diff options
author | juerg <juerg@google.com> | 2021-05-20 02:41:22 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2021-05-20 02:41:55 -0700 |
commit | f5c6b21ab42b46e8e92bc1a06fe0ac608e6794be (patch) | |
tree | e9b3e661751de40c3c8005aec495176918551df2 /java_src/src/main/java/com/google/crypto/tink/jwt/JwtFormat.java | |
parent | fdb2e2e6babf1b1ac95fc8255f76d3f92763d40e (diff) | |
download | tink-f5c6b21ab42b46e8e92bc1a06fe0ac608e6794be.tar.gz |
Add Kid header to JWK Keys generated from Tink JWT Keys.
- Tink keys with output prefix "TINK" will be exported into a JWK with a kid.
- The kid is the base64-encoded keyId.
- Any JWK with a kid that can be decoded into a keyId is imported as "TINK" key.
- Any JWK without kid or with a kid that cannot be decoded is imported as "RAW" key.
PiperOrigin-RevId: 374828288
Diffstat (limited to 'java_src/src/main/java/com/google/crypto/tink/jwt/JwtFormat.java')
-rw-r--r-- | java_src/src/main/java/com/google/crypto/tink/jwt/JwtFormat.java | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/java_src/src/main/java/com/google/crypto/tink/jwt/JwtFormat.java b/java_src/src/main/java/com/google/crypto/tink/jwt/JwtFormat.java index eb05116fa..62d8fa4c7 100644 --- a/java_src/src/main/java/com/google/crypto/tink/jwt/JwtFormat.java +++ b/java_src/src/main/java/com/google/crypto/tink/jwt/JwtFormat.java @@ -186,6 +186,14 @@ final class JwtFormat { throw new JwtInvalidException("unsupported output prefix type"); } + static Optional<Integer> getKeyId(String kid) { + byte[] encodedKeyId = Base64.urlSafeDecode(kid); + if (encodedKeyId.length != 4) { + return Optional.empty(); + } + return Optional.of(ByteBuffer.wrap(encodedKeyId).getInt()); + } + static Parts splitSignedCompact(String signedCompact) throws JwtInvalidException { validateASCII(signedCompact); int sigPos = signedCompact.lastIndexOf('.'); |