下面列出了io.jsonwebtoken.SignatureAlgorithm#name ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Override
public SignatureValidator createSignatureValidator(SignatureAlgorithm alg, Key key) {
Assert.notNull(alg, "SignatureAlgorithm cannot be null.");
Assert.notNull(key, "Signing Key cannot be null.");
switch (alg) {
case HS256:
case HS384:
case HS512:
return new MacValidator(alg, key);
case RS256:
case RS384:
case RS512:
case PS256:
case PS384:
case PS512:
return new RsaSignatureValidator(alg, key);
case ES256:
case ES384:
case ES512:
return new EllipticCurveSignatureValidator(alg, key);
default:
throw new IllegalArgumentException("The '" + alg.name() + "' algorithm cannot be used for signing.");
}
}
@Override
public Signer createSigner(SignatureAlgorithm alg, Key key) {
Assert.notNull(alg, "SignatureAlgorithm cannot be null.");
Assert.notNull(key, "Signing Key cannot be null.");
switch (alg) {
case HS256:
case HS384:
case HS512:
return new MacSigner(alg, key);
case RS256:
case RS384:
case RS512:
case PS256:
case PS384:
case PS512:
return new RsaSigner(alg, key);
case ES256:
case ES384:
case ES512:
return new EllipticCurveSigner(alg, key);
default:
throw new IllegalArgumentException("The '" + alg.name() + "' algorithm cannot be used for signing.");
}
}
@Override
public SignatureValidator createSignatureValidator(SignatureAlgorithm alg, Key key) {
Assert.notNull(alg, "SignatureAlgorithm cannot be null.");
Assert.notNull(key, "Signing Key cannot be null.");
switch (alg) {
case HS256:
case HS384:
case HS512:
return new MacValidator(alg, key);
case RS256:
case RS384:
case RS512:
case PS256:
case PS384:
case PS512:
return new RsaSignatureValidator(alg, key);
case ES256:
case ES384:
case ES512:
return new EllipticCurveSignatureValidator(alg, key);
default:
throw new IllegalArgumentException("The '" + alg.name() + "' algorithm cannot be used for signing.");
}
}
@Override
public Signer createSigner(SignatureAlgorithm alg, Key key) {
Assert.notNull(alg, "SignatureAlgorithm cannot be null.");
Assert.notNull(key, "Signing Key cannot be null.");
switch (alg) {
case HS256:
case HS384:
case HS512:
return new MacSigner(alg, key);
case RS256:
case RS384:
case RS512:
case PS256:
case PS384:
case PS512:
return new RsaSigner(alg, key);
case ES256:
case ES384:
case ES512:
return new EllipticCurveSigner(alg, key);
default:
throw new IllegalArgumentException("The '" + alg.name() + "' algorithm cannot be used for signing.");
}
}
/**
* Returns the expected signature byte array length (R + S parts) for
* the specified ECDSA algorithm.
*
* @param alg The ECDSA algorithm. Must be supported and not
* {@code null}.
*
* @return The expected byte array length for the signature.
*
* @throws JwtException If the algorithm is not supported.
*/
public static int getSignatureByteArrayLength(final SignatureAlgorithm alg)
throws JwtException {
switch (alg) {
case ES256: return 64;
case ES384: return 96;
case ES512: return 132;
default:
throw new JwtException("Unsupported Algorithm: " + alg.name());
}
}
private static String keyTypeForSignatureAlgorithm(SignatureAlgorithm alg) {
if (alg.getFamilyName().equals("RSA")) {
return "RSA";
} else if (alg.getFamilyName().equals("ECDSA")) {
return "EC";
} else {
String msg = "The " + alg.name() + " algorithm does not support Key Pairs.";
throw new IllegalArgumentException(msg);
}
}
/**
* Returns the expected signature byte array length (R + S parts) for
* the specified ECDSA algorithm.
*
* @param alg The ECDSA algorithm. Must be supported and not
* {@code null}.
* @return The expected byte array length for the signature.
* @throws JwtException If the algorithm is not supported.
*/
public static int getSignatureByteArrayLength(final SignatureAlgorithm alg)
throws JwtException {
switch (alg) {
case ES256:
return 64;
case ES384:
return 96;
case ES512:
return 132;
default:
throw new JwtException("Unsupported Algorithm: " + alg.name());
}
}
/**
* Returns a new {@link KeyPair} suitable for use with the specified asymmetric algorithm.
*
* <p>If the {@code alg} argument is an RSA algorithm, a KeyPair is generated based on the following:</p>
*
* <table>
* <tr>
* <th>JWA Algorithm</th>
* <th>Key Size</th>
* </tr>
* <tr>
* <td>RS256</td>
* <td>2048 bits</td>
* </tr>
* <tr>
* <td>PS256</td>
* <td>2048 bits</td>
* </tr>
* <tr>
* <td>RS384</td>
* <td>3072 bits</td>
* </tr>
* <tr>
* <td>PS384</td>
* <td>3072 bits</td>
* </tr>
* <tr>
* <td>RS512</td>
* <td>4096 bits</td>
* </tr>
* <tr>
* <td>PS512</td>
* <td>4096 bits</td>
* </tr>
* </table>
*
* <p>If the {@code alg} argument is an Elliptic Curve algorithm, a KeyPair is generated based on the following:</p>
*
* <table>
* <tr>
* <th>JWA Algorithm</th>
* <th>Key Size</th>
* <th><a href="https://tools.ietf.org/html/rfc7518#section-7.6.2">JWA Curve Name</a></th>
* <th><a href="https://tools.ietf.org/html/rfc5480#section-2.1.1.1">ASN1 OID Curve Name</a></th>
* </tr>
* <tr>
* <td>EC256</td>
* <td>256 bits</td>
* <td>{@code P-256}</td>
* <td>{@code secp256r1}</td>
* </tr>
* <tr>
* <td>EC384</td>
* <td>384 bits</td>
* <td>{@code P-384}</td>
* <td>{@code secp384r1}</td>
* </tr>
* <tr>
* <td>EC512</td>
* <td>512 bits</td>
* <td>{@code P-521}</td>
* <td>{@code secp521r1}</td>
* </tr>
* </table>
*
* @param alg the {@code SignatureAlgorithm} to inspect to determine which asymmetric algorithm to use.
* @return a new {@link KeyPair} suitable for use with the specified asymmetric algorithm.
* @throws IllegalArgumentException if {@code alg} is not an asymmetric algorithm
*/
public static KeyPair keyPairFor(SignatureAlgorithm alg) throws IllegalArgumentException {
Assert.notNull(alg, "SignatureAlgorithm cannot be null.");
switch (alg) {
case RS256:
case PS256:
case RS384:
case PS384:
case RS512:
case PS512:
return Classes.invokeStatic(RSA, "generateKeyPair", SIG_ARG_TYPES, alg);
case ES256:
case ES384:
case ES512:
return Classes.invokeStatic(EC, "generateKeyPair", SIG_ARG_TYPES, alg);
default:
String msg = "The " + alg.name() + " algorithm does not support Key Pairs.";
throw new IllegalArgumentException(msg);
}
}
/**
* Returns a new {@link SecretKey} with a key length suitable for use with the specified {@link SignatureAlgorithm}.
*
* <p><a href="https://tools.ietf.org/html/rfc7518#section-3.2">JWA Specification (RFC 7518), Section 3.2</a>
* requires minimum key lengths to be used for each respective Signature Algorithm. This method returns a
* secure-random generated SecretKey that adheres to the required minimum key length. The lengths are:</p>
*
* <table>
* <tr>
* <th>Algorithm</th>
* <th>Key Length</th>
* </tr>
* <tr>
* <td>HS256</td>
* <td>256 bits (32 bytes)</td>
* </tr>
* <tr>
* <td>HS384</td>
* <td>384 bits (48 bytes)</td>
* </tr>
* <tr>
* <td>HS512</td>
* <td>512 bits (64 bytes)</td>
* </tr>
* </table>
*
* @param alg the {@code SignatureAlgorithm} to inspect to determine which key length to use.
* @return a new {@link SecretKey} instance suitable for use with the specified {@link SignatureAlgorithm}.
* @throws IllegalArgumentException for any input value other than {@link SignatureAlgorithm#HS256},
* {@link SignatureAlgorithm#HS384}, or {@link SignatureAlgorithm#HS512}
*/
public static SecretKey secretKeyFor(SignatureAlgorithm alg) throws IllegalArgumentException {
Assert.notNull(alg, "SignatureAlgorithm cannot be null.");
switch (alg) {
case HS256:
case HS384:
case HS512:
return Classes.invokeStatic(MAC, "generateKey", SIG_ARG_TYPES, alg);
default:
String msg = "The " + alg.name() + " algorithm does not support shared secret keys.";
throw new IllegalArgumentException(msg);
}
}