Package com.nimbusds.jose.crypto
Class ECDSASigner
- java.lang.Object
-
- com.nimbusds.jose.crypto.impl.BaseJWSProvider
-
- com.nimbusds.jose.crypto.impl.ECDSAProvider
-
- com.nimbusds.jose.crypto.ECDSASigner
-
- All Implemented Interfaces:
JCAAware<JCAContext>
,JOSEProvider
,JWSProvider
,JWSSigner
@ThreadSafe public class ECDSASigner extends ECDSAProvider implements JWSSigner
Elliptic Curve Digital Signature Algorithm (ECDSA) signer ofJWS objects
. Expects a private EC key (with a P-256, P-384, P-521 or secp256k1 curve).See RFC 7518 section 3.4 for more information.
This class is thread-safe.
Supports the following algorithms:
Supports the following
options
:UserAuthenticationRequired
-- to prompt the user to authenticate in order to complete the signing operation. Android applications can use this option to trigger a biometric prompt that is required to unlock a private key created withsetUserAuthenticationRequired(true)
.
- Version:
- 2023-04-20
- Author:
- Axel Nennker, Vladimir Dzhuvinov
-
-
Field Summary
-
Fields inherited from class com.nimbusds.jose.crypto.impl.ECDSAProvider
SUPPORTED_ALGORITHMS
-
-
Constructor Summary
Constructors Constructor Description ECDSASigner(ECKey ecJWK)
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.ECDSASigner(ECKey ecJWK, Set<JWSSignerOption> opts)
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.ECDSASigner(ECPrivateKey privateKey)
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.ECDSASigner(ECPrivateKey privateKey, Set<JWSSignerOption> opts)
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.ECDSASigner(PrivateKey privateKey, Curve curve)
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.ECDSASigner(PrivateKey privateKey, Curve curve, Set<JWSSignerOption> opts)
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description PrivateKey
getPrivateKey()
Gets the private EC key.Base64URL
sign(JWSHeader header, byte[] signingInput)
Signs the specifiedinput
of aJWS object
.-
Methods inherited from class com.nimbusds.jose.crypto.impl.ECDSAProvider
supportedECDSAAlgorithm
-
Methods inherited from class com.nimbusds.jose.crypto.impl.BaseJWSProvider
getJCAContext, supportedJWSAlgorithms
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.nimbusds.jose.jca.JCAAware
getJCAContext
-
Methods inherited from interface com.nimbusds.jose.JWSProvider
supportedJWSAlgorithms
-
-
-
-
Constructor Detail
-
ECDSASigner
public ECDSASigner(ECPrivateKey privateKey) throws JOSEException
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.- Parameters:
privateKey
- The private EC key. Must not benull
.- Throws:
JOSEException
- If the elliptic curve of key is not supported.
-
ECDSASigner
public ECDSASigner(ECPrivateKey privateKey, Set<JWSSignerOption> opts) throws JOSEException
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.- Parameters:
privateKey
- The private EC key. Must not benull
.opts
- The signing options, empty ornull
if none.- Throws:
JOSEException
- If the elliptic curve of key is not supported.
-
ECDSASigner
public ECDSASigner(PrivateKey privateKey, Curve curve) throws JOSEException
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer. This constructor is intended for a private EC key located in a PKCS#11 store that doesn't expose the private key parameters (such as a smart card or HSM).- Parameters:
privateKey
- The private EC key. Its algorithm must be "EC". Must not benull
.curve
- The elliptic curve for the key. Must not benull
.- Throws:
JOSEException
- If the elliptic curve of key is not supported.
-
ECDSASigner
public ECDSASigner(PrivateKey privateKey, Curve curve, Set<JWSSignerOption> opts) throws JOSEException
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer. This constructor is intended for a private EC key located in a PKCS#11 store that doesn't expose the private key parameters (such as a smart card or HSM).- Parameters:
privateKey
- The private EC key. Its algorithm must be "EC". Must not benull
.curve
- The elliptic curve for the key. Must not benull
.opts
- The signing options, empty ornull
if none.- Throws:
JOSEException
- If the elliptic curve of key is not supported.
-
ECDSASigner
public ECDSASigner(ECKey ecJWK) throws JOSEException
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.- Parameters:
ecJWK
- The EC JSON Web Key (JWK). Must contain a private part. Must not benull
.- Throws:
JOSEException
- If the EC JWK doesn't contain a private part, its extraction failed, or the elliptic curve is not supported.
-
ECDSASigner
public ECDSASigner(ECKey ecJWK, Set<JWSSignerOption> opts) throws JOSEException
Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.- Parameters:
ecJWK
- The EC JSON Web Key (JWK). Must contain a private part. Must not benull
.opts
- The signing options, empty ornull
if none.- Throws:
JOSEException
- If the EC JWK doesn't contain a private part, its extraction failed, or the elliptic curve is not supported.
-
-
Method Detail
-
getPrivateKey
public PrivateKey getPrivateKey()
Gets the private EC key.- Returns:
- The private EC key. Casting to
ECPrivateKey
may not be possible if the key is located in a PKCS#11 store that doesn't expose the private key parameters.
-
sign
public Base64URL sign(JWSHeader header, byte[] signingInput) throws JOSEException
Description copied from interface:JWSSigner
Signs the specifiedinput
of aJWS object
.- Specified by:
sign
in interfaceJWSSigner
- Parameters:
header
- The JSON Web Signature (JWS) header. Must specify a supported JWS algorithm and must not benull
.signingInput
- The input to sign. Must not benull
.- Returns:
- The resulting signature part (third part) of the JWS object.
- Throws:
JOSEException
- If the JWS algorithm is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if signing failed for some other internal reason.
-
-