update KeyProvider interface. Update readme.

lbalmaceda · lbalmaceda · commit 11e96ade7db8 · 2017-05-03T18:32:19.000-03:00
diff --git a/README.md b/README.md
@@ -64,38 +64,46 @@ Algorithm algorithmRS = Algorithm.RSA256(publicKey, privateKey);
 
 #### Using a KeyProvider:
 
-By using a `KeyProvider` the library delegates the decision of which key to use in each case to the user. For the verification process, this means that the provider will be asked for a `PublicKey` with a given **Key Id** value. Your provider implementation should have the logic to fetch the right key, for example by parsing a JWKS file from a public domain like [auth0/jwks-rsa-java](https://github.com/auth0/jwks-rsa-java) does. For the signing process, this means that the provider will be asked for a `PrivateKey` and it's associated **Key Id**, so it can set it in the Token's header for future verification in the same way. Check the [IETF draft](https://tools.ietf.org/html/rfc7517) for more information on how to implement this. 
+By using a `KeyProvider` you can change in runtime the key used either to verify the token signature or to sign a new token for RSA or ECDSA algorithms. This is achieved by implementing either `RSAKeyProvider` or `ECDSAKeyProvider` methods:
+
+- `getPublicKeyById(String kid)`: Its called during token signature verification and it should return the key used to verify the token. If key rotation is being used, e.g. [JWK](https://tools.ietf.org/html/rfc7517) it can fetch the correct rotation key using the id. (Or just return the same key all the time).
+- `getPrivateKey()`: Its called during token signing and it should return the key that will be used to sign the JWT.
+- `getPrivateKeyId()`: Its called during token signing and it should return the id of the key that identifies the one returned by `getPrivateKey()`. This value is preferred over the one set in the `JWTCreator.Builder#withKeyId(String)` method. If you don't need to set a `kid` value avoid instantiating an Algorithm using a `KeyProvider`.
+
 
 The following snippet uses example classes showing how this would work:
 
 
 ```java
-final MyOwnJwkProvider jwkProvider = new MyOwnJwkProvider("{JWKS_FILE_HOST}");
-final RSAPrivateKey signingKey = //Get the key instance
-final String signingKeyId = //Create an Id for the above key
+final JwkStore jwkStore = new JwkStore("{JWKS_FILE_HOST}");
+final RSAPrivateKey privateKey = //Get the key instance
+final String privateKeyId = //Create an Id for the above key
 
 RSAKeyProvider keyProvider = new RSAKeyProvider() {
     @Override
-    public RSAPublicKey getPublicKey(String keyId) {
-        //Value might be null if it wasn't defined in the Token's header
-        Jwk jwk = jwkProvider.get(keyId);
-        return (RSAPublicKey) jwk.getPublicKey();
+    public RSAPublicKey getPublicKeyById(String kid) {
+        //Received 'kid' value might be null if it wasn't defined in the Token's header
+        RSAPublicKey publicKey = jwkStore.get(kid);
+        return (RSAPublicKey) publicKey;
     }
 
     @Override
     public RSAPrivateKey getPrivateKey() {
-        return signingKey;
+        return privateKey;
     }
     
     @Override
-    public String getSigningKeyId() {
-        return signingKeyId;
+    public String getPrivateKeyId() {
+        return privateKeyId;
     }
 };
+
 Algorithm algorithm = Algorithm.RSA256(keyProvider);
 //Use the Algorithm to create and verify JWTs.
 ```
 
+> For simple key rotation using JWKs try the [jwks-rsa-java](https://github.com/auth0/jwks-rsa-java) library.
+
 
 ### Create and Sign a Token
 
@@ -271,7 +279,7 @@ When creating a Token with the `JWT.create()` you can specify header Claims by c
 
 ```java
 Map<String, Object> headerClaims = new HashMap();
-headerclaims.put("owner", "auth0");
+headerClaims.put("owner", "auth0");
 String token = JWT.create()
         .withHeader(headerClaims)
         .sign(algorithm);
diff --git a/lib/src/main/java/com/auth0/jwt/JWTCreator.java b/lib/src/main/java/com/auth0/jwt/JWTCreator.java
@@ -77,6 +77,7 @@ public Builder withHeader(Map<String, Object> headerClaims) {
 
         /**
          * Add a specific Key Id ("kid") claim to the Header.
+         * If the {@link Algorithm} used to sign this token was instantiated with a KeyProvider, the 'kid' value will be taken from that provider and this one will be ignored.
          *
          * @param keyId the Key Id value.
          * @return this same Builder instance.
@@ -304,7 +305,7 @@ public String sign(Algorithm algorithm) throws IllegalArgumentException, JWTCrea
             headerClaims.put(PublicClaims.ALGORITHM, algorithm.getName());
             headerClaims.put(PublicClaims.TYPE, "JWT");
             String signingKeyId = algorithm.getSigningKeyId();
-            if (!headerClaims.containsKey(PublicClaims.KEY_ID) && signingKeyId != null) {
+            if (signingKeyId != null) {
                 withKeyId(signingKeyId);
             }
             return new JWTCreator(algorithm, headerClaims, payloadClaims).sign();
diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java
@@ -3,7 +3,7 @@
 import com.auth0.jwt.exceptions.SignatureGenerationException;
 import com.auth0.jwt.exceptions.SignatureVerificationException;
 import com.auth0.jwt.interfaces.DecodedJWT;
-import com.auth0.jwt.interfaces.ECKeyProvider;
+import com.auth0.jwt.interfaces.ECDSAKeyProvider;
 import com.auth0.jwt.interfaces.RSAKeyProvider;
 
 import java.io.UnsupportedEncodingException;
@@ -208,7 +208,7 @@ public static Algorithm HMAC512(byte[] secret) throws IllegalArgumentException {
      * @return a valid ECDSA256 Algorithm.
      * @throws IllegalArgumentException if the Key Provider is null.
      */
-    public static Algorithm ECDSA256(ECKeyProvider keyProvider) throws IllegalArgumentException {
+    public static Algorithm ECDSA256(ECDSAKeyProvider keyProvider) throws IllegalArgumentException {
         return new ECDSAAlgorithm("ES256", "SHA256withECDSA", 32, keyProvider);
     }
 
@@ -230,7 +230,7 @@ public static Algorithm ECDSA256(ECPublicKey publicKey, ECPrivateKey privateKey)
      * @param key the key to use in the verify or signing instance.
      * @return a valid ECDSA256 Algorithm.
      * @throws IllegalArgumentException if the provided Key is null.
-     * @deprecated use {@link #ECDSA256(ECPublicKey, ECPrivateKey)} or {@link #ECDSA256(ECKeyProvider)}
+     * @deprecated use {@link #ECDSA256(ECPublicKey, ECPrivateKey)} or {@link #ECDSA256(ECDSAKeyProvider)}
      */
     @Deprecated
     public static Algorithm ECDSA256(ECKey key) throws IllegalArgumentException {
@@ -246,7 +246,7 @@ public static Algorithm ECDSA256(ECKey key) throws IllegalArgumentException {
      * @return a valid ECDSA384 Algorithm.
      * @throws IllegalArgumentException if the Key Provider is null.
      */
-    public static Algorithm ECDSA384(ECKeyProvider keyProvider) throws IllegalArgumentException {
+    public static Algorithm ECDSA384(ECDSAKeyProvider keyProvider) throws IllegalArgumentException {
         return new ECDSAAlgorithm("ES384", "SHA384withECDSA", 48, keyProvider);
     }
 
@@ -268,7 +268,7 @@ public static Algorithm ECDSA384(ECPublicKey publicKey, ECPrivateKey privateKey)
      * @param key the key to use in the verify or signing instance.
      * @return a valid ECDSA384 Algorithm.
      * @throws IllegalArgumentException if the provided Key is null.
-     * @deprecated use {@link #ECDSA384(ECPublicKey, ECPrivateKey)} or {@link #ECDSA384(ECKeyProvider)}
+     * @deprecated use {@link #ECDSA384(ECPublicKey, ECPrivateKey)} or {@link #ECDSA384(ECDSAKeyProvider)}
      */
     @Deprecated
     public static Algorithm ECDSA384(ECKey key) throws IllegalArgumentException {
@@ -284,7 +284,7 @@ public static Algorithm ECDSA384(ECKey key) throws IllegalArgumentException {
      * @return a valid ECDSA512 Algorithm.
      * @throws IllegalArgumentException if the Key Provider is null.
      */
-    public static Algorithm ECDSA512(ECKeyProvider keyProvider) throws IllegalArgumentException {
+    public static Algorithm ECDSA512(ECDSAKeyProvider keyProvider) throws IllegalArgumentException {
         return new ECDSAAlgorithm("ES512", "SHA512withECDSA", 66, keyProvider);
     }
 
@@ -306,7 +306,7 @@ public static Algorithm ECDSA512(ECPublicKey publicKey, ECPrivateKey privateKey)
      * @param key the key to use in the verify or signing instance.
      * @return a valid ECDSA512 Algorithm.
      * @throws IllegalArgumentException if the provided Key is null.
-     * @deprecated use {@link #ECDSA512(ECPublicKey, ECPrivateKey)} or {@link #ECDSA512(ECKeyProvider)}
+     * @deprecated use {@link #ECDSA512(ECPublicKey, ECPrivateKey)} or {@link #ECDSA512(ECDSAKeyProvider)}
      */
     @Deprecated
     public static Algorithm ECDSA512(ECKey key) throws IllegalArgumentException {
diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/ECDSAAlgorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/ECDSAAlgorithm.java
@@ -3,7 +3,7 @@
 import com.auth0.jwt.exceptions.SignatureGenerationException;
 import com.auth0.jwt.exceptions.SignatureVerificationException;
 import com.auth0.jwt.interfaces.DecodedJWT;
-import com.auth0.jwt.interfaces.ECKeyProvider;
+import com.auth0.jwt.interfaces.ECDSAKeyProvider;
 import org.apache.commons.codec.binary.Base64;
 
 import java.nio.charset.StandardCharsets;
@@ -15,12 +15,12 @@
 
 class ECDSAAlgorithm extends Algorithm {
 
-    private final ECKeyProvider keyProvider;
+    private final ECDSAKeyProvider keyProvider;
     private final CryptoHelper crypto;
     private final int ecNumberSize;
 
     //Visible for testing
-    ECDSAAlgorithm(CryptoHelper crypto, String id, String algorithm, int ecNumberSize, ECKeyProvider keyProvider) throws IllegalArgumentException {
+    ECDSAAlgorithm(CryptoHelper crypto, String id, String algorithm, int ecNumberSize, ECDSAKeyProvider keyProvider) throws IllegalArgumentException {
         super(id, algorithm);
         if (keyProvider == null) {
             throw new IllegalArgumentException("The Key Provider cannot be null.");
@@ -30,7 +30,7 @@ class ECDSAAlgorithm extends Algorithm {
         this.ecNumberSize = ecNumberSize;
     }
 
-    ECDSAAlgorithm(String id, String algorithm, int ecNumberSize, ECKeyProvider keyProvider) throws IllegalArgumentException {
+    ECDSAAlgorithm(String id, String algorithm, int ecNumberSize, ECDSAKeyProvider keyProvider) throws IllegalArgumentException {
         this(new CryptoHelper(), id, algorithm, ecNumberSize, keyProvider);
     }
 
@@ -40,7 +40,7 @@ public void verify(DecodedJWT jwt) throws SignatureVerificationException {
         byte[] signatureBytes = Base64.decodeBase64(jwt.getSignature());
 
         try {
-            ECPublicKey publicKey = keyProvider.getPublicKey(jwt.getKeyId());
+            ECPublicKey publicKey = keyProvider.getPublicKeyById(jwt.getKeyId());
             if (publicKey == null) {
                 throw new IllegalStateException("The given Public Key is null.");
             }
@@ -72,7 +72,7 @@ public byte[] sign(byte[] contentBytes) throws SignatureGenerationException {
 
     @Override
     public String getSigningKeyId() {
-        return keyProvider.getSigningKeyId();
+        return keyProvider.getPrivateKeyId();
     }
 
     private boolean isDERSignature(byte[] signature) {
@@ -138,13 +138,13 @@ private int countPadding(byte[] bytes, int fromIndex, int toIndex) {
     }
 
     //Visible for testing
-    static ECKeyProvider providerForKeys(final ECPublicKey publicKey, final ECPrivateKey privateKey) {
+    static ECDSAKeyProvider providerForKeys(final ECPublicKey publicKey, final ECPrivateKey privateKey) {
         if (publicKey == null && privateKey == null) {
             throw new IllegalArgumentException("Both provided Keys cannot be null.");
         }
-        return new ECKeyProvider() {
+        return new ECDSAKeyProvider() {
             @Override
-            public ECPublicKey getPublicKey(String keyId) {
+            public ECPublicKey getPublicKeyById(String keyId) {
                 return publicKey;
             }
 
@@ -154,7 +154,7 @@ public ECPrivateKey getPrivateKey() {
             }
 
             @Override
-            public String getSigningKeyId() {
+            public String getPrivateKeyId() {
                 return null;
             }
         };
diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/RSAAlgorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/RSAAlgorithm.java
@@ -38,7 +38,7 @@ public void verify(DecodedJWT jwt) throws SignatureVerificationException {
         byte[] signatureBytes = Base64.decodeBase64(jwt.getSignature());
 
         try {
-            RSAPublicKey publicKey = keyProvider.getPublicKey(jwt.getKeyId());
+            RSAPublicKey publicKey = keyProvider.getPublicKeyById(jwt.getKeyId());
             if (publicKey == null) {
                 throw new IllegalStateException("The given Public Key is null.");
             }
@@ -66,7 +66,7 @@ public byte[] sign(byte[] contentBytes) throws SignatureGenerationException {
 
     @Override
     public String getSigningKeyId() {
-        return keyProvider.getSigningKeyId();
+        return keyProvider.getPrivateKeyId();
     }
 
     //Visible for testing
@@ -76,7 +76,7 @@ static RSAKeyProvider providerForKeys(final RSAPublicKey publicKey, final RSAPri
         }
         return new RSAKeyProvider() {
             @Override
-            public RSAPublicKey getPublicKey(String keyId) {
+            public RSAPublicKey getPublicKeyById(String keyId) {
                 return publicKey;
             }
 
@@ -86,7 +86,7 @@ public RSAPrivateKey getPrivateKey() {
             }
 
             @Override
-            public String getSigningKeyId() {
+            public String getPrivateKeyId() {
                 return null;
             }
         };
diff --git a/lib/src/main/java/com/auth0/jwt/interfaces/ECDSAKeyProvider.java b/lib/src/main/java/com/auth0/jwt/interfaces/ECDSAKeyProvider.java
@@ -6,5 +6,5 @@
 /**
  * Elliptic Curve (EC) Public/Private Key provider.
  */
-public interface ECKeyProvider extends KeyProvider<ECPublicKey, ECPrivateKey> {
+public interface ECDSAKeyProvider extends KeyProvider<ECPublicKey, ECPrivateKey> {
 }
diff --git a/lib/src/main/java/com/auth0/jwt/interfaces/KeyProvider.java b/lib/src/main/java/com/auth0/jwt/interfaces/KeyProvider.java
@@ -12,24 +12,24 @@
 interface KeyProvider<U extends PublicKey, R extends PrivateKey> {
 
     /**
-     * Getter for the Public Key instance, used to verify the signature.
+     * Getter for the Public Key instance with the given Id. Used to verify the signature on the JWT verification stage.
      *
      * @param keyId the Key Id specified in the Token's Header or null if none is available. Provides a hint on which Public Key to use to verify the token's signature.
      * @return the Public Key instance
      */
-    U getPublicKey(String keyId);
+    U getPublicKeyById(String keyId);
 
     /**
-     * Getter for the Private Key instance, used to sign the content.
+     * Getter for the Private Key instance. Used to sign the content on the JWT signing stage.
      *
      * @return the Private Key instance
      */
     R getPrivateKey();
 
     /**
-     * Getter for the Id of the Private Key used to sign the tokens. This represents the `kid` claim and will be placed in the Header if no other "Key Id" has been set already.
+     * Getter for the Id of the Private Key used to sign the tokens. This represents the `kid` claim and will be placed in the Header.
      *
-     * @return the Key Id that identifies the Signing Key or null if it's not specified.
+     * @return the Key Id that identifies the Private Key or null if it's not specified.
      */
-    String getSigningKeyId();
+    String getPrivateKeyId();
 }
diff --git a/lib/src/test/java/com/auth0/jwt/JWTCreatorTest.java b/lib/src/test/java/com/auth0/jwt/JWTCreatorTest.java
@@ -1,7 +1,7 @@
 package com.auth0.jwt;
 
 import com.auth0.jwt.algorithms.Algorithm;
-import com.auth0.jwt.interfaces.ECKeyProvider;
+import com.auth0.jwt.interfaces.ECDSAKeyProvider;
 import com.auth0.jwt.interfaces.RSAKeyProvider;
 import org.apache.commons.codec.binary.Base64;
 import org.junit.Rule;
@@ -66,10 +66,10 @@ public void shouldAddKeyId() throws Exception {
     }
 
     @Test
-    public void shouldAddKeyIdIfAvailableAndNotAlreadyAddedUsingRSAAlgorithms() throws Exception {
+    public void shouldAddKeyIdIfAvailableFromRSAAlgorithms() throws Exception {
         RSAPrivateKey privateKey = (RSAPrivateKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_RSA, "RSA");
         RSAKeyProvider provider = mock(RSAKeyProvider.class);
-        when(provider.getSigningKeyId()).thenReturn("my-key-id");
+        when(provider.getPrivateKeyId()).thenReturn("my-key-id");
         when(provider.getPrivateKey()).thenReturn(privateKey);
 
         String signed = JWTCreator.init()
@@ -82,10 +82,10 @@ public void shouldAddKeyIdIfAvailableAndNotAlreadyAddedUsingRSAAlgorithms() thro
     }
 
     @Test
-    public void shouldNotOverwriteKeyIdIfAlreadySetUsingRSAAlgorithms() throws Exception {
+    public void shouldNotOverwriteKeyIdIfAddedFromRSAAlgorithms() throws Exception {
         RSAPrivateKey privateKey = (RSAPrivateKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_RSA, "RSA");
         RSAKeyProvider provider = mock(RSAKeyProvider.class);
-        when(provider.getSigningKeyId()).thenReturn("my-key-id");
+        when(provider.getPrivateKeyId()).thenReturn("my-key-id");
         when(provider.getPrivateKey()).thenReturn(privateKey);
 
         String signed = JWTCreator.init()
@@ -95,14 +95,14 @@ public void shouldNotOverwriteKeyIdIfAlreadySetUsingRSAAlgorithms() throws Excep
         assertThat(signed, is(notNullValue()));
         String[] parts = signed.split("\\.");
         String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
-        assertThat(headerJson, JsonMatcher.hasEntry("kid", "real-key-id"));
+        assertThat(headerJson, JsonMatcher.hasEntry("kid", "my-key-id"));
     }
 
     @Test
-    public void shouldAddKeyIdIfAvailableAndNotAlreadyAddedUsingECDSAAlgorithms() throws Exception {
+    public void shouldAddKeyIdIfAvailableFromECDSAAlgorithms() throws Exception {
         ECPrivateKey privateKey = (ECPrivateKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_EC_256, "EC");
-        ECKeyProvider provider = mock(ECKeyProvider.class);
-        when(provider.getSigningKeyId()).thenReturn("my-key-id");
+        ECDSAKeyProvider provider = mock(ECDSAKeyProvider.class);
+        when(provider.getPrivateKeyId()).thenReturn("my-key-id");
         when(provider.getPrivateKey()).thenReturn(privateKey);
 
         String signed = JWTCreator.init()
@@ -115,10 +115,10 @@ public void shouldAddKeyIdIfAvailableAndNotAlreadyAddedUsingECDSAAlgorithms() th
     }
 
     @Test
-    public void shouldNotOverwriteKeyIdIfAlreadySetUsingECDSAAlgorithms() throws Exception {
+    public void shouldNotOverwriteKeyIdIfAddedFromECDSAAlgorithms() throws Exception {
         ECPrivateKey privateKey = (ECPrivateKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_EC_256, "EC");
-        ECKeyProvider provider = mock(ECKeyProvider.class);
-        when(provider.getSigningKeyId()).thenReturn("my-key-id");
+        ECDSAKeyProvider provider = mock(ECDSAKeyProvider.class);
+        when(provider.getPrivateKeyId()).thenReturn("my-key-id");
         when(provider.getPrivateKey()).thenReturn(privateKey);
 
         String signed = JWTCreator.init()
@@ -128,7 +128,7 @@ public void shouldNotOverwriteKeyIdIfAlreadySetUsingECDSAAlgorithms() throws Exc
         assertThat(signed, is(notNullValue()));
         String[] parts = signed.split("\\.");
         String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8);
-        assertThat(headerJson, JsonMatcher.hasEntry("kid", "real-key-id"));
+        assertThat(headerJson, JsonMatcher.hasEntry("kid", "my-key-id"));
     }
 
     @Test
diff --git a/lib/src/test/java/com/auth0/jwt/algorithms/AlgorithmTest.java b/lib/src/test/java/com/auth0/jwt/algorithms/AlgorithmTest.java
diff --git a/lib/src/test/java/com/auth0/jwt/algorithms/ECDSAAlgorithmTest.java b/lib/src/test/java/com/auth0/jwt/algorithms/ECDSAAlgorithmTest.java
diff --git a/lib/src/test/java/com/auth0/jwt/algorithms/RSAAlgorithmTest.java b/lib/src/test/java/com/auth0/jwt/algorithms/RSAAlgorithmTest.java

Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ public void verify(DecodedJWT jwt) throws SignatureVerificationException {`
`38`	`38`	`byte[] signatureBytes = Base64.decodeBase64(jwt.getSignature());`
`39`	`39`
`40`	`40`	`try {`
`41`		`- RSAPublicKey publicKey = keyProvider.getPublicKey(jwt.getKeyId());`
	`41`	`+ RSAPublicKey publicKey = keyProvider.getPublicKeyById(jwt.getKeyId());`
`42`	`42`	`if (publicKey == null) {`
`43`	`43`	`throw new IllegalStateException("The given Public Key is null.");`
`44`	`44`	`}`
`@@ -66,7 +66,7 @@ public byte[] sign(byte[] contentBytes) throws SignatureGenerationException {`
`66`	`66`
`67`	`67`	`@Override`
`68`	`68`	`public String getSigningKeyId() {`
`69`		`- return keyProvider.getSigningKeyId();`
	`69`	`+ return keyProvider.getPrivateKeyId();`
`70`	`70`	`}`
`71`	`71`
`72`	`72`	`//Visible for testing`
`@@ -76,7 +76,7 @@ static RSAKeyProvider providerForKeys(final RSAPublicKey publicKey, final RSAPri`
`76`	`76`	`}`
`77`	`77`	`return new RSAKeyProvider() {`
`78`	`78`	`@Override`
`79`		`- public RSAPublicKey getPublicKey(String keyId) {`
	`79`	`+ public RSAPublicKey getPublicKeyById(String keyId) {`
`80`	`80`	`return publicKey;`
`81`	`81`	`}`
`82`	`82`
`@@ -86,7 +86,7 @@ public RSAPrivateKey getPrivateKey() {`
`86`	`86`	`}`
`87`	`87`
`88`	`88`	`@Override`
`89`		`- public String getSigningKeyId() {`
	`89`	`+ public String getPrivateKeyId() {`
`90`	`90`	`return null;`
`91`	`91`	`}`
`92`	`92`	`};`
Original file line number	Diff line number	Diff line change
`@@ -6,5 +6,5 @@`
`6`	`6`	`/**`
`7`	`7`	`* Elliptic Curve (EC) Public/Private Key provider.`
`8`	`8`	`*/`
`9`		`-public interface ECKeyProvider extends KeyProvider<ECPublicKey, ECPrivateKey> {`
	`9`	`+public interface ECDSAKeyProvider extends KeyProvider<ECPublicKey, ECPrivateKey> {`
`10`	`10`	`}`