001/* 002 * nimbus-jose-jwt 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.jose.jwk.gen; 019 020 021import java.security.InvalidAlgorithmParameterException; 022import java.security.KeyPair; 023import java.security.KeyPairGenerator; 024import java.security.NoSuchAlgorithmException; 025import java.security.interfaces.ECPublicKey; 026import java.security.spec.ECParameterSpec; 027 028import com.nimbusds.jose.JOSEException; 029import com.nimbusds.jose.jwk.Curve; 030import com.nimbusds.jose.jwk.ECKey; 031 032 033/** 034 * Elliptic Curve (EC) JSON Web Key (JWK) generator. 035 * 036 * <p>Supported curves: 037 * 038 * <ul> 039 * <li>{@link Curve#P_256 P-256} 040 * <li>{@link Curve#SECP256K1 secp256k1} 041 * <li>{@link Curve#P_384 P-384} 042 * <li>{@link Curve#P_521 P-512} 043 * </ul> 044 * 045 * @author Vladimir Dzhuvinov 046 * @author Justin Cranford 047 * @version 2023-01-29 048 */ 049public class ECKeyGenerator extends JWKGenerator<ECKey> { 050 051 052 /** 053 * The curve. 054 */ 055 private final Curve crv; 056 057 058 /** 059 * Creates a new EC JWK generator. 060 * 061 * @param crv The curve. Must not be {@code null}. 062 */ 063 public ECKeyGenerator(final Curve crv) { 064 065 if (crv == null) { 066 throw new IllegalArgumentException("The curve must not be null"); 067 } 068 this.crv = crv; 069 } 070 071 072 @Override 073 public ECKey generate() 074 throws JOSEException { 075 076 ECParameterSpec ecSpec = crv.toECParameterSpec(); 077 078 KeyPairGenerator generator; 079 try { 080 if (keyStore != null) { 081 // For PKCS#11 082 generator = KeyPairGenerator.getInstance("EC", keyStore.getProvider()); 083 } else if (provider != null) { 084 generator = KeyPairGenerator.getInstance("EC", provider); 085 } else { 086 generator = KeyPairGenerator.getInstance("EC"); 087 } 088 if (secureRandom != null) { 089 generator.initialize(ecSpec, secureRandom); 090 } else { 091 // The default random gen 092 generator.initialize(ecSpec); 093 } 094 } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException e) { 095 throw new JOSEException(e.getMessage(), e); 096 } 097 098 KeyPair kp = generator.generateKeyPair(); 099 100 ECKey.Builder builder = new ECKey.Builder(crv, (ECPublicKey) kp.getPublic()) 101 .privateKey(kp.getPrivate()) 102 .keyUse(use) 103 .keyOperations(ops) 104 .algorithm(alg) 105 .expirationTime(exp) 106 .notBeforeTime(nbf) 107 .issueTime(iat) 108 .keyStore(keyStore); 109 110 if (x5tKid) { 111 builder.keyIDFromThumbprint(); 112 } else { 113 builder.keyID(kid); 114 } 115 116 return builder.build(); 117 } 118}