Package org.forgerock.json.jose.jws

Class SigningManager

  • public class SigningManager
extends Object
    A service to get the appropriate SigningHandler for a specific Java Cryptographic signing algorithm.

    For details of all supported signing algorithms see JwsAlgorithm

    Since:
    2.0.0

    • Method Detail

      • newNopSigningHandler

        @Deprecated
public SigningHandler newNopSigningHandler()
        Deprecated.
        This method is inherently insecure and shouldn't be used.
        Constructs an implementation of the SigningHandler which does not perform any signing or verifying.
        Returns:
        an implementation of the SigningHandler which does not perform any signing or verifying.

      • newRsaSigningHandler

        @Deprecated
public SigningHandler newRsaSigningHandler​(Key key)
        Deprecated.
        use newRsaVerificationHandler(VerificationKey) instead
        Constructs a new RSASigningHandler, with a SignatureUtil instance to delegate the signing and verifying calls to.
        Parameters:
        key - The key used to sign and verify the signature.
        Returns:
        a new RSASigningHandler, with a SignatureUtil instance to delegate the signing and verifying calls to.

      • newEcdsaSigningHandler

        @Deprecated
public SigningHandler newEcdsaSigningHandler​(PrivateKey key)
        Deprecated.
        use newEcdsaSigningHandler(SigningKey)} instead
        Constructs a new handler for signing ES256 signatures.
        Parameters:
        key - the elliptic curve private key. Should use the required curve for the given signing algorithm (P-256 for ES256).
        Returns:
        the signing handler.

      • newEcdsaSigningHandler

        @Deprecated
public SigningHandler newEcdsaSigningHandler​(ECPrivateKey key)
        Deprecated.
        use newEcdsaSigningHandler(SigningKey)} instead
        Constructs a new handler for signing ES256 signatures.
        Parameters:
        key - the elliptic curve private key. Should use the required curve for the given signing algorithm (P-256 for ES256).
        Returns:
        the signing handler.

      • newEcdsaVerificationHandler

        @Deprecated
public SigningHandler newEcdsaVerificationHandler​(ECPublicKey key)
        Deprecated.
        use newEcdsaVerificationHandler(VerificationKey) instead
        Constructs a new handler for verifying ES256 signatures.
        Parameters:
        key - the elliptic curve public key. Should use the required curve for the given signing algorithm (P-256 for ES256).
        Returns:
        the signing handler configured for verification.

      • newEdDsaSigningHandler

        @Deprecated
public SigningHandler newEdDsaSigningHandler​(byte[] privateKey)
        Deprecated.
        Use newEdDsaSigningHandler(SigningKey) instead
        Constructs a new handler for signing EdDSA signatures.
        Parameters:
        privateKey - the raw private key bytes.
        Returns:
        the signing handler.

      • newEdDsaSigningHandler

        public SigningHandler newEdDsaSigningHandler​(SigningKey signingKey)
        Constructs a new handler for signing EdDSA signatures.
        Parameters:
        signingKey - the EdDSA signing key.
        Returns:
        the signing handler.

      • newEdDsaVerificationHandler

        public SigningHandler newEdDsaVerificationHandler​(VerificationKey verificationKey)
        Constructs a new handler for verifying EdDSA signatures.
        Parameters:
        verificationKey - EdDSA public verification key.
        Returns:
        the signing handler.

      • newSigningHandler

        public SigningHandler newSigningHandler​(SigningKey key)
        Returns the signing handler from the given SigningKey which will be used to sign the JWT.
        Parameters:
        key - The SigningKey use to sign the JWT.
        Returns:
        the signing handler to use for signing the JWT.
        Throws:
        IllegalArgumentException - if no handler can be determined for the given key.

      • newVerificationHandler

        public SigningHandler newVerificationHandler​(VerificationKey key)
        Returns the signing handler from the given VerificationKey which will be used to verify the JWT.
        Parameters:
        key - The VerificationKey use to verify the JWT.
        Returns:
        the signing handler to use for verifying the JWT.
        Throws:
        IllegalArgumentException - if no handler can be determined for the given key.

      • newRsaSigningHandler

        public SigningHandler newRsaSigningHandler​(SigningKey key)
        Constructs a new SecretRSASigningHandler configured for signature validation.
        Parameters:
        key - Key to use for signing
        Returns:
        a new SigningHandler that can only do signing

      • newRsaVerificationHandler

        public SigningHandler newRsaVerificationHandler​(VerificationKey key)
        Constructs a new SecretRSASigningHandler configured for signature validation.
        Parameters:
        key - Key to use for signature verification
        Returns:
        a new SigningHandler that can only do verification

      • newHmacSigningHandler

        public SigningHandler newHmacSigningHandler​(SigningKey key)
        Constructs a new SecretHmacSigningHandler configured for signature validation.
        Parameters:
        key - Key to use for signing
        Returns:
        a new SigningHandler that can only do signing

      • newHmacVerificationHandler

        public SigningHandler newHmacVerificationHandler​(VerificationKey key)
        Constructs a new SecretHmacSigningHandler configured for signature validation.
        Parameters:
        key - Key to use for signature verification
        Returns:
        a new SigningHandler that can only do verification

      • newEcdsaSigningHandler

        public SigningHandler newEcdsaSigningHandler​(SigningKey key)
        Constructs a new handler for signing ES256 signatures.
        Parameters:
        key - the elliptic curve signing key. Should use the required curve for the given signing algorithm (P-256 for ES256).
        Returns:
        the signing handler.

      • newEcdsaVerificationHandler

        public SigningHandler newEcdsaVerificationHandler​(VerificationKey key)
        Constructs a new handler for verifying ES256 signatures.
        Parameters:
        key - the elliptic curve verification key. Should use the required curve for the given signing algorithm (P-256 for ES256).
        Returns:
        the signing handler configured for verification.

      • newSigningHandler

        @Deprecated
public SigningHandler newSigningHandler​(Key key)
        Deprecated.
        Use newSigningHandler(SigningKey) instead
        Returns the signing handler from the given Key which will be used to verify the JWT.
        Parameters:
        key - The Key use to sign the JWT.
        Returns:
        the signing handler to use for signing the JWT.
        Throws:
        IllegalArgumentException - if no handler can be determined for the given key.

      • newSigningHandler

        public SigningHandler newSigningHandler​(JWK jwk)
        Returns the signing handler from the given JSON Web Key (JWK) which will be used to sign the JWT.
        Parameters:
        jwk - The JSON Web Key (JWK).
        Returns:
        the signing handler to use for signing the JWT.

      • newVerificationHandler

        public SigningHandler newVerificationHandler​(JWK jwk)
        Returns the signing handler from the given JSON Web Key (JWK) which will be used to verify the JWT.
        Parameters:
        jwk - The JSON Web Key (JWK).
        Returns:
        the signing handler to use for verifying the JWT.