public class JWTUtils extends Object
Constructor and Description |
---|
JWTUtils() |
Modifier and Type | Method and Description |
---|---|
static String |
convertFingerprintToThumbprint(String fingerprint)
Convert a HEX
SHA-1 or SHA-256 X.509 certificate fingerprint to an x5t
or x5t#256 thumbprint respectively. |
static String |
convertThumbprintToFingerprint(String x5tHash)
Convert an X.509 certificate thumbprint to a HEX
SHA-1 or SHA-256 fingerprint respectively. |
static Header |
decodeHeader(String encodedJWT)
WARNING!! This is not a secure or safe way to decode a JWT, this will not perform any validation on the signature.
|
static JWT |
decodePayload(String encodedJWT)
WARNING!! This is not a secure or safe way to decode a JWT, this will not perform any validation on the signature.
|
static KeyPair |
generate2048_RSAKeyPair()
Generate a new public / private key pair using a 2048 bit RSA key.
|
static KeyPair |
generate256_ECKeyPair()
Generate a new public / private key pair using a 256 bit EC key.
|
static KeyPair |
generate3072_RSAKeyPair()
Generate a new public / private key pair using a 3072 bit RSA key.
|
static KeyPair |
generate384_ECKeyPair()
Generate a new public / private key pair using a 384 bit EC key.
|
static KeyPair |
generate4096_RSAKeyPair()
Generate a new public / private key pair using a 4096 bit RSA key.
|
static KeyPair |
generate521_ECKeyPair()
Generate a new public / private key pair using a 521 bit EC key.
|
static String |
generateJWS_kid_S256(JSONWebKey key)
Generate the JWK SHA-256 Thumbprint as per RFC 7638.
|
static String |
generateJWS_kid(JSONWebKey key)
Generate the JWK SHA-1 Thumbprint as per RFC 7638.
|
static String |
generateJWS_kid(String algorithm,
JSONWebKey key)
Generate the JWK Thumbprint as per RFC 7638.
|
static String |
generateJWS_x5t(byte[] derEncodedCertificate)
Generate the
x5t - the X.509 certificate thumbprint to be used in JWT header. |
static String |
generateJWS_x5t(String encodedCertificate)
Generate the
x5t - the X.509 certificate thumbprint to be used in JWT header. |
static String |
generateJWS_x5t(String algorithm,
byte[] derEncodedCertificate)
Generate the
x5t - the X.509 certificate thumbprint to be used in JWT header. |
static String |
generateJWS_x5t(String algorithm,
String encodedCertificate)
Generate the
x5t - the X.509 certificate thumbprint to be used in JWT header. |
static String |
generateSecureRandom(int bytes)
Return a secure random string
|
static String |
generateSHA256_HMACSecret()
Generate a 32 byte (256 bit) HMAC secret for use with a SHA-256 hash.
|
static String |
generateSHA384_HMACSecret()
Generate a 48 byte (384 bit) HMAC secret for use with a SHA-384 hash.
|
static String |
generateSHA512_HMACSecret()
Generate a 64 byte (512 bit) HMAC secret for use with a SHA-512 hash.
|
public static String convertFingerprintToThumbprint(String fingerprint)
SHA-1
or SHA-256
X.509 certificate fingerprint to an x5t
or x5t#256
thumbprint respectively.fingerprint
- the SHA-1 or SHA-256 fingerprintpublic static String convertThumbprintToFingerprint(String x5tHash)
SHA-1
or SHA-256
fingerprint respectively.
If a x5t
thumbprint is provided, a SHA-1 HEX encoded fingerprint will be returned.
If a x5t#256
thumbprint is provided, a SHA-256 HEX encoded fingerprint will be returned.
x5tHash
- the x5t hashpublic static Header decodeHeader(String encodedJWT)
Consider the header returned from this method as un-trustworthy. This is intended for utility and a nice way to read the JWT header, but do not use it in production to verify the integrity.
encodedJWT
- the encoded JWTpublic static JWT decodePayload(String encodedJWT)
Consider the JWT returned from this method as un-trustworthy. This is intended for utility and a nice way to read the JWT, but do not use it in production to verify the claims contained in this JWT.
encodedJWT
- the encoded JWTpublic static KeyPair generate2048_RSAKeyPair()
public static KeyPair generate256_ECKeyPair()
public static KeyPair generate3072_RSAKeyPair()
public static KeyPair generate384_ECKeyPair()
public static KeyPair generate4096_RSAKeyPair()
public static KeyPair generate521_ECKeyPair()
public static String generateJWS_kid(String algorithm, JSONWebKey key)
algorithm
- the algorithm used to calculate the hash of the thumbprint, generally SHA-1 or SHA-256.key
- the JSONWebKey
to determine the thumbprint forpublic static String generateJWS_kid(JSONWebKey key)
key
- the JSONWebKey
to determine the thumbprint forpublic static String generateJWS_kid_S256(JSONWebKey key)
key
- the JSONWebKey
to determine the thumbprint forpublic static String generateJWS_x5t(String encodedCertificate)
x5t
- the X.509 certificate thumbprint to be used in JWT header.encodedCertificate
- the Base64 encoded certificatepublic static String generateJWS_x5t(String algorithm, String encodedCertificate)
x5t
- the X.509 certificate thumbprint to be used in JWT header.algorithm
- the algorithm used to calculate the hash, generally SHA-1 or SHA-256.encodedCertificate
- the Base64 encoded certificatepublic static String generateJWS_x5t(byte[] derEncodedCertificate)
x5t
- the X.509 certificate thumbprint to be used in JWT header.derEncodedCertificate
- the DER encoded certificatepublic static String generateJWS_x5t(String algorithm, byte[] derEncodedCertificate)
x5t
- the X.509 certificate thumbprint to be used in JWT header.algorithm
- the algorithm used to calculate the hash, generally SHA-1 or SHA-256.derEncodedCertificate
- the DER encoded certificatepublic static String generateSHA256_HMACSecret()
public static String generateSHA384_HMACSecret()
public static String generateSHA512_HMACSecret()
public static String generateSecureRandom(int bytes)
bytes
- the number of bytes used to generate the random byte array to be encoded.Copyright © 2021. All rights reserved.