Package net.shibboleth.oidc.security.credential

Class JWKCredentialSupport

java.lang.Object

net.shibboleth.oidc.security.credential.JWKCredentialSupport

public final class JWKCredentialSupport
extends Object

Provide JWK specific credential support.

Constructor Summary

Constructors

Modifier	Constructor	Description
private	JWKCredentialSupport()	Constructor.

Method Summary

Modifier and Type	Method	Description
static JWKCredential	deriveSymmetricKeyForAlgAndEnc(JWKCredential credential, com.nimbusds.jose.JWEAlgorithm alg, com.nimbusds.jose.EncryptionMethod enc)	Derive a *new* symmetric key credential suitable for the given 'alg' and 'enc' algorithms.
static SecretKey	generateSymmetricKey(byte[] clientSecret, com.nimbusds.jose.JWEAlgorithm alg, com.nimbusds.jose.EncryptionMethod enc)	Generate symmetric key from client_secret using the algorithms supplied.
static SecretKey	generateSymmetricKey(com.nimbusds.oauth2.sdk.auth.Secret clientSecret, com.nimbusds.jose.JWEAlgorithm alg, com.nimbusds.jose.EncryptionMethod enc)	Generate symmetric key from client_secret using the algorithms supplied.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JWKCredentialSupport

private JWKCredentialSupport()

Constructor.

Method Detail

deriveSymmetricKeyForAlgAndEnc

@Nullable
public static final JWKCredential deriveSymmetricKeyForAlgAndEnc(@Nullable
                                                                 JWKCredential credential,
                                                                 @Nullable
                                                                 com.nimbusds.jose.JWEAlgorithm alg,
                                                                 @Nullable
                                                                 com.nimbusds.jose.EncryptionMethod enc)
                                                          throws com.nimbusds.jose.JOSEException

Derive a *new* symmetric key credential suitable for the given 'alg' and 'enc' algorithms. The new credential is a copy of the given credential but replacing the keyID and secret. If any of the inputs are null then null is returned.

Parameters:

credential - the credential that contains a secret key to derive a new credential from

alg - the key management mode algorithm

enc - the content encryption algorithm

Returns:

a *new* derived credential, or null if an error occurs

Throws:

com.nimbusds.jose.JOSEException - on error deriving the credential

generateSymmetricKey

public static final SecretKey generateSymmetricKey(byte[] clientSecret,
                                                   com.nimbusds.jose.JWEAlgorithm alg,
                                                   com.nimbusds.jose.EncryptionMethod enc)
                                            throws com.nimbusds.jose.JOSEException

Generate symmetric key from client_secret using the algorithms supplied.

Parameters:

clientSecret - client secret to derive a key from

alg - the key management mode or key transport algorithm

enc - the content encryption algorithm

Returns:

key derived from client secret.

Throws:

com.nimbusds.jose.JOSEException - on error

generateSymmetricKey

public static final SecretKey generateSymmetricKey(com.nimbusds.oauth2.sdk.auth.Secret clientSecret,
                                                   com.nimbusds.jose.JWEAlgorithm alg,
                                                   com.nimbusds.jose.EncryptionMethod enc)
                                            throws com.nimbusds.jose.JOSEException

Generate symmetric key from client_secret using the algorithms supplied.

Parameters:

clientSecret - client secret to derive a key from

alg - the key management mode or key transport algorithm

enc - the content encryption algorithm

Returns:

key derived from client secret.

Throws:

com.nimbusds.jose.JOSEException - on error