Package com.nimbusds.jose.jwk
Class OctetSequenceKey
java.lang.Object
com.nimbusds.jose.jwk.JWK
com.nimbusds.jose.jwk.OctetSequenceKey
- All Implemented Interfaces:
SecretJWK
,Serializable
Octet sequence
JSON Web Key (JWK), used to represent
symmetric keys. This class is immutable.
Octet sequence JWKs should specify the algorithm intended to be used with the key, unless the application uses other means or convention to determine the algorithm used.
Example JSON object representation of an octet sequence JWK:
{ "kty" : "oct", "alg" : "A128KW", "k" : "GawgguFyGrWKav7AX4VKUg" }
Use the builder to create a new octet JWK:
OctetSequenceKey key = new OctetSequenceKey.Builder(bytes) .keyID("123") .build();
- Version:
- 2024-04-27
- Author:
- Justin Richer, Vladimir Dzhuvinov
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
Builder for constructing octet sequence JWKs. -
Field Summary
-
Constructor Summary
ConstructorDescriptionOctetSequenceKey
(Base64URL k, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, KeyStore ks) Deprecated.OctetSequenceKey
(Base64URL k, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, Date exp, Date nbf, Date iat, KeyRevocation revocation, KeyStore ks) Creates a new octet sequence JSON Web Key (JWK) with the specified parameters.OctetSequenceKey
(Base64URL k, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, Date exp, Date nbf, Date iat, KeyStore ks) Deprecated. -
Method Summary
Modifier and TypeMethodDescriptionboolean
Returns the value of this octet sequence key.Returns the required JWK parameters.int
hashCode()
boolean
Octet sequence (symmetric) keys are never considered public, this method always returnstrue
.static OctetSequenceKey
Loads an octet sequence JWK from the specified JCA key store.static OctetSequenceKey
Parses an octet sequence JWK from the specified JSON object string representation.static OctetSequenceKey
Parses an octet sequence JWK from the specified JSON object representation.int
size()
Returns the size of this JWK.byte[]
Returns a copy of this octet sequence key value as a byte array.Returns a JSON object representation of this JWK.Octet sequence (symmetric) keys are never considered public, this method always returnsnull
.Returns a secret key representation of this octet sequence key.toSecretKey
(String jcaAlg) Returns a secret key representation of this octet sequence key with the specified Java Cryptography Architecture (JCA) algorithm.Methods inherited from class com.nimbusds.jose.jwk.JWK
computeThumbprint, computeThumbprint, computeThumbprintURI, getAlgorithm, getExpirationTime, getIssueTime, getKeyID, getKeyOperations, getKeyRevocation, getKeyStore, getKeyType, getKeyUse, getNotBeforeTime, getParsedX509CertChain, getX509CertChain, getX509CertSHA256Thumbprint, getX509CertThumbprint, getX509CertURL, parse, parseFromPEMEncodedObjects, parseFromPEMEncodedX509Cert, toECKey, toJSONString, toOctetKeyPair, toOctetSequenceKey, toRSAKey, toString
-
Constructor Details
-
OctetSequenceKey
@Deprecated public OctetSequenceKey(Base64URL k, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, KeyStore ks) Deprecated.Creates a new octet sequence JSON Web Key (JWK) with the specified parameters.- Parameters:
k
- The key value. It is represented as the Base64URL encoding of the value's big endian representation. Must not benull
.use
- The key use,null
if not specified or if the key is intended for signing as well as encryption.ops
- The key operations,null
if not specified.alg
- The intended JOSE algorithm for the key,null
if not specified.kid
- The key ID.null
if not specified.x5u
- The X.509 certificate URL,null
if not specified.x5t
- The X.509 certificate SHA-1 thumbprint,null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint,null
if not specified.x5c
- The X.509 certificate chain,null
if not specified.ks
- Reference to the underlying key store,null
if not specified.
-
OctetSequenceKey
@Deprecated public OctetSequenceKey(Base64URL k, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, Date exp, Date nbf, Date iat, KeyStore ks) Deprecated.Creates a new octet sequence JSON Web Key (JWK) with the specified parameters.- Parameters:
k
- The key value. It is represented as the Base64URL encoding of the value's big endian representation. Must not benull
.use
- The key use,null
if not specified or if the key is intended for signing as well as encryption.ops
- The key operations,null
if not specified.alg
- The intended JOSE algorithm for the key,null
if not specified.kid
- The key ID.null
if not specified.x5u
- The X.509 certificate URL,null
if not specified.x5t
- The X.509 certificate SHA-1 thumbprint,null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint,null
if not specified.x5c
- The X.509 certificate chain,null
if not specified.exp
- The key expiration time,null
if not specified.nbf
- The key not-before time,null
if not specified.iat
- The key issued-at time,null
if not specified.ks
- Reference to the underlying key store,null
if not specified.
-
OctetSequenceKey
public OctetSequenceKey(Base64URL k, KeyUse use, Set<KeyOperation> ops, Algorithm alg, String kid, URI x5u, Base64URL x5t, Base64URL x5t256, List<Base64> x5c, Date exp, Date nbf, Date iat, KeyRevocation revocation, KeyStore ks) Creates a new octet sequence JSON Web Key (JWK) with the specified parameters.- Parameters:
k
- The key value. It is represented as the Base64URL encoding of the value's big endian representation. Must not benull
.use
- The key use,null
if not specified or if the key is intended for signing as well as encryption.ops
- The key operations,null
if not specified.alg
- The intended JOSE algorithm for the key,null
if not specified.kid
- The key ID.null
if not specified.x5u
- The X.509 certificate URL,null
if not specified.x5t
- The X.509 certificate SHA-1 thumbprint,null
if not specified.x5t256
- The X.509 certificate SHA-256 thumbprint,null
if not specified.x5c
- The X.509 certificate chain,null
if not specified.exp
- The key expiration time,null
if not specified.nbf
- The key not-before time,null
if not specified.iat
- The key issued-at time,null
if not specified.revocation
- The key revocation,null
if not specified.ks
- Reference to the underlying key store,null
if not specified.
-
-
Method Details
-
getKeyValue
Returns the value of this octet sequence key.- Returns:
- The key value. It is represented as the Base64URL encoding of the value's big endian representation.
-
toByteArray
Returns a copy of this octet sequence key value as a byte array.- Returns:
- The key value as a byte array.
-
toSecretKey
Returns a secret key representation of this octet sequence key.- Specified by:
toSecretKey
in interfaceSecretJWK
- Returns:
- The secret key representation, with an algorithm set to
NONE
.
-
toSecretKey
Returns a secret key representation of this octet sequence key with the specified Java Cryptography Architecture (JCA) algorithm.- Parameters:
jcaAlg
- The JCA algorithm. Must not benull
.- Returns:
- The secret key representation.
-
getRequiredParams
Description copied from class:JWK
Returns the required JWK parameters. Intended as input for JWK thumbprint computation. See RFC 7638 for more information.- Specified by:
getRequiredParams
in classJWK
- Returns:
- The required JWK parameters, sorted alphanumerically by key name and ready for JSON serialisation.
-
isPrivate
Octet sequence (symmetric) keys are never considered public, this method always returnstrue
. -
toPublicJWK
Octet sequence (symmetric) keys are never considered public, this method always returnsnull
.- Specified by:
toPublicJWK
in classJWK
- Returns:
null
-
size
Description copied from class:JWK
Returns the size of this JWK. -
toJSONObject
Description copied from class:JWK
Returns a JSON object representation of this JWK. This method is intended to be called from extending classes.Example:
{ "kty" : "RSA", "use" : "sig", "kid" : "fd28e025-8d24-48bc-a51a-e2ffc8bc274b" }
- Overrides:
toJSONObject
in classJWK
- Returns:
- The JSON object representation.
-
parse
Parses an octet sequence JWK from the specified JSON object string representation.- Parameters:
s
- The JSON object string to parse. Must not benull
.- Returns:
- The octet sequence JWK.
- Throws:
ParseException
- If the string couldn't be parsed to an octet sequence JWK.
-
parse
Parses an octet sequence JWK from the specified JSON object representation.- Parameters:
jsonObject
- The JSON object to parse. Must not benull
.- Returns:
- The octet sequence JWK.
- Throws:
ParseException
- If the JSON object couldn't be parsed to an octet sequence JWK.
-
load
public static OctetSequenceKey load(KeyStore keyStore, String alias, char[] pin) throws KeyStoreException, JOSEException Loads an octet sequence JWK from the specified JCA key store.- Parameters:
keyStore
- The key store. Must not benull
.alias
- The alias. Must not benull
.pin
- The pin to unlock the private key if any, empty ornull
if not required.- Returns:
- The octet sequence JWK,
null
if no key with the specified alias was found. - Throws:
KeyStoreException
- On a key store exception.JOSEException
- If octet sequence key loading failed.
-
equals
-
hashCode
-