Package com.nimbusds.jose.jwk
Class OctetKeyPair.Builder
- java.lang.Object
-
- com.nimbusds.jose.jwk.OctetKeyPair.Builder
-
- Enclosing class:
- OctetKeyPair
public static class OctetKeyPair.Builder extends Object
Builder for constructing Octet Key Pair JWKs.Example usage:
OctetKeyPair key = new OctetKeyPair.Builder(Curve.Ed25519, x) .d(d) .algorithm(JWSAlgorithm.EdDSA) .keyID("1") .build();
-
-
Constructor Summary
Constructors Constructor Description Builder(Curve crv, Base64URL x)
Creates a new Octet Key Pair JWK builder.Builder(OctetKeyPair okpJWK)
Creates a new Octet Key Pair JWK builder.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description OctetKeyPair.Builder
algorithm(Algorithm alg)
Sets the intended JOSE algorithm (alg
) for the JWK.OctetKeyPair
build()
Builds a new Octet Key Pair JWK.OctetKeyPair.Builder
d(Base64URL d)
Sets the private 'd' parameter.OctetKeyPair.Builder
expirationTime(Date exp)
Sets the expiration time (exp
) of the JWK.OctetKeyPair.Builder
issueTime(Date iat)
Sets the issued-at time (iat
) of the JWK.OctetKeyPair.Builder
keyID(String kid)
Sets the ID (kid
) of the JWK.OctetKeyPair.Builder
keyIDFromThumbprint()
Sets the ID (kid
) of the JWK to its SHA-256 JWK thumbprint (RFC 7638).OctetKeyPair.Builder
keyIDFromThumbprint(String hashAlg)
Sets the ID (kid
) of the JWK to its JWK thumbprint (RFC 7638).OctetKeyPair.Builder
keyOperations(Set<KeyOperation> ops)
Sets the operations (key_ops
) of the JWK.OctetKeyPair.Builder
keyStore(KeyStore keyStore)
Sets the underlying key store.OctetKeyPair.Builder
keyUse(KeyUse use)
Sets the use (use
) of the JWK.OctetKeyPair.Builder
notBeforeTime(Date nbf)
Sets the not-before time (nbf
) of the JWK.OctetKeyPair.Builder
x509CertChain(List<Base64> x5c)
Sets the X.509 certificate chain (x5c
) of the JWK.OctetKeyPair.Builder
x509CertSHA256Thumbprint(Base64URL x5t256)
Sets the X.509 certificate SHA-256 thumbprint (x5t#S256
) of the JWK.OctetKeyPair.Builder
x509CertThumbprint(Base64URL x5t)
Deprecated.OctetKeyPair.Builder
x509CertURL(URI x5u)
Sets the X.509 certificate URL (x5u
) of the JWK.
-
-
-
Constructor Detail
-
Builder
public Builder(Curve crv, Base64URL x)
Creates a new Octet Key Pair JWK builder.- Parameters:
crv
- The cryptographic curve. Must not benull
.x
- The public 'x' parameter. Must not benull
.
-
Builder
public Builder(OctetKeyPair okpJWK)
Creates a new Octet Key Pair JWK builder.- Parameters:
okpJWK
- The Octet Key Pair to start with. Must not benull
.
-
-
Method Detail
-
d
public OctetKeyPair.Builder d(Base64URL d)
Sets the private 'd' parameter.- Parameters:
d
- The private 'd' parameter,null
if not specified (for a public key).- Returns:
- This builder.
-
keyUse
public OctetKeyPair.Builder keyUse(KeyUse use)
Sets the use (use
) of the JWK.- Parameters:
use
- The key use,null
if not specified or if the key is intended for signing as well as encryption.- Returns:
- This builder.
-
keyOperations
public OctetKeyPair.Builder keyOperations(Set<KeyOperation> ops)
Sets the operations (key_ops
) of the JWK.- Parameters:
ops
- The key operations,null
if not specified.- Returns:
- This builder.
-
algorithm
public OctetKeyPair.Builder algorithm(Algorithm alg)
Sets the intended JOSE algorithm (alg
) for the JWK.- Parameters:
alg
- The intended JOSE algorithm,null
if not specified.- Returns:
- This builder.
-
keyID
public OctetKeyPair.Builder keyID(String kid)
Sets the ID (kid
) of the JWK. The key ID can be used to match a specific key. This can be used, for instance, to choose a key within aJWKSet
during key rollover. The key ID may also correspond to a JWS/JWEkid
header parameter value.- Parameters:
kid
- The key ID,null
if not specified.- Returns:
- This builder.
-
keyIDFromThumbprint
public OctetKeyPair.Builder keyIDFromThumbprint() throws JOSEException
Sets the ID (kid
) of the JWK to its SHA-256 JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within aJWKSet
during key rollover. The key ID may also correspond to a JWS/JWEkid
header parameter value.- Returns:
- This builder.
- Throws:
JOSEException
- If the SHA-256 hash algorithm is not supported.
-
keyIDFromThumbprint
public OctetKeyPair.Builder keyIDFromThumbprint(String hashAlg) throws JOSEException
Sets the ID (kid
) of the JWK to its JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within aJWKSet
during key rollover. The key ID may also correspond to a JWS/JWEkid
header parameter value.- Parameters:
hashAlg
- The hash algorithm for the JWK thumbprint computation. Must not benull
.- Returns:
- This builder.
- Throws:
JOSEException
- If the hash algorithm is not supported.
-
x509CertURL
public OctetKeyPair.Builder x509CertURL(URI x5u)
Sets the X.509 certificate URL (x5u
) of the JWK.- Parameters:
x5u
- The X.509 certificate URL,null
if not specified.- Returns:
- This builder.
-
x509CertThumbprint
@Deprecated public OctetKeyPair.Builder x509CertThumbprint(Base64URL x5t)
Deprecated.Sets the X.509 certificate SHA-1 thumbprint (x5t
) of the JWK.- Parameters:
x5t
- The X.509 certificate SHA-1 thumbprint,null
if not specified.- Returns:
- This builder.
-
x509CertSHA256Thumbprint
public OctetKeyPair.Builder x509CertSHA256Thumbprint(Base64URL x5t256)
Sets the X.509 certificate SHA-256 thumbprint (x5t#S256
) of the JWK.- Parameters:
x5t256
- The X.509 certificate SHA-256 thumbprint,null
if not specified.- Returns:
- This builder.
-
x509CertChain
public OctetKeyPair.Builder x509CertChain(List<Base64> x5c)
Sets the X.509 certificate chain (x5c
) of the JWK.- Parameters:
x5c
- The X.509 certificate chain as a unmodifiable list,null
if not specified.- Returns:
- This builder.
-
expirationTime
public OctetKeyPair.Builder expirationTime(Date exp)
Sets the expiration time (exp
) of the JWK.- Parameters:
exp
- The expiration time,null
if not specified.- Returns:
- This builder.
-
notBeforeTime
public OctetKeyPair.Builder notBeforeTime(Date nbf)
Sets the not-before time (nbf
) of the JWK.- Parameters:
nbf
- The not-before time,null
if not specified.- Returns:
- This builder.
-
issueTime
public OctetKeyPair.Builder issueTime(Date iat)
Sets the issued-at time (iat
) of the JWK.- Parameters:
iat
- The issued-at time,null
if not specified.- Returns:
- This builder.
-
keyStore
public OctetKeyPair.Builder keyStore(KeyStore keyStore)
Sets the underlying key store.- Parameters:
keyStore
- Reference to the underlying key store,null
if none.- Returns:
- This builder.
-
build
public OctetKeyPair build()
Builds a new Octet Key Pair JWK.- Returns:
- The Octet Key Pair JWK.
- Throws:
IllegalStateException
- If the JWK parameters were inconsistently specified.
-
-