SstJwk
RFC 7517 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key.
RFC 7638 This specification defines a method for computing a hash value over a JSON Web Key (JWK)
Class Methods
from:
Answer a new instance of a JWK derived from @anObject
Known @anObject types are:
<EsString> - json-encoded JWK
<Stream> - json-encoded JWK
<KeyedCollection> - jwk properties as a Smalltalk keyed collection
<OSSslRSAKey> - OpenSSL RSA Key -> JWK
<OSSslECKey> - OpenSSL EC Key -> JWK
<OSSslX509> - OpenSSL X.509 Certification -> JWK
Arguments:
anObject - @see implementors of #asJwk
Answers:
<SstJwk> concrete subclass instance
Raises:
<SstJwkException>
missing or invalid key type 'kty'
Json reader error
Invalid argument
Instance Methods
algorithm
Answers the intended JOSE algorithm (alg) for this JWK
Example:
(self algorithm = SstSecurityJoseConstants::JwkAlgHS256)
@see SstSecurityJoseConstants::JwkAlg* for additional options
Answers:
<String | UndefinedObject> algorithm string (base64url format) or nil if not specified
algorithm:
Set the intended JOSE algorithm (alg) for this JWK
@see RFC7518 (section 7.1) for initial values
Example:
(self algorithm: SstSecurityJoseConstants::JwkAlgHS256)
@see SstSecurityJoseConstants::JwkAlg* for additional options
Arguments:
aValue - <String> algorithm string (base64url format)
asJwk
Answer myself since I am a Json Web Key
Answers:
<SstJwk>
asJwkSet
Answer the JWK Set with this JWK as its only member
Answers:
<SstJwkSet>
asPublicKey
Answer the public key representation of this web key.
By default this is nil
Answers:
<UndefinedObject>
ensureKeyId
Ensure that the key id 'kid' is set.
Do nothing if already set, otherwise generate and set a new id using the thumbprint value
isPrivateKey
Answers true if this JWK contains private parameters, false otherwise
Answers:
<Boolean>
keyId
Answers the id (kid) of this JWK.
This can be used to match a specific key such as a key
within a key set or corespond to the key id from a JWE/JWS
header.
Example:
self keyId = '1'
Answers:
<String | UndefinedObject> id or nil if unspecified
keyId:
Set the id (kid) of this JWK.
This can be used to match a specific key such as a key
within a key set or corespond to the key id from a JWE/JWS
header.
@see RFC7517 (section 4.5) for additional info
Example:
self keyId: '1'
Arguments:
aValue - <String> id str
keyOperations
Answers the operations (key_ops) for this JWK
Example:
(self keyOperations includes: SstSecurityJoseConstants::JwkKeyOpsSign).
@see SstSecurityJoseConstants::JwkKeyOps* for additional options
Answers:
<Set> set of <String> key operations. This will be empty if unspecified
keyOperations:
Sets the operations (key_ops) for this JWK
@see RFC7517 (section 8.3) for initial values
Example:
(self keyOperations: (Set with: SstSecurityJoseConstants::JwkKeyOpsSign).
@see SstSecurityJoseConstants::JwkKeyOps* for additional options
Arguments:
aCollection - <Collection> of <String> key operations
keyType
Answers the type (kty) of this JWK
Example:
(self keyType = SstSecurityJoseConstants::JwkKeyTypeEC) |
(self keyType = SstSecurityJoseConstants::JwkKeyTypeRSA) |
(self keyType = SstSecurityJoseConstants::JwkKeyTypeOCTET)
Answers:
<String>
keyType:
Set the type (kty) of this JWK
@see RFC7518 (section 6.1) for initial values
Example:
(self keyType: SstSecurityJoseConstants::JwkKeyTypeRSA) |
(self keyType: SstSecurityJoseConstants::JwkKeyTypeEC) |
(self keyType: SstSecurityJoseConstants::JwkKeyTypeOCTET)
Arguments:
aValue - <String>
keyUse
Answers the use (use) of this JWK
Example:
(self keyUse = SstSecurityJoseConstants::JwkKeyUseSign) |
(self keyUse = SstSecurityJoseConstants::JwkKeyUseEncrypt)
Answers:
<String | UndefinedObject> use string or nil if not specified or if the key
is intended for signing and encryption
keyUse:
Set the use (use) of this JWK
@see RFC7517 (section 8.2) for initial values
Example:
(self keyUse: SstSecurityJoseConstants::JwkKeyUseEncrypt) |
(self keyUse: SstSecurityJoseConstants::JwkKeyUseSign)
Arguments:
aValue - <String>
sign:
Sign the json web signature object using this JWK and default algorithm.
thumbprint
Answers the computed thumbprint of this JWK using the default digest.
@see RFC 7638 for more information on JSON Web Key (JWK) Thumprint
Answers:
<String>
x509Chain
Set the the X.509 certificate SHA-1 thumbprint (x5t#S256) for this JWK
This is a base64url-encoded SHA-1 thumbprint (a.k.a. digest)
of the DER encoding of an X.509 certificate
@see RFC7517 (section 4.8) for additional info
DEPRECATION WARNING:
Use x509ThumbprintSHA256 due to outdated security of SHA-1
Arguments:
aCollection - <Collection> of <String>
x509Chain:
Set the the X.509 certificate SHA-1 thumbprint (x5t#S256) for this JWK
This is a base64url-encoded SHA-1 thumbprint (a.k.a. digest)
of the DER encoding of an X.509 certificate
@see RFC7517 (section 4.8) for additional info
DEPRECATION WARNING:
Use x509ThumbprintSHA256 due to outdated security of SHA-1
Arguments:
aCollection - <Collection> of <String>
x509Thumbprint
Answers the X.509 certificate SHA-1 thumbprint (x5t) for this JWK
This is base64url encoded
Answers:
<String | ByteArray | UndefinedObject> x509 cert thumbprint or nil if unspecified
x509Thumbprint:
Set the the X.509 certificate SHA-1 thumbprint (x5t#S256) for this JWK
This is a base64url-encoded SHA-1 thumbprint (a.k.a. digest)
of the DER encoding of an X.509 certificate
@see RFC7517 (section 4.8) for additional info
DEPRECATION WARNING:
Use x509ThumbprintSHA256 due to outdated security of SHA-1
Arguments:
aValue - <String | ByteArray>
x509ThumbprintSHA256
Answers the X.509 certificate SHA-256 thumbprint (x5t#256) for this JWK
This is base64url encoded
Answers:
<String | ByteArray | UndefinedObject> x509 cert thumbprint or nil if unspecified
x509ThumbprintSHA256:
Set the the X.509 certificate SHA-256 thumbprint (x5t#S256) for this JWK
This is a base64url-encoded SHA-256 thumbprint (a.k.a. digest)
of the DER encoding of an X.509 certificate
@see RFC7517 (section 4.9) for additional info
Arguments:
aValue - <String | ByteArray> id str
Last modified date: 01/09/2026