• Home
• com.nimbusds
• nimbus-jose-jwt
• 9.10.1
• source code
• OctetKeyPairGenerator.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.nimbusds.jose.jwk.gen.OctetKeyPairGenerator Maven / Gradle / Ivy

/*
 * nimbus-jose-jwt
 *
 * Copyright 2012-2018, Connect2id Ltd and contributors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
 * this file except in compliance with the License. You may obtain a copy of the
 * License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed
 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */

package com.nimbusds.jose.jwk.gen;

import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Set;

import com.google.crypto.tink.subtle.Ed25519Sign;
import com.google.crypto.tink.subtle.X25519;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.OctetKeyPair;
import com.nimbusds.jose.util.Base64URL;


/**
 * Octet Key Pair (OKP) JSON Web Key (JWK) generator.
 *
 * 
Supported curves:
 *
 * 

 *     
{@link Curve#X25519 X25519}
 *     
{@link Curve#Ed25519 Ed25519}
 * 
 *
 * @author Tim McLean
 * @version 2018-07-18
 */
public class OctetKeyPairGenerator extends JWKGenerator {


	/**
	 * The curve.
	 */
	private final Curve crv;


	/**
	 * The supported values for the "crv" property.
	 */
	public static final Set SUPPORTED_CURVES;


	static {
		Set curves = new LinkedHashSet<>();
		curves.add(Curve.X25519);
		curves.add(Curve.Ed25519);
		SUPPORTED_CURVES = Collections.unmodifiableSet(curves);
	}


	/**
	 * Creates a new OctetKeyPair JWK generator.
	 *
	 * @param crv The curve. Must not be {@code null}.
	 */
	public OctetKeyPairGenerator(final Curve crv) {

		if (crv == null) {
			throw new IllegalArgumentException("The curve must not be null");
		}

		if (! SUPPORTED_CURVES.contains(crv)) {
			throw new IllegalArgumentException("Curve not supported for OKP generation");
		}

		this.crv = crv;
	}
	
	
	@Override
	public OctetKeyPair generate()
		throws JOSEException {

		final Base64URL privateKey;
		final Base64URL publicKey;

		if (this.crv.equals(Curve.X25519)) {

			final byte[] privateKeyBytes;
			final byte[] publicKeyBytes;

			try {
				privateKeyBytes = X25519.generatePrivateKey();
				publicKeyBytes = X25519.publicFromPrivate(privateKeyBytes);

			} catch (InvalidKeyException e) {
				// internal Tink error, should not happen
				throw new JOSEException(e.getMessage(), e);
			}

			privateKey = Base64URL.encode(privateKeyBytes);
			publicKey = Base64URL.encode(publicKeyBytes);

		} else if (this.crv.equals(Curve.Ed25519)) {

			final Ed25519Sign.KeyPair tinkKeyPair;

			try {
				tinkKeyPair = Ed25519Sign.KeyPair.newKeyPair();

			} catch (GeneralSecurityException e) {
				// internal Tink error, should not happen
				throw new JOSEException(e.getMessage(), e);
			}

			privateKey = Base64URL.encode(tinkKeyPair.getPrivateKey());
			publicKey = Base64URL.encode(tinkKeyPair.getPublicKey());

		} else {

			throw new JOSEException("Curve not supported");
		}

		OctetKeyPair.Builder builder = new OctetKeyPair.Builder(crv, publicKey)
			.d(privateKey)
			.keyUse(use)
			.keyOperations(ops)
			.algorithm(alg);

		if (x5tKid) {
			builder.keyIDFromThumbprint();
		} else {
			builder.keyID(kid);
		}

		return builder.build();
	}
}