public static class RSAKey.Builder extends Object
Example usage:
RSAKey key = new RSAKey.Builder(n, e). privateExponent(d). algorithm(JWSAlgorithm.RS512). keyID("456"). build();
Constructor and Description |
---|
Builder(Base64URL n,
Base64URL e)
Creates a new RSA JWK builder.
|
Builder(RSAKey rsaJWK)
Creates a new RSA JWK builder.
|
Builder(RSAPublicKey pub)
Creates a new RSA JWK builder.
|
Modifier and Type | Method and Description |
---|---|
RSAKey.Builder |
algorithm(Algorithm alg)
Sets the intended JOSE algorithm (
alg ) for the JWK. |
RSAKey |
build()
Builds a new RSA JWK.
|
RSAKey.Builder |
firstCRTCoefficient(Base64URL qi)
Sets the first Chinese Remainder Theorem (CRT) coefficient
(
qi ) of the private RSA key. |
RSAKey.Builder |
firstFactorCRTExponent(Base64URL dp)
Sets the first factor Chinese Remainder Theorem (CRT)
exponent (
dp ) of the private RSA key. |
RSAKey.Builder |
firstPrimeFactor(Base64URL p)
Sets the first prime factor (
p ) of the private RSA
key. |
RSAKey.Builder |
keyID(String kid)
Sets the ID (
kid ) of the JWK. |
RSAKey.Builder |
keyIDFromThumbprint()
Sets the ID (
kid ) of the JWK to its SHA-256 JWK
thumbprint (RFC 7638). |
RSAKey.Builder |
keyIDFromThumbprint(String hashAlg)
Sets the ID (
kid ) of the JWK to its JWK thumbprint
(RFC 7638). |
RSAKey.Builder |
keyOperations(Set<KeyOperation> ops)
Sets the operations (
key_ops ) of the JWK (for a
non-public key). |
RSAKey.Builder |
keyStore(KeyStore keyStore)
Sets the underlying key store.
|
RSAKey.Builder |
keyUse(KeyUse use)
Sets the use (
use ) of the JWK. |
RSAKey.Builder |
otherPrimes(List<RSAKey.OtherPrimesInfo> oth)
Sets the other primes information (
oth ) for the
private RSA key, should they exist. |
RSAKey.Builder |
privateExponent(Base64URL d)
Sets the private exponent (
d ) of the RSA key. |
RSAKey.Builder |
privateKey(PrivateKey priv)
Sets the private RSA key, typically for a key located in a
PKCS#11 store that doesn't expose the private key parameters
(such as a smart card or HSM).
|
RSAKey.Builder |
privateKey(RSAMultiPrimePrivateCrtKey priv)
Sets the private RSA key, using the second representation,
with optional other primes info (see RFC 3447, section 3.2).
|
RSAKey.Builder |
privateKey(RSAPrivateCrtKey priv)
Sets the private RSA key, using the second representation
(see RFC 3447, section 3.2).
|
RSAKey.Builder |
privateKey(RSAPrivateKey priv)
Sets the private RSA key, using the first representation.
|
RSAKey.Builder |
secondFactorCRTExponent(Base64URL dq)
Sets the second factor Chinese Remainder Theorem (CRT)
exponent (
dq ) of the private RSA key. |
RSAKey.Builder |
secondPrimeFactor(Base64URL q)
Sets the second prime factor (
q ) of the private RSA
key. |
RSAKey.Builder |
x509CertChain(List<Base64> x5c)
Sets the X.509 certificate chain (
x5c ) of the JWK. |
RSAKey.Builder |
x509CertSHA256Thumbprint(Base64URL x5t256)
Sets the X.509 certificate SHA-256 thumbprint
(
x5t#S256 ) of the JWK. |
RSAKey.Builder |
x509CertThumbprint(Base64URL x5t)
Deprecated.
|
RSAKey.Builder |
x509CertURL(URI x5u)
Sets the X.509 certificate URL (
x5u ) of the JWK. |
public Builder(Base64URL n, Base64URL e)
n
- The the modulus value for the public RSA key. It is
represented as the Base64URL encoding of value's
big endian representation. Must not be
null
.e
- The exponent value for the public RSA key. It is
represented as the Base64URL encoding of value's
big endian representation. Must not be
null
.public Builder(RSAPublicKey pub)
pub
- The public RSA key to represent. Must not be
null
.public RSAKey.Builder privateExponent(Base64URL d)
d
) of the RSA key.d
- The private RSA key exponent. It is represented as
the Base64URL encoding of the value's big endian
representation. null
if not specified (for
a public key or a private key using the second
representation only).public RSAKey.Builder privateKey(RSAPrivateKey priv)
priv
- The private RSA key, used to obtain the private
exponent (d
). Must not be null
.public RSAKey.Builder privateKey(PrivateKey priv)
priv
- The private RSA key reference. Its algorithm
must be "RSA". Must not be null
.public RSAKey.Builder firstPrimeFactor(Base64URL p)
p
) of the private RSA
key.p
- The RSA first prime factor. It is represented as
the Base64URL encoding of the value's big endian
representation. null
if not specified (for
a public key or a private key using the first
representation only).public RSAKey.Builder secondPrimeFactor(Base64URL q)
q
) of the private RSA
key.q
- The RSA second prime factor. It is represented as
the Base64URL encoding of the value's big endian
representation. null
if not specified (for
a public key or a private key using the first
representation only).public RSAKey.Builder firstFactorCRTExponent(Base64URL dp)
dp
) of the private RSA key.dp
- The RSA first factor CRT exponent. It is
represented as the Base64URL encoding of the
value's big endian representation. null
if not specified (for a public key or a private
key using the first representation only).public RSAKey.Builder secondFactorCRTExponent(Base64URL dq)
dq
) of the private RSA key.dq
- The RSA second factor CRT exponent. It is
represented as the Base64URL encoding of the
value's big endian representation. null
if
not specified (for a public key or a private key
using the first representation only).public RSAKey.Builder firstCRTCoefficient(Base64URL qi)
qi
) of the private RSA key.qi
- The RSA first CRT coefficient. It is represented
as the Base64URL encoding of the value's big
endian representation. null
if not
specified (for a public key or a private key using
the first representation only).public RSAKey.Builder otherPrimes(List<RSAKey.OtherPrimesInfo> oth)
oth
) for the
private RSA key, should they exist.oth
- The RSA other primes information, null
or
empty list if not specified.public RSAKey.Builder privateKey(RSAPrivateCrtKey priv)
priv
- The private RSA key, used to obtain the private
exponent (d
), the first prime factor
(p
), the second prime factor
(q
), the first factor CRT exponent
(dp
), the second factor CRT exponent
(dq
) and the first CRT coefficient
(qi
). Must not be null
.public RSAKey.Builder privateKey(RSAMultiPrimePrivateCrtKey priv)
priv
- The private RSA key, used to obtain the private
exponent (d
), the first prime factor
(p
), the second prime factor
(q
), the first factor CRT exponent
(dp
), the second factor CRT exponent
(dq
), the first CRT coefficient
(qi
) and the other primes info
(oth
). Must not be null
.public RSAKey.Builder keyUse(KeyUse use)
use
) of the JWK.use
- The key use, null
if not specified or if
the key is intended for signing as well as
encryption.public RSAKey.Builder keyOperations(Set<KeyOperation> ops)
key_ops
) of the JWK (for a
non-public key).ops
- The key operations, null
if not
specified.public RSAKey.Builder algorithm(Algorithm alg)
alg
) for the JWK.alg
- The intended JOSE algorithm, null
if not
specified.public RSAKey.Builder keyID(String kid)
kid
) of the JWK. The key ID can be used
to match a specific key. This can be used, for instance, to
choose a key within a JWKSet
during key rollover.
The key ID may also correspond to a JWS/JWE kid
header parameter value.kid
- The key ID, null
if not specified.public RSAKey.Builder keyIDFromThumbprint() throws JOSEException
kid
) of the JWK to its SHA-256 JWK
thumbprint (RFC 7638). The key ID can be used to match a
specific key. This can be used, for instance, to choose a
key within a JWKSet
during key rollover. The key ID
may also correspond to a JWS/JWE kid
header
parameter value.JOSEException
- If the SHA-256 hash algorithm is not
supported.public RSAKey.Builder keyIDFromThumbprint(String hashAlg) throws JOSEException
kid
) of the JWK to its JWK thumbprint
(RFC 7638). The key ID can be used to match a specific key.
This can be used, for instance, to choose a key within a
JWKSet
during key rollover. The key ID may also
correspond to a JWS/JWE kid
header parameter value.hashAlg
- The hash algorithm for the JWK thumbprint
computation. Must not be null
.JOSEException
- If the hash algorithm is not
supported.public RSAKey.Builder x509CertURL(URI x5u)
x5u
) of the JWK.x5u
- The X.509 certificate URL, null
if not
specified.@Deprecated public RSAKey.Builder x509CertThumbprint(Base64URL x5t)
x5t
) of
the JWK.x5t
- The X.509 certificate SHA-1 thumbprint,
null
if not specified.public RSAKey.Builder x509CertSHA256Thumbprint(Base64URL x5t256)
x5t#S256
) of the JWK.x5t256
- The X.509 certificate SHA-256 thumbprint,
null
if not specified.public RSAKey.Builder x509CertChain(List<Base64> x5c)
x5c
) of the JWK.x5c
- The X.509 certificate chain as a unmodifiable
list, null
if not specified.public RSAKey.Builder keyStore(KeyStore keyStore)
keyStore
- Reference to the underlying key store,
null
if none.public RSAKey build()
IllegalStateException
- If the JWK parameters were
inconsistently specified.Copyright © 2021 Connect2id Ltd.. All rights reserved.