EcJWK.java
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions Copyrighted [year] [name of copyright owner]".
*
* Copyright 2013-2017 ForgeRock AS.
*/
package org.forgerock.json.jose.jwk;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.util.List;
import org.forgerock.json.JsonException;
import org.forgerock.json.JsonValue;
import org.forgerock.json.jose.jws.SupportedEllipticCurve;
import org.forgerock.json.jose.utils.BigIntegerUtils;
import org.forgerock.util.encode.Base64url;
/**
* This class implements an Elliptical Curve Json Web Key storage and manipulation class.
*/
public class EcJWK extends JWK {
/**
* The X value for the EC point.
*/
private final static String X = "x";
/**
* The Y value for the EC Point.
*/
private final static String Y = "y";
/**
* The private key value.
*/
private final static String D = "d";
/**
* The Curve of the ECC.
*/
private final static String CURVE = "crv";
/**
* Creates a public EcJWK.
* @param publicKey The public key for the JWK
* @param use The value of the use JWK parameter
* @param kid The key id of the JWK
*/
public EcJWK(ECPublicKey publicKey, KeyUse use, String kid) {
this(publicKey, null, use, kid);
}
/**
* Creates a public and private EcJWK.
* @param publicKey The public key for the JWK
* @param privateKey The private key for the JWK
* @param use The value of the use JWK parameter
* @param kid The key id of the JWK
*/
public EcJWK(ECPublicKey publicKey, ECPrivateKey privateKey, KeyUse use, String kid) {
super(KeyType.EC, use, SupportedEllipticCurve.forKey(publicKey).getJwsAlgorithm().name(), kid);
final int fieldSize = publicKey.getParams().getCurve().getField().getFieldSize();
put(X, encodeCoordinate(fieldSize,
publicKey.getW().getAffineX()));
put(Y, encodeCoordinate(fieldSize,
publicKey.getW().getAffineY()));
put(CURVE, SupportedEllipticCurve.forKey(publicKey).getStandardName());
if (privateKey != null) {
put(D, encodeCoordinate(fieldSize, privateKey.getS()));
}
}
/**
* Creates a public EcJWK.
* @param use The value of the use JWK parameter
* @param alg The value of the alg JWK parameter
* @param kid The key id of the JWK
* @param x The unsigned big-endian base64 url encoding of the elliptical curve point x coordinate
* @param y The unsigned big-endian base64 url encoding of the elliptical curve point y coordinate
* @param curve The known curve to use. For example "NIST P-256".
* @param x5u the x509 url for the key
* @param x5t the x509 thumbnail for the key
* @param x5c the x509 chain as a list of Base64 encoded strings
*/
public EcJWK(KeyUse use, String alg, String kid, String x, String y, String curve, String x5u, String x5t,
List<String> x5c) {
this(use, alg, kid, x, y, null, curve, x5u, x5t, x5c);
}
/**
* Creates a public and private EcJWK.
* @param use The value of the use JWK parameter
* @param alg The value of the alg JWK parameter
* @param kid The key id of the JWK
* @param x The unsigned big-endian base64 url encoding of the elliptical curve point x coordinate
* @param y The unsigned big-endian base64 url encoding of the elliptical curve point y coordinate
* @param d The unsigned big-endian base64 url encoding of the d value for the elliptical curve private key
* @param curve The known curve to use. For example "NIST P-256".
* @param x5u the x509 url for the key
* @param x5t the x509 thumbnail for the key
* @param x5c the x509 chain as a list of Base64 encoded strings
*/
public EcJWK(KeyUse use, String alg, String kid, String x, String y, String d, String curve,
String x5u, String x5t, List<String> x5c) {
super(KeyType.EC, use, alg, kid, x5u, x5t, x5c);
if (x == null || x.isEmpty()) {
throw new JsonException("x is required for an EcJWK");
}
put(X, x);
if (y == null || y.isEmpty()) {
throw new JsonException("y is required for an EcJWK");
}
put(Y, y);
if (curve == null || curve.isEmpty()) {
throw new JsonException("curve is required for an EcJWK");
}
put(CURVE, curve);
put(D, d);
}
/**
* Gets the unsigned big-endian base64 url encoding of the elliptical curve point x coordinate.
* @return unsigned big-endian base64 url encoding of the elliptical curve point x coordinate
*/
public String getX() {
return get(X).asString();
}
/**
* Gets the unsigned big-endian base64 url encoding of the elliptical curve point y coordinate.
* @return the unsigned big-endian base64 url encoding of the elliptical curve point y coordinate
*/
public String getY() {
return get(Y).asString();
}
/**
* Gets the unsigned big-endian base64 url encoding of the d value for the elliptical curve private key.
* @return the unsigned big-endian base64 url encoding of the d value for the elliptical curve private key
*/
public String getD() {
return get(D).asString();
}
/**
* Gets the known curve to use. For example "NIST P-256".
* @return the known curve of the JWK
*/
public String getCurve() {
return get(CURVE).asString();
}
/**
* Parses a JWK from a string json object.
* @param json string json object
* @return a EcJWK object
*/
public static EcJWK parse(String json) {
JsonValue jwk = new JsonValue(toJsonValue(json));
return parse(jwk);
}
/**
* Parses a JWK from a JsonValue json object.
* @param json JsonValue json object
* @return a EcJWK object
*/
public static EcJWK parse(JsonValue json) {
if (json == null) {
throw new JsonException("Cant parse OctJWK. No json data.");
}
KeyType kty = null;
KeyUse use = null;
String x = null, y = null, d = null, curve = null, alg = null, kid = null;
String x5u = null, x5t = null;
List<String> x5c = null;
kty = KeyType.getKeyType(json.get(KTY).asString());
if (!kty.equals(KeyType.EC)) {
throw new JsonException("Invalid key type. Not an EC JWK");
}
x = json.get(X).asString();
y = json.get(Y).asString();
d = json.get(D).asString();
curve = json.get(CURVE).asString();
use = KeyUse.getKeyUse(json.get(USE).asString());
alg = json.get(ALG).asString();
kid = json.get(KID).asString();
x5u = json.get(X5U).asString();
x5t = json.get(X5T).asString();
x5c = json.get(X5C).asList(String.class);
return new EcJWK(use, alg, kid, x, y, d, curve, x5u, x5t, x5c);
}
/**
* Prints the JWK as a String json object.
* @return a json string object
*/
public String toJsonString() {
return super.toString();
}
/**
* Converts the JWK to a ECPublicKey.
* @return an ECPublicKey
*/
public ECPublicKey toECPublicKey() {
try {
final SupportedEllipticCurve curve = SupportedEllipticCurve.forName(getCurve());
KeyFactory keyFactory = KeyFactory.getInstance("EC");
ECPoint point = new ECPoint(
BigIntegerUtils.base64UrlDecode(getX()),
BigIntegerUtils.base64UrlDecode(getY()));
return (ECPublicKey) keyFactory.generatePublic(new ECPublicKeySpec(point, curve.getParameters()));
} catch (GeneralSecurityException e) {
throw new JsonException("Unable to create EC Public Key", e);
}
}
/**
* Converts the JWK to a ECPrivateKey.
* @return an ECPrivateKey
*/
public ECPrivateKey toECPrivateKey() {
try {
final SupportedEllipticCurve curve = SupportedEllipticCurve.forName(getCurve());
KeyFactory keyFactory = KeyFactory.getInstance("EC");
final BigInteger s = BigIntegerUtils.base64UrlDecode(getD());
return (ECPrivateKey) keyFactory.generatePrivate(new ECPrivateKeySpec(s, curve.getParameters()));
} catch (GeneralSecurityException e) {
throw new JsonException("Unable to create EC Private Key", e);
}
}
/**
* Converts the JWK to a KeyPair.
* @return an KeyPair
*/
public KeyPair toKeyPair() {
return new KeyPair(toECPublicKey(), toECPrivateKey());
}
/**
* Decode the unsigned big-endian base64 url encoding of an elliptical curve point.
* @param encodedCoordinate the unsigned big-endian base64 url encoding of a the elliptical curve point
* @return the elliptical curve point
*/
public static BigInteger decodeCoordinate(String encodedCoordinate) {
return BigIntegerUtils.base64UrlDecode(encodedCoordinate);
}
/**
* Base64url encode the unsigned big-endian representation of an elliptical curve point.
* @param fieldSize the EC field size in bits.
* @param coordinate the elliptical curve point
* @return the unsigned big-endian base64 url encoding of the elliptical curve point
*/
public static String encodeCoordinate(final int fieldSize, final BigInteger coordinate) {
final byte[] bigEndian = BigIntegerUtils.toBytesUnsigned(coordinate);
/*
* fieldSize defines the size of the bytes array output.
* Since we need to keep big endian, we need to pad with 0 bits at the beginning if necessary
*/
int bytesToOutput = (fieldSize + 7) / 8;
if (bigEndian.length > bytesToOutput) {
throw new IllegalArgumentException(
"The EC field size can't be smaller than the actual elliptic curve points bits size.");
}
if (bigEndian.length == bytesToOutput) {
// Same size, we can return directly
return Base64url.encode(bigEndian);
}
final byte[] bigEndianWithRightFieldSize = new byte[bytesToOutput];
System.arraycopy(bigEndian, 0, bigEndianWithRightFieldSize, bytesToOutput - bigEndian.length, bigEndian.length);
return Base64url.encode(bigEndianWithRightFieldSize);
}
}