Package com.nimbusds.jose.crypto

Class ECDSASigner

    • Constructor Detail

      • ECDSASigner

        public ECDSASigner​(ECPrivateKey privateKey)
            throws JOSEException
        Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.
        Parameters:
        privateKey - The private EC key. Must not be null.
        Throws:
        JOSEException - If the elliptic curve of key is not supported.

      • ECDSASigner

        public ECDSASigner​(ECPrivateKey privateKey,
                   Set<JWSSignerOption> opts)
            throws JOSEException
        Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.
        Parameters:
        privateKey - The private EC key. Must not be null.
        opts - The signing options, empty or null if none.
        Throws:
        JOSEException - If the elliptic curve of key is not supported.

      • ECDSASigner

        public ECDSASigner​(PrivateKey privateKey,
                   Curve curve)
            throws JOSEException
        Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer. This constructor is intended for a private EC key located in a PKCS#11 store that doesn't expose the private key parameters (such as a smart card or HSM).
        Parameters:
        privateKey - The private EC key. Its algorithm must be "EC". Must not be null.
        curve - The elliptic curve for the key. Must not be null.
        Throws:
        JOSEException - If the elliptic curve of key is not supported.

      • ECDSASigner

        public ECDSASigner​(PrivateKey privateKey,
                   Curve curve,
                   Set<JWSSignerOption> opts)
            throws JOSEException
        Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer. This constructor is intended for a private EC key located in a PKCS#11 store that doesn't expose the private key parameters (such as a smart card or HSM).
        Parameters:
        privateKey - The private EC key. Its algorithm must be "EC". Must not be null.
        curve - The elliptic curve for the key. Must not be null.
        opts - The signing options, empty or null if none.
        Throws:
        JOSEException - If the elliptic curve of key is not supported.

      • ECDSASigner

        public ECDSASigner​(ECKey ecJWK)
            throws JOSEException
        Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.
        Parameters:
        ecJWK - The EC JSON Web Key (JWK). Must contain a private part. Must not be null.
        Throws:
        JOSEException - If the EC JWK doesn't contain a private part, its extraction failed, or the elliptic curve is not supported.

      • ECDSASigner

        public ECDSASigner​(ECKey ecJWK,
                   Set<JWSSignerOption> opts)
            throws JOSEException
        Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) signer.
        Parameters:
        ecJWK - The EC JSON Web Key (JWK). Must contain a private part. Must not be null.
        opts - The signing options, empty or null if none.
        Throws:
        JOSEException - If the EC JWK doesn't contain a private part, its extraction failed, or the elliptic curve is not supported.

    • Method Detail

      • getPrivateKey

        public PrivateKey getPrivateKey()
        Gets the private EC key.
        Returns:
        The private EC key. Casting to ECPrivateKey may not be possible if the key is located in a PKCS#11 store that doesn't expose the private key parameters.

      • sign

        public Base64URL sign​(JWSHeader header,
                      byte[] signingInput)
               throws JOSEException
        Description copied from interface: JWSSigner
        Signs the specified input of a JWS object.
        Specified by:
        sign in interface JWSSigner
        Parameters:
        header - The JSON Web Signature (JWS) header. Must specify a supported JWS algorithm and must not be null.
        signingInput - The input to sign. Must not be null.
        Returns:
        The resulting signature part (third part) of the JWS object.
        Throws:
        JOSEException - If the JWS algorithm is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if signing failed for some other internal reason.