com.fr.cert.token.impl.crypto

类 EllipticCurveProvider

java.lang.Object

com.fr.cert.token.impl.crypto.EllipticCurveProvider

直接已知子类:

EllipticCurveSignatureValidator, EllipticCurveSigner

public abstract class EllipticCurveProvider
extends java.lang.Object

ElliptiCurve crypto provider.

从以下版本开始:

0.5

字段概要

字段

限定符和类型	字段和说明
protected SignatureAlgorithm	alg
static java.security.SecureRandom	DEFAULT_SECURE_RANDOM JJWT's default SecureRandom number generator.
protected java.security.Key	key

构造器概要

构造器

限定符	构造器和说明
protected	EllipticCurveProvider(SignatureAlgorithm alg, java.security.Key key)

方法概要

方法

限定符和类型	方法和说明
protected java.security.Signature	createSignatureInstance()
static java.security.KeyPair	generateKeyPair() Generates a new secure-random key pair assuming strength enough for the SignatureAlgorithm.ES512 algorithm.
static java.security.KeyPair	generateKeyPair(SignatureAlgorithm alg) Generates a new secure-random key pair of sufficient strength for the specified Elliptic Curve SignatureAlgorithm (must be one of ES256, ES384 or ES512) using JJWT's default SecureRandom instance.
static java.security.KeyPair	generateKeyPair(SignatureAlgorithm alg, java.security.SecureRandom random) Generates a new secure-random key pair of sufficient strength for the specified Elliptic Curve SignatureAlgorithm (must be one of ES256, ES384 or ES512) using the specified SecureRandom random number generator.
static java.security.KeyPair	generateKeyPair(java.lang.String jcaAlgorithmName, java.lang.String jcaProviderName, SignatureAlgorithm alg, java.security.SecureRandom random) Generates a new secure-random key pair of sufficient strength for the specified Elliptic Curve SignatureAlgorithm (must be one of ES256, ES384 or ES512) using the specified SecureRandom random number generator via the specified JCA provider and algorithm name.
static int	getSignatureByteArrayLength(SignatureAlgorithm alg) Returns the expected signature byte array length (R + S parts) for the specified ECDSA algorithm.
protected java.security.Signature	getSignatureInstance()
protected boolean	isBouncyCastleAvailable()
static byte[]	transcodeSignatureToConcat(byte[] derSignature, int outputLength) Transcodes the JCA ASN.1/DER-encoded signature into the concatenated R + S format expected by ECDSA JWS.
static byte[]	transcodeSignatureToDER(byte[] jwsSignature) Transcodes the ECDSA JWS signature into ASN.1/DER format for use by the JCA verifier.

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

字段详细资料

DEFAULT_SECURE_RANDOM

public static final java.security.SecureRandom DEFAULT_SECURE_RANDOM

JJWT's default SecureRandom number generator. This RNG is initialized using the JVM default as follows:

 static {
     DEFAULT_SECURE_RANDOM = new SecureRandom();
     DEFAULT_SECURE_RANDOM.nextBytes(new byte[64]);
 }
 

nextBytes is called to force the RNG to initialize itself if not already initialized. The byte array is not used and discarded immediately for garbage collection.

alg

protected final SignatureAlgorithm alg

key

protected final java.security.Key key

构造器详细资料

EllipticCurveProvider

protected EllipticCurveProvider(SignatureAlgorithm alg,
                     java.security.Key key)

方法详细资料

generateKeyPair

public static java.security.KeyPair generateKeyPair()

Generates a new secure-random key pair assuming strength enough for the SignatureAlgorithm.ES512 algorithm. This is a convenience method that immediately delegates to generateKeyPair(SignatureAlgorithm) using SignatureAlgorithm.ES512 as the method argument.

返回:

a new secure-randomly-generated key pair assuming strength enough for the SignatureAlgorithm.ES512 algorithm.

另请参阅:

generateKeyPair(SignatureAlgorithm), generateKeyPair(SignatureAlgorithm, SecureRandom), generateKeyPair(String, String, SignatureAlgorithm, SecureRandom)

generateKeyPair

public static java.security.KeyPair generateKeyPair(SignatureAlgorithm alg)

Generates a new secure-random key pair of sufficient strength for the specified Elliptic Curve SignatureAlgorithm (must be one of ES256, ES384 or ES512) using JJWT's default SecureRandom instance. This is a convenience method that immediately delegates to generateKeyPair(SignatureAlgorithm, SecureRandom).

参数:

alg - the algorithm indicating strength, must be one of ES256, ES384 or ES512

返回:

a new secure-randomly generated key pair of sufficient strength for the specified SignatureAlgorithm (must be one of ES256, ES384 or ES512) using JJWT's default SecureRandom instance.

另请参阅:

generateKeyPair(), generateKeyPair(SignatureAlgorithm, SecureRandom), generateKeyPair(String, String, SignatureAlgorithm, SecureRandom)

generateKeyPair

public static java.security.KeyPair generateKeyPair(SignatureAlgorithm alg,
                                    java.security.SecureRandom random)

Generates a new secure-random key pair of sufficient strength for the specified Elliptic Curve SignatureAlgorithm (must be one of ES256, ES384 or ES512) using the specified SecureRandom random number generator. This is a convenience method that immediately delegates to generateKeyPair(String, String, SignatureAlgorithm, SecureRandom) using "ECDSA" as the jcaAlgorithmName and "BC" as the jcaProviderName since EllipticCurve requires the use of an external JCA provider (BC stands for BouncyCastle. This will work as expected as long as the BouncyCastle dependency is in the runtime classpath.

参数:

alg - alg the algorithm indicating strength, must be one of ES256, ES384 or ES512

random - the SecureRandom generator to use during key generation.

返回:

a new secure-randomly generated key pair of sufficient strength for the specified SignatureAlgorithm (must be one of ES256, ES384 or ES512) using the specified SecureRandom random number generator.

另请参阅:

generateKeyPair(), generateKeyPair(SignatureAlgorithm), generateKeyPair(String, String, SignatureAlgorithm, SecureRandom)

generateKeyPair

public static java.security.KeyPair generateKeyPair(java.lang.String jcaAlgorithmName,
                                    java.lang.String jcaProviderName,
                                    SignatureAlgorithm alg,
                                    java.security.SecureRandom random)

Generates a new secure-random key pair of sufficient strength for the specified Elliptic Curve SignatureAlgorithm (must be one of ES256, ES384 or ES512) using the specified SecureRandom random number generator via the specified JCA provider and algorithm name.

参数:

jcaAlgorithmName - the JCA name of the algorithm to use for key pair generation, for example, ECDSA.

jcaProviderName - the JCA provider name of the algorithm implementation, for example BC for BouncyCastle.

alg - alg the algorithm indicating strength, must be one of ES256, ES384 or ES512

random - the SecureRandom generator to use during key generation.

返回:

a new secure-randomly generated key pair of sufficient strength for the specified Elliptic Curve SignatureAlgorithm (must be one of ES256, ES384 or ES512) using the specified SecureRandom random number generator via the specified JCA provider and algorithm name.

另请参阅:

generateKeyPair(), generateKeyPair(SignatureAlgorithm), generateKeyPair(SignatureAlgorithm, SecureRandom)

getSignatureByteArrayLength

public static int getSignatureByteArrayLength(SignatureAlgorithm alg)
                                       throws JwtException

Returns the expected signature byte array length (R + S parts) for the specified ECDSA algorithm.

参数:

alg - The ECDSA algorithm. Must be supported and not null.

返回:

The expected byte array length for the signature.

抛出:

JwtException - If the algorithm is not supported.

transcodeSignatureToConcat

public static byte[] transcodeSignatureToConcat(byte[] derSignature,
                                int outputLength)
                                         throws JwtException

Transcodes the JCA ASN.1/DER-encoded signature into the concatenated R + S format expected by ECDSA JWS.

参数:

derSignature - The ASN1./DER-encoded. Must not be null.

outputLength - The expected length of the ECDSA JWS signature.

返回:

The ECDSA JWS encoded signature.

抛出:

JwtException - If the ASN.1/DER signature format is invalid.

transcodeSignatureToDER

public static byte[] transcodeSignatureToDER(byte[] jwsSignature)
                                      throws JwtException

Transcodes the ECDSA JWS signature into ASN.1/DER format for use by the JCA verifier.

参数:

jwsSignature - The JWS signature, consisting of the concatenated R and S values. Must not be null.

返回:

The ASN.1/DER encoded signature.

抛出:

JwtException - If the ECDSA JWS signature format is invalid.

createSignatureInstance

protected java.security.Signature createSignatureInstance()

getSignatureInstance

protected java.security.Signature getSignatureInstance()
                                                throws java.security.NoSuchAlgorithmException

抛出:

java.security.NoSuchAlgorithmException

isBouncyCastleAvailable

protected boolean isBouncyCastleAvailable()