001package com.nimbusds.jose.jwk; 002 003 004import com.nimbusds.jose.HeaderParameterNames; 005import com.nimbusds.jwt.JWTClaimNames; 006 007import java.util.Arrays; 008import java.util.HashSet; 009import java.util.LinkedHashSet; 010import java.util.Set; 011 012 013/** 014 * JSON Web Key (JWK) parameter names. The JWK parameter names defined in 015 * <a href="https://datatracker.ietf.org/doc/html/rfc7517">RFC 7517</a> (JWK), 016 * <a href="https://datatracker.ietf.org/doc/html/rfc7518">RFC 7518</a> (JWA) 017 * and other JOSE related standards are tracked in a 018 * <a href="https://www.iana.org/assignments/jose/jose.xhtml#web-key-parameters">JWK 019 * parameters registry</a> administered by IANA. 020 * 021 * @author Nathaniel Hart 022 * @version 2024-11-08 023 */ 024public final class JWKParameterNames { 025 026 027 //////////////////////////////////////////////////////////////////////////////// 028 // Generic Key Parameters 029 //////////////////////////////////////////////////////////////////////////////// 030 031 032 /** 033 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.1">RFC 7517 "kty" (Key Type) Parameter</a> 034 */ 035 public static final String KEY_TYPE = "kty"; 036 037 038 /** 039 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.2">RFC 7517 "use" (Public Key Use) Parameter</a> 040 */ 041 public static final String PUBLIC_KEY_USE = "use"; 042 043 044 /** 045 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.3">RFC 7517 "key_ops" (Key Operations) Parameter</a> 046 */ 047 public static final String KEY_OPS = "key_ops"; 048 049 050 /** 051 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.4">RFC 7517 "alg" (Algorithm) Parameter</a> 052 */ 053 public static final String ALGORITHM = HeaderParameterNames.ALGORITHM; 054 055 056 /** 057 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.5">RFC 7517 "kid" (Key ID) Parameter</a> 058 */ 059 public static final String KEY_ID = HeaderParameterNames.KEY_ID; 060 061 062 /** 063 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.6">RFC 7517 "x5u" (X.509 Certificate URL) Parameter</a> 064 */ 065 public static final String X_509_CERT_URL = HeaderParameterNames.X_509_CERT_URL; 066 067 068 /** 069 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.7">RFC 7517 "x5c" (X.509 Certificate Chain) Parameter</a> 070 */ 071 public static final String X_509_CERT_CHAIN = HeaderParameterNames.X_509_CERT_CHAIN; 072 073 074 /** 075 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.8">RFC 7517 "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter</a> 076 */ 077 public static final String X_509_CERT_SHA_1_THUMBPRINT = HeaderParameterNames.X_509_CERT_SHA_1_THUMBPRINT; 078 079 080 /** 081 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.9">RFC 7517 "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Header 082 * Parameter</a> 083 */ 084 public static final String X_509_CERT_SHA_256_THUMBPRINT = HeaderParameterNames.X_509_CERT_SHA_256_THUMBPRINT; 085 086 087 /** 088 * @see <a href="https://openid.net/specs/openid-federation-1_0.html#name-iana-considerations">OpenID Federation 1.0</a> 089 */ 090 public static final String EXPIRATION_TIME = JWTClaimNames.EXPIRATION_TIME; 091 092 093 /** 094 * @see <a href="https://openid.net/specs/openid-federation-1_0.html#name-iana-considerations">OpenID Federation 1.0</a> 095 */ 096 public static final String NOT_BEFORE = JWTClaimNames.NOT_BEFORE; 097 098 099 /** 100 * @see <a href="https://openid.net/specs/openid-federation-1_0.html#name-iana-considerations">OpenID Federation 1.0</a> 101 */ 102 public static final String ISSUED_AT = JWTClaimNames.ISSUED_AT; 103 104 105 /** 106 * @see <a href="https://openid.net/specs/openid-federation-1_0.html#name-iana-considerations">OpenID Federation 1.0</a> 107 */ 108 public static final String REVOKED = "revoked"; 109 110 111 //////////////////////////////////////////////////////////////////////////////// 112 // Algorithm-Specific Key Parameters 113 //////////////////////////////////////////////////////////////////////////////// 114 115 116 // EC 117 118 /** 119 * Used with {@link KeyType#EC}. 120 * 121 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-6.2.1.1">RFC 7518 "crv" (EC Curve) Parameter</a> 122 */ 123 public static final String ELLIPTIC_CURVE = "crv"; 124 125 126 /** 127 * Used with {@link KeyType#EC}. 128 * 129 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-6.2.1.2">RFC 7518 "x" (EC X Coordinate) Parameter</a> 130 */ 131 public static final String ELLIPTIC_CURVE_X_COORDINATE = "x"; 132 133 134 /** 135 * Used with {@link KeyType#EC}. 136 * 137 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-6.2.1.3">RFC 7518 "y" (EC Y Coordinate) Parameter</a> 138 */ 139 public static final String ELLIPTIC_CURVE_Y_COORDINATE = "y"; 140 141 142 /** 143 * Used with {@link KeyType#EC}. 144 * 145 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-6.2.2.1">RFC 7518 "d" (EC Private Key) Parameter</a> 146 */ 147 public static final String ELLIPTIC_CURVE_PRIVATE_KEY = "d"; 148 149 150 // RSA 151 152 153 /** 154 * Used with {@link KeyType#RSA}. 155 * 156 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.1.1">RFC 7518 "n" (RSA Modulus) Parameter</a> 157 */ 158 public static final String RSA_MODULUS = "n"; 159 160 161 /** 162 * Used with {@link KeyType#RSA}. 163 * 164 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.1.2">RFC 7518 "e" (RSA Exponent) Parameter</a> 165 */ 166 public static final String RSA_EXPONENT = "e"; 167 168 169 /** 170 * Used with {@link KeyType#OKP}. 171 * 172 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.2.1">RFC 7518 "d" (RSA Private Exponent) Parameter</a> 173 */ 174 public static final String RSA_PRIVATE_EXPONENT = ELLIPTIC_CURVE_PRIVATE_KEY; 175 176 177 /** 178 * Used with {@link KeyType#RSA}. 179 * 180 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.2.2">RFC 7518 "p" (RSA First Prime Factor) Parameter</a> 181 */ 182 public static final String RSA_FIRST_PRIME_FACTOR = "p"; 183 184 185 /** 186 * Used with {@link KeyType#RSA}. 187 * 188 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.2.3">RFC 7518 "q" (RSA Second Prime Factor) Parameter</a> 189 */ 190 public static final String RSA_SECOND_PRIME_FACTOR = "q"; 191 192 193 /** 194 * Used with {@link KeyType#RSA}. 195 * 196 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.2.4">RFC 7518 "dp" (RSA First Factor CRT Exponent) Parameter</a> 197 */ 198 public static final String RSA_FIRST_FACTOR_CRT_EXPONENT = "dp"; 199 200 201 /** 202 * Used with {@link KeyType#RSA}. 203 * 204 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.2.5">RFC 7518 "dq" (RSA Second Factor CRT Exponent) Parameter</a> 205 */ 206 public static final String RSA_SECOND_FACTOR_CRT_EXPONENT = "dq"; 207 208 209 /** 210 * Used with {@link KeyType#RSA}. 211 * 212 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.2.6">RFC 7518 "qi" (RSA First CRT Coefficient) Parameter</a> 213 */ 214 public static final String RSA_FIRST_CRT_COEFFICIENT = "qi"; 215 216 217 /** 218 * Used with {@link KeyType#RSA}. 219 * 220 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.2.7">RFC 7518 "oth" (RSA Other Primes Info) Parameter</a> 221 */ 222 public static final String RSA_OTHER_PRIMES = "oth"; 223 224 225 /** 226 * Used with {@link KeyType#RSA}. 227 * 228 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.2.7.1">RFC 7518 "r" (RSA Other Primes Info - Prime Factor)</a> 229 */ 230 public static final String RSA_OTHER_PRIMES__PRIME_FACTOR = "r"; 231 232 233 /** 234 * Used with {@link KeyType#RSA}. 235 * 236 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.2.7.2">RFC 7518 "d" (RSA Other Primes Info - Factor CRT Exponent)</a> 237 */ 238 public static final String RSA_OTHER_PRIMES__FACTOR_CRT_EXPONENT = ELLIPTIC_CURVE_PRIVATE_KEY; 239 240 241 /** 242 * Used with {@link KeyType#RSA}. 243 * 244 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.2.7.3">RFC 7518 "t" (RSA Other Primes Info - Factor CRT Coefficient)</a> 245 */ 246 public static final String RSA_OTHER_PRIMES__FACTOR_CRT_COEFFICIENT = "t"; 247 248 249 // OCT 250 251 252 /** 253 * Used with {@link KeyType#OCT} 254 * 255 * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-6.4.1">RFC 7518 "k" (OCT Key Value) Parameter</a> 256 */ 257 public static final String OCT_KEY_VALUE = "k"; 258 259 260 // OKP 261 262 /** 263 * Used with {@link KeyType#OKP}. 264 * 265 * @see <a href="https://datatracker.ietf.org/doc/html/rfc8037#section-2">RFC 8037 "crv" (OKP Key Subtype) Parameter</a> 266 */ 267 public static final String OKP_SUBTYPE = ELLIPTIC_CURVE; 268 269 270 /** 271 * Used with {@link KeyType#OKP}. 272 * 273 * @see <a href="https://datatracker.ietf.org/doc/html/rfc8037#section-2">RFC 8037 "x" (OKP Public Key) Parameter</a> 274 */ 275 public static final String OKP_PUBLIC_KEY = ELLIPTIC_CURVE_X_COORDINATE; 276 277 278 /** 279 * Used with {@link KeyType#OKP}. 280 * 281 * @see <a href="https://datatracker.ietf.org/doc/html/rfc8037#section-2">RFC 8037 "d" (OKP Private Key) Parameter</a> 282 */ 283 public static final String OKP_PRIVATE_KEY = ELLIPTIC_CURVE_PRIVATE_KEY; 284 285 286 /** 287 * The names of public JWK parameters. 288 */ 289 public static final Set<String> PUBLIC = new HashSet<>( 290 Arrays.asList( 291 KEY_TYPE, 292 PUBLIC_KEY_USE, 293 KEY_OPS, 294 ALGORITHM, 295 KEY_ID, 296 X_509_CERT_URL, 297 X_509_CERT_CHAIN, 298 X_509_CERT_SHA_1_THUMBPRINT, 299 X_509_CERT_SHA_256_THUMBPRINT, 300 EXPIRATION_TIME, 301 NOT_BEFORE, 302 ISSUED_AT, 303 REVOKED, 304 305 ELLIPTIC_CURVE, 306 ELLIPTIC_CURVE_X_COORDINATE, 307 ELLIPTIC_CURVE_Y_COORDINATE, 308 309 RSA_MODULUS, 310 RSA_EXPONENT, 311 312 OKP_SUBTYPE, 313 OKP_PUBLIC_KEY 314 ) 315 ); 316 317 318 private JWKParameterNames() {} 319}