Package com.nimbusds.jose.jwk

Class OctetSequenceKey

java.lang.Object
com.nimbusds.jose.jwk.JWK
com.nimbusds.jose.jwk.OctetSequenceKey
All Implemented Interfaces:
SecretJWK, Serializable
@Immutable public final class OctetSequenceKey extends JWK implements SecretJWK
Octet sequence JSON Web Key (JWK), used to represent symmetric keys. This class is immutable.

Octet sequence JWKs should specify the algorithm intended to be used with the key, unless the application uses other means or convention to determine the algorithm used.

Example JSON object representation of an octet sequence JWK: 

 {
   "kty" : "oct",
   "alg" : "A128KW",
   "k"   : "GawgguFyGrWKav7AX4VKUg"
 }

Use the builder to create a new octet JWK: 

 OctetSequenceKey key = new OctetSequenceKey.Builder(bytes)
        .keyID("123")
        .build();
Version:
2024-04-27
Author:
Justin Richer, Vladimir Dzhuvinov
See Also:

  • Constructor Details

    • OctetSequenceKey

      @Deprecated public OctetSequenceKey(Base64URL k, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, KeyStore ks)
      Deprecated.
      Creates a new octet sequence JSON Web Key (JWK) with the specified parameters.
      Parameters:
      k - The key value. It is represented as the Base64URL encoding of the value's big endian representation. Must not be null.
      use - The key use, null if not specified or if the key is intended for signing as well as encryption.
      ops - The key operations, null if not specified.
      alg - The intended JOSE algorithm for the key, null if not specified.
      kid - The key ID. null if not specified.
      x5u - The X.509 certificate URL, null if not specified.
      x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
      x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
      x5c - The X.509 certificate chain, null if not specified.
      ks - Reference to the underlying key store, null if not specified.

    • OctetSequenceKey

      @Deprecated public OctetSequenceKey(Base64URL k, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, Date exp, Date nbf, Date iat, KeyStore ks)
      Deprecated.
      Creates a new octet sequence JSON Web Key (JWK) with the specified parameters.
      Parameters:
      k - The key value. It is represented as the Base64URL encoding of the value's big endian representation. Must not be null.
      use - The key use, null if not specified or if the key is intended for signing as well as encryption.
      ops - The key operations, null if not specified.
      alg - The intended JOSE algorithm for the key, null if not specified.
      kid - The key ID. null if not specified.
      x5u - The X.509 certificate URL, null if not specified.
      x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
      x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
      x5c - The X.509 certificate chain, null if not specified.
      exp - The key expiration time, null if not specified.
      nbf - The key not-before time, null if not specified.
      iat - The key issued-at time, null if not specified.
      ks - Reference to the underlying key store, null if not specified.

    • OctetSequenceKey

      public OctetSequenceKey(Base64URL k, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, Date exp, Date nbf, Date iat, KeyRevocation revocation, KeyStore ks)
      Creates a new octet sequence JSON Web Key (JWK) with the specified parameters.
      Parameters:
      k - The key value. It is represented as the Base64URL encoding of the value's big endian representation. Must not be null.
      use - The key use, null if not specified or if the key is intended for signing as well as encryption.
      ops - The key operations, null if not specified.
      alg - The intended JOSE algorithm for the key, null if not specified.
      kid - The key ID. null if not specified.
      x5u - The X.509 certificate URL, null if not specified.
      x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
      x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
      x5c - The X.509 certificate chain, null if not specified.
      exp - The key expiration time, null if not specified.
      nbf - The key not-before time, null if not specified.
      iat - The key issued-at time, null if not specified.
      revocation - The key revocation, null if not specified.
      ks - Reference to the underlying key store, null if not specified.

  • Method Details

    • getKeyValue

      public Base64URL getKeyValue()
      Returns the value of this octet sequence key.
      Returns:
      The key value. It is represented as the Base64URL encoding of the value's big endian representation.

    • toByteArray

      public byte[] toByteArray()
      Returns a copy of this octet sequence key value as a byte array.
      Returns:
      The key value as a byte array.

    • toSecretKey

      public SecretKey toSecretKey()
      Returns a secret key representation of this octet sequence key.
      Specified by:
      toSecretKey in interface SecretJWK
      Returns:
      The secret key representation, with an algorithm set to NONE.

    • toSecretKey

      public SecretKey toSecretKey(String jcaAlg)
      Returns a secret key representation of this octet sequence key with the specified Java Cryptography Architecture (JCA) algorithm.
      Parameters:
      jcaAlg - The JCA algorithm. Must not be null.
      Returns:
      The secret key representation.

    • getRequiredParams

      public LinkedHashMap<String,?> getRequiredParams()
      Description copied from class: JWK
      Returns the required JWK parameters. Intended as input for JWK thumbprint computation. See RFC 7638 for more information.
      Specified by:
      getRequiredParams in class JWK
      Returns:
      The required JWK parameters, sorted alphanumerically by key name and ready for JSON serialisation.

    • isPrivate

      public boolean isPrivate()
      Octet sequence (symmetric) keys are never considered public, this method always returns true.
      Specified by:
      isPrivate in class JWK
      Returns:
      true

    • toPublicJWK

      public OctetSequenceKey toPublicJWK()
      Octet sequence (symmetric) keys are never considered public, this method always returns null.
      Specified by:
      toPublicJWK in class JWK
      Returns:
      null

    • size

      public int size()
      Description copied from class: JWK
      Returns the size of this JWK.
      Specified by:
      size in class JWK
      Returns:
      The JWK size, in bits.

    • toJSONObject

      public Map<String,Object> toJSONObject()
      Description copied from class: JWK
      Returns a JSON object representation of this JWK. This method is intended to be called from extending classes.

      Example: 

       {
   "kty" : "RSA",
   "use" : "sig",
   "kid" : "fd28e025-8d24-48bc-a51a-e2ffc8bc274b"
 }
      Overrides:
      toJSONObject in class JWK
      Returns:
      The JSON object representation.

    • parse

      public static OctetSequenceKey parse(String s) throws ParseException
      Parses an octet sequence JWK from the specified JSON object string representation.
      Parameters:
      s - The JSON object string to parse. Must not be null.
      Returns:
      The octet sequence JWK.
      Throws:
      ParseException - If the string couldn't be parsed to an octet sequence JWK.

    • parse

      public static OctetSequenceKey parse(Map<String,Object> jsonObject) throws ParseException
      Parses an octet sequence JWK from the specified JSON object representation.
      Parameters:
      jsonObject - The JSON object to parse. Must not be null.
      Returns:
      The octet sequence JWK.
      Throws:
      ParseException - If the JSON object couldn't be parsed to an octet sequence JWK.

    • load

      public static OctetSequenceKey load(KeyStore keyStore, String alias, char[] pin) throws KeyStoreException, JOSEException
      Loads an octet sequence JWK from the specified JCA key store.
      Parameters:
      keyStore - The key store. Must not be null.
      alias - The alias. Must not be null.
      pin - The pin to unlock the private key if any, empty or null if not required.
      Returns:
      The octet sequence JWK, null if no key with the specified alias was found.
      Throws:
      KeyStoreException - On a key store exception.
      JOSEException - If octet sequence key loading failed.

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class JWK

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class JWK