KeyPair} representation of 2422 * this RSA JWK. 2423 * 2424 * @return The RSA key pair. The private RSA key will be {@code null} 2425 * if not specified. 2426 * 2427 * @throws JOSEException If RSA is not supported by the underlying Java 2428 * Cryptography (JCA) provider or if the JWK 2429 * parameters are invalid for a public and / or 2430 * private RSA key. 2431 */ 2432 @Override 2433 public KeyPair toKeyPair() 2434 throws JOSEException { 2435 2436 return new KeyPair(toRSAPublicKey(), toPrivateKey()); 2437 } 2438 2439 2440 @Override 2441 public boolean matches(final X509Certificate cert) { 2442 2443 RSAPublicKey certRSAKey; 2444 try { 2445 certRSAKey = (RSAPublicKey) getParsedX509CertChain().get(0).getPublicKey(); 2446 } catch (ClassCastException ex) { 2447 return false; 2448 } 2449 if (! e.decodeToBigInteger().equals(certRSAKey.getPublicExponent())) { 2450 return false; 2451 } 2452 return n.decodeToBigInteger().equals(certRSAKey.getModulus()); 2453 } 2454 2455 2456 @Override 2457 public LinkedHashMap<String,?> getRequiredParams() { 2458 2459 // Put mandatory params in sorted order 2460 LinkedHashMap<String,String> requiredParams = new LinkedHashMap<>(); 2461 requiredParams.put(JWKParameterNames.RSA_EXPONENT, e.toString()); 2462 requiredParams.put(JWKParameterNames.KEY_TYPE, getKeyType().getValue()); 2463 requiredParams.put(JWKParameterNames.RSA_MODULUS, n.toString()); 2464 return requiredParams; 2465 } 2466 2467 2468 @Override 2469 public boolean isPrivate() { 2470 2471 // Check if 1st or 2nd form params are specified, or PKCS#11 handle 2472 return d != null || p != null || privateKey != null; 2473 } 2474 2475 2476 @Override 2477 public int size() { 2478 2479 try { 2480 return ByteUtils.safeBitLength(n.decode()); 2481 } catch (IntegerOverflowException e) { 2482 throw new ArithmeticException(e.getMessage()); 2483 } 2484 } 2485 2486 2487 /** 2488 * Returns a copy of this RSA JWK with any private values removed. 2489 * 2490 * @return The copied public RSA JWK. 2491 */ 2492 @Override 2493 public RSAKey toPublicJWK() { 2494 2495 return new RSAKey( 2496 getModulus(), getPublicExponent(), 2497 getKeyUse(), getKeyOperations(), getAlgorithm(), getKeyID(), 2498 getX509CertURL(), getX509CertThumbprint(), getX509CertSHA256Thumbprint(), getX509CertChain(), 2499 getExpirationTime(), getNotBeforeTime(), getIssueTime(), 2500 getKeyStore()); 2501 } 2502 2503 2504 @Override 2505 public Map<String, Object> toJSONObject() { 2506 2507 Map<String, Object> o = super.toJSONObject(); 2508 2509 // Append public RSA key specific attributes 2510 o.put(JWKParameterNames.RSA_MODULUS, n.toString()); 2511 o.put(JWKParameterNames.RSA_EXPONENT, e.toString()); 2512 if (d != null) { 2513 o.put(JWKParameterNames.RSA_PRIVATE_EXPONENT, d.toString()); 2514 } 2515 if (p != null) { 2516 o.put(JWKParameterNames.RSA_FIRST_PRIME_FACTOR, p.toString()); 2517 } 2518 if (q != null) { 2519 o.put(JWKParameterNames.RSA_SECOND_PRIME_FACTOR, q.toString()); 2520 } 2521 if (dp != null) { 2522 o.put(JWKParameterNames.RSA_FIRST_FACTOR_CRT_EXPONENT, dp.toString()); 2523 } 2524 if (dq != null) { 2525 o.put(JWKParameterNames.RSA_SECOND_FACTOR_CRT_EXPONENT, dq.toString()); 2526 } 2527 if (qi != null) { 2528 o.put(JWKParameterNames.RSA_FIRST_CRT_COEFFICIENT, qi.toString()); 2529 } 2530 if (oth != null && !oth.isEmpty()) { 2531 2532 List<Object> a = JSONArrayUtils.newJSONArray(); 2533 2534 for (OtherPrimesInfo other : oth) { 2535 2536 Map<String, Object> oo = JSONObjectUtils.newJSONObject(); 2537 oo.put(JWKParameterNames.RSA_OTHER_PRIMES__PRIME_FACTOR, other.r.toString()); 2538 oo.put(JWKParameterNames.RSA_OTHER_PRIMES__FACTOR_CRT_EXPONENT, other.d.toString()); 2539 oo.put(JWKParameterNames.RSA_OTHER_PRIMES__FACTOR_CRT_COEFFICIENT, other.t.toString()); 2540 2541 a.add(oo); 2542 } 2543 2544 o.put(JWKParameterNames.RSA_OTHER_PRIMES, a); 2545 } 2546 2547 return o; 2548 } 2549 2550 2551 /** 2552 * Parses a public / private RSA JWK from the specified JSON object 2553 * string representation. 2554 * 2555 * @param s The JSON object string to parse. Must not be {@code null}. 2556 * 2557 * @return The public / private RSA JWK. 2558 * 2559 * @throws ParseException If the string couldn't be parsed to an RSA 2560 * JWK. 2561 */ 2562 public static RSAKey parse(final String s) 2563 throws ParseException { 2564 2565 return parse(JSONObjectUtils.parse(s)); 2566 } 2567 2568 2569 /** 2570 * Parses a public / private RSA JWK from the specified JSON object 2571 * representation. 2572 * 2573 * @param jsonObject The JSON object to parse. Must not be 2574 * {@code null}. 2575 * 2576 * @return The public / private RSA Key. 2577 * 2578 * @throws ParseException If the JSON object couldn't be parsed to an 2579 * RSA JWK. 2580 */ 2581 public static RSAKey parse(final Map<String, Object> jsonObject) 2582 throws ParseException { 2583 2584 // Check key type 2585 if (! KeyType.RSA.equals(JWKMetadata.parseKeyType(jsonObject))) { 2586 throw new ParseException("The key type \"kty\" must be RSA", 0); 2587 } 2588 2589 // Parse the mandatory public key parameters 2590 Base64URL n = JSONObjectUtils.getBase64URL(jsonObject, JWKParameterNames.RSA_MODULUS); 2591 Base64URL e = JSONObjectUtils.getBase64URL(jsonObject, JWKParameterNames.RSA_EXPONENT); 2592 2593 // Parse the optional private key parameters 2594 2595 // 1st private representation 2596 Base64URL d = JSONObjectUtils.getBase64URL(jsonObject, JWKParameterNames.RSA_PRIVATE_EXPONENT); 2597 2598 // 2nd private (CRT) representation 2599 Base64URL p = JSONObjectUtils.getBase64URL(jsonObject, JWKParameterNames.RSA_FIRST_PRIME_FACTOR); 2600 Base64URL q = JSONObjectUtils.getBase64URL(jsonObject, JWKParameterNames.RSA_SECOND_PRIME_FACTOR); 2601 Base64URL dp = JSONObjectUtils.getBase64URL(jsonObject, JWKParameterNames.RSA_FIRST_FACTOR_CRT_EXPONENT); 2602 Base64URL dq = JSONObjectUtils.getBase64URL(jsonObject, JWKParameterNames.RSA_SECOND_FACTOR_CRT_EXPONENT); 2603 Base64URL qi = JSONObjectUtils.getBase64URL(jsonObject, JWKParameterNames.RSA_FIRST_CRT_COEFFICIENT); 2604 2605 List<OtherPrimesInfo> oth = null; 2606 if (jsonObject.containsKey(JWKParameterNames.RSA_OTHER_PRIMES)) { 2607 2608 List<Object> arr = JSONObjectUtils.getJSONArray(jsonObject, JWKParameterNames.RSA_OTHER_PRIMES); 2609 if(arr != null) { 2610 oth = new ArrayList<>(arr.size()); 2611 2612 for (Object o : arr) { 2613 2614 if (o instanceof Map) { 2615 Map<String, Object> otherJson = ( Map<String, Object>)o; 2616 2617 Base64URL r = JSONObjectUtils.getBase64URL(otherJson, JWKParameterNames.RSA_OTHER_PRIMES__PRIME_FACTOR); 2618 Base64URL odq = JSONObjectUtils.getBase64URL(otherJson, JWKParameterNames.RSA_SECOND_FACTOR_CRT_EXPONENT); 2619 Base64URL t = JSONObjectUtils.getBase64URL(otherJson, JWKParameterNames.RSA_OTHER_PRIMES__FACTOR_CRT_COEFFICIENT); 2620 try { 2621 oth.add(new OtherPrimesInfo(r, odq, t)); 2622 } catch (IllegalArgumentException iae) { 2623 throw new ParseException(iae.getMessage(), 0); 2624 } 2625 } 2626 } 2627 } 2628 } 2629 2630 try { 2631 return new RSAKey(n, e, d, p, q, dp, dq, qi, oth, null, 2632 JWKMetadata.parseKeyUse(jsonObject), 2633 JWKMetadata.parseKeyOperations(jsonObject), 2634 JWKMetadata.parseAlgorithm(jsonObject), 2635 JWKMetadata.parseKeyID(jsonObject), 2636 JWKMetadata.parseX509CertURL(jsonObject), 2637 JWKMetadata.parseX509CertThumbprint(jsonObject), 2638 JWKMetadata.parseX509CertSHA256Thumbprint(jsonObject), 2639 JWKMetadata.parseX509CertChain(jsonObject), 2640 JWKMetadata.parseExpirationTime(jsonObject), 2641 JWKMetadata.parseNotBeforeTime(jsonObject), 2642 JWKMetadata.parseIssueTime(jsonObject), 2643 null); 2644 2645 } catch (IllegalArgumentException ex) { 2646 // Missing mandatory n or e, inconsistent 2nd spec, 2647 // conflicting 'use' and 'key_ops', etc. 2648 throw new ParseException(ex.getMessage(), 0); 2649 } 2650 } 2651 2652 2653 /** 2654 * Parses a public RSA JWK from the specified X.509 certificate. 2655 * 2656 * <p><strong>Important:</strong> The X.509 certificate is not 2657 * validated! 2658 * 2659 * <p>Sets the following JWK parameters: 2660 * 2661 * <ul> 2662 * <li>The JWK use inferred by {@link KeyUse#from}. 2663 * <li>The JWK ID from the X.509 serial number (in base 10). 2664 * <li>The JWK X.509 certificate chain (this certificate only). 2665 * <li>The JWK X.509 certificate SHA-256 thumbprint. 2666 * </ul> 2667 * 2668 * @param cert The X.509 certificate. Must not be {@code null}. 2669 * 2670 * @return The public RSA key. 2671 * 2672 * @throws JOSEException If parsing failed. 2673 */ 2674 public static RSAKey parse(final X509Certificate cert) 2675 throws JOSEException { 2676 2677 if (! (cert.getPublicKey() instanceof RSAPublicKey)) { 2678 throw new JOSEException("The public key of the X.509 certificate is not RSA"); 2679 } 2680 2681 RSAPublicKey publicKey = (RSAPublicKey)cert.getPublicKey(); 2682 2683 try { 2684 MessageDigest sha256 = MessageDigest.getInstance("SHA-256"); 2685 2686 return new RSAKey.Builder(publicKey) 2687 .keyUse(KeyUse.from(cert)) 2688 .keyID(cert.getSerialNumber().toString(10)) 2689 .x509CertChain(Collections.singletonList(Base64.encode(cert.getEncoded()))) 2690 .x509CertSHA256Thumbprint(Base64URL.encode(sha256.digest(cert.getEncoded()))) 2691 .expirationTime(cert.getNotAfter()) 2692 .notBeforeTime(cert.getNotBefore()) 2693 .build(); 2694 } catch (NoSuchAlgorithmException e) { 2695 throw new JOSEException("Couldn't encode x5t parameter: " + e.getMessage(), e); 2696 } catch (CertificateEncodingException e) { 2697 throw new JOSEException("Couldn't encode x5c parameter: " + e.getMessage(), e); 2698 } 2699 } 2700 2701 2702 /** 2703 * Loads a public / private RSA JWK from the specified JCA key store. 2704 * 2705 * <p><strong>Important:</strong> The X.509 certificate is not 2706 * validated! 2707 * 2708 * @param keyStore The key store. Must not be {@code null}. 2709 * @param alias The alias. Must not be {@code null}. 2710 * @param pin The pin to unlock the private key if any, empty or 2711 * {@code null} if not required. 2712 * 2713 * @return The public / private RSA key, {@code null} if no key with 2714 * the specified alias was found. 2715 * 2716 * @throws KeyStoreException On a key store exception. 2717 * @throws JOSEException If RSA key loading failed. 2718 */ 2719 public static RSAKey load(final KeyStore keyStore, 2720 final String alias, 2721 final char[] pin) 2722 throws KeyStoreException, JOSEException { 2723 2724 java.security.cert.Certificate cert = keyStore.getCertificate(alias); 2725 2726 if (!(cert instanceof X509Certificate)) { 2727 return null; 2728 } 2729 2730 X509Certificate x509Cert = (X509Certificate)cert; 2731 2732 if (! (x509Cert.getPublicKey() instanceof RSAPublicKey)) { 2733 throw new JOSEException("Couldn't load RSA JWK: The key algorithm is not RSA"); 2734 } 2735 2736 RSAKey rsaJWK = RSAKey.parse(x509Cert); 2737 2738 // Let kid=alias 2739 rsaJWK = new RSAKey.Builder(rsaJWK).keyID(alias).keyStore(keyStore).build(); 2740 2741 // Check for private counterpart 2742 Key key; 2743 try { 2744 key = keyStore.getKey(alias, pin); 2745 } catch (UnrecoverableKeyException | NoSuchAlgorithmException e) { 2746 throw new JOSEException("Couldn't retrieve private RSA key (bad pin?): " + e.getMessage(), e); 2747 } 2748 2749 if (key instanceof RSAPrivateKey) { 2750 // Simple file based key store 2751 return new RSAKey.Builder(rsaJWK) 2752 .privateKey((RSAPrivateKey)key) 2753 .build(); 2754 } else if (key instanceof PrivateKey && "RSA".equalsIgnoreCase(key.getAlgorithm())) { 2755 // PKCS#11 store 2756 return new RSAKey.Builder(rsaJWK) 2757 .privateKey((PrivateKey)key) 2758 .build(); 2759 } else { 2760 return rsaJWK; 2761 } 2762 } 2763 2764 2765 @Override 2766 public boolean equals(Object o) { 2767 if (this == o) return true; 2768 if (!(o instanceof RSAKey)) return false; 2769 if (!super.equals(o)) return false; 2770 RSAKey rsaKey = (RSAKey) o; 2771 return Objects.equals(n, rsaKey.n) && 2772 Objects.equals(e, rsaKey.e) && 2773 Objects.equals(d, rsaKey.d) && 2774 Objects.equals(p, rsaKey.p) && 2775 Objects.equals(q, rsaKey.q) && 2776 Objects.equals(dp, rsaKey.dp) && 2777 Objects.equals(dq, rsaKey.dq) && 2778 Objects.equals(qi, rsaKey.qi) && 2779 Objects.equals(oth, rsaKey.oth) && 2780 Objects.equals(privateKey, rsaKey.privateKey); 2781 } 2782 2783 2784 @Override 2785 public int hashCode() { 2786 return Objects.hash(super.hashCode(), n, e, d, p, q, dp, dq, qi, oth, privateKey); 2787 } 2788}