Package com.google.crypto.tink.jwt

Class JwtSignaturePrivateKey

    • Constructor Detail

      • JwtSignaturePrivateKey

        public JwtSignaturePrivateKey()

    • Method Detail

      • getKid

        public java.util.Optional<java.lang.String> getKid()
        Returns the "kid" to be used for this key (https://www.rfc-editor.org/rfc/rfc7517#section-4.5).

        Note that the "kid" is not necessarily related to Tink's "Key ID" in the keyset.

        If present, this kid will be written into the kid header during computeMacAndEncode. If absent, no kid will be written.

        If present, and the kid header is present, the contents of the kid header needs to match the return value of this function.

        Note that getParameters.allowKidAbsent() specifies if omitting the kid header is allowed. Of course, if getParameters.allowKidAbsent() is true, then getKid must not return an empty Optional.

      • getParameters

        public abstract JwtSignatureParameters getParameters()
        Description copied from class: Key
        Returns a Parameters object containing all the information about the key which is not randomly chosen.

        Implementations need to ensure that getParameters().hasIdRequirement() returns true if and only if getIdRequirementOrNull is non-null.

        Specified by:
        getParameters in class Key

      • getIdRequirementOrNull

        @Nullable
public java.lang.Integer getIdRequirementOrNull()
        Description copied from class: Key
        Returns null if this key has no id requirement, otherwise the required id.

        Some keys, when they are in a keyset, are required to have a certain ID to work properly. This comes from the fact that Tink in some cases prefixes ciphertexts or signatures with the string 0x01<id>, where the ID is encoded in big endian (see the documentation of the key type for details), in which case the key requires a certain ID.

        Specified by:
        getIdRequirementOrNull in class Key