Package com.google.crypto.tink.jwt

Class JwtEcdsaPublicKey

java.lang.Object

com.google.crypto.tink.Key

com.google.crypto.tink.jwt.JwtSignaturePublicKey

com.google.crypto.tink.jwt.JwtEcdsaPublicKey

@Immutable
public final class JwtEcdsaPublicKey
extends JwtSignaturePublicKey

JwtEcdsaPublicKey represents the public portion of JWT ECDSA keys.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	JwtEcdsaPublicKey.Builder	Builder for EcdsaPublicKey.

Method Summary

Modifier and Type	Method	Description
static JwtEcdsaPublicKey.Builder	builder()
boolean	equalsKey(Key o)	Returns true if the key is guaranteed to be equal to other.
java.lang.Integer	getIdRequirementOrNull()	Returns null if this key has no id requirement, otherwise the required id.
java.util.Optional<java.lang.String>	getKid()	Returns the "kid" to be used for this key (https://www.rfc-editor.org/rfc/rfc7517#section-4.5).
JwtEcdsaParameters	getParameters()	Returns the parameters of this key.
java.security.spec.ECPoint	getPublicPoint()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

builder

public static JwtEcdsaPublicKey.Builder builder()

getPublicPoint

public java.security.spec.ECPoint getPublicPoint()

getKid

public java.util.Optional<java.lang.String> getKid()

Description copied from class: JwtSignaturePublicKey

Returns the "kid" to be used for this key (https://www.rfc-editor.org/rfc/rfc7517#section-4.5).

Note that the "kid" is not necessarily related to Tink's "Key ID" in the keyset.

If present, this kid will be written into the kid header during computeMacAndEncode. If absent, no kid will be written.

If present, and the kid header is present, the contents of the kid header needs to match the return value of this function.

Note that getParameters.allowKidAbsent() specifies if omitting the kid header is allowed. Of course, if getParameters.allowKidAbsent() is true, then getKid must not return an empty Optional.

Specified by:

getKid in class JwtSignaturePublicKey

getIdRequirementOrNull

@Nullable
public java.lang.Integer getIdRequirementOrNull()

Description copied from class: Key

Returns null if this key has no id requirement, otherwise the required id.

Some keys, when they are in a keyset, are required to have a certain ID to work properly. This comes from the fact that Tink in some cases prefixes ciphertexts or signatures with the string 0x01<id>, where the ID is encoded in big endian (see the documentation of the key type for details), in which case the key requires a certain ID.

Specified by:

getIdRequirementOrNull in class Key

getParameters

public JwtEcdsaParameters getParameters()

Description copied from class: JwtSignaturePublicKey

Returns the parameters of this key.

Specified by:

getParameters in class JwtSignaturePublicKey

equalsKey

public boolean equalsKey(Key o)

Description copied from class: Key

Returns true if the key is guaranteed to be equal to other.

Implementations are required to do this in constant time.

Note: this is allowed to return false even if two keys are guaranteed to represent the same function, but are represented differently. For example, a key is allowed to internally store the number of zero-bytes used as padding when a large number is represented as a byte array, and use this in the comparison.

Note: Tink Key objects should typically not override hashCode (because it could risk leaking key material). Hence, they typically also should not override equals.

Specified by:

equalsKey in class Key