Package com.nimbusds.jose.jwk.gen
Class JWKGenerator<T extends JWK>
- java.lang.Object
-
- com.nimbusds.jose.jwk.gen.JWKGenerator<T>
-
- Direct Known Subclasses:
ECKeyGenerator,OctetKeyPairGenerator,OctetSequenceKeyGenerator,RSAKeyGenerator
public abstract class JWKGenerator<T extends JWK> extends Object
Abstract JWK generator.- Version:
- 2023-01-29
- Author:
- Vladimir Dzhuvinov, Justin Cranford
-
-
Field Summary
Fields Modifier and Type Field Description protected AlgorithmalgThe intended JOSE algorithm for the key, optional.protected DateexpThe key expiration time, optional.protected DateiatThe key issued-at time, optional.protected KeyStorekeyStoreReference to the underlying key store,nullif none.protected StringkidThe key ID, optional.protected DatenbfThe key not-before time, optional.protected Set<KeyOperation>opsThe key operations, optional.protected ProviderproviderThe JCA provider,nullto use the default one.protected SecureRandomsecureRandomThe secure random generator to use,nullto use the default one.protected KeyUseuseThe key use, optional.protected booleanx5tKidIftruesets the ID of the JWK to the SHA-256 thumbprint of the JWK.
-
Constructor Summary
Constructors Constructor Description JWKGenerator()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description JWKGenerator<T>algorithm(Algorithm alg)Sets the intended JOSE algorithm (alg) for the JWK.JWKGenerator<T>expirationTime(Date exp)Sets the expiration time (exp) of the JWK.abstract Tgenerate()Generates the JWK according to the set parameters.JWKGenerator<T>issueTime(Date iat)Sets the issued-at time (iat) of the JWK.JWKGenerator<T>keyID(String kid)Sets the ID (kid) of the JWK.JWKGenerator<T>keyIDFromThumbprint(boolean x5tKid)Sets the ID (kid) of the JWK to its SHA-256 JWK thumbprint (RFC 7638).JWKGenerator<T>keyOperations(Set<KeyOperation> ops)Sets the operations (key_ops) of the JWK.JWKGenerator<T>keyStore(KeyStore keyStore)Sets the underlying key store.JWKGenerator<T>keyUse(KeyUse use)Sets the use (use) of the JWK.JWKGenerator<T>notBeforeTime(Date nbf)Sets the not-before time (nbf) of the JWK.JWKGenerator<T>provider(Provider provider)Sets the JCA provider for the key generation.JWKGenerator<T>secureRandom(SecureRandom secureRandom)Sets the secure random generator to use.
-
-
-
Field Detail
-
ops
protected Set<KeyOperation> ops
The key operations, optional.
-
x5tKid
protected boolean x5tKid
Iftruesets the ID of the JWK to the SHA-256 thumbprint of the JWK.
-
secureRandom
protected SecureRandom secureRandom
The secure random generator to use,nullto use the default one.
-
-
Constructor Detail
-
JWKGenerator
public JWKGenerator()
-
-
Method Detail
-
keyUse
public JWKGenerator<T> keyUse(KeyUse use)
Sets the use (use) of the JWK.- Parameters:
use- The key use,nullif not specified or if the key is intended for signing as well as encryption.- Returns:
- This generator.
-
keyOperations
public JWKGenerator<T> keyOperations(Set<KeyOperation> ops)
Sets the operations (key_ops) of the JWK.- Parameters:
ops- The key operations,nullif not specified.- Returns:
- This generator.
-
algorithm
public JWKGenerator<T> algorithm(Algorithm alg)
Sets the intended JOSE algorithm (alg) for the JWK.- Parameters:
alg- The intended JOSE algorithm,nullif not specified.- Returns:
- This generator.
-
keyID
public JWKGenerator<T> keyID(String kid)
Sets the ID (kid) of the JWK. The key ID can be used to match a specific key. This can be used, for instance, to choose a key within aJWKSetduring key rollover. The key ID may also correspond to a JWS/JWEkidheader parameter value.- Parameters:
kid- The key ID,nullif not specified.- Returns:
- This generator.
-
keyIDFromThumbprint
public JWKGenerator<T> keyIDFromThumbprint(boolean x5tKid)
Sets the ID (kid) of the JWK to its SHA-256 JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within aJWKSetduring key rollover. The key ID may also correspond to a JWS/JWEkidheader parameter value.- Parameters:
x5tKid- Iftruesets the ID of the JWK to the SHA-256 JWK thumbprint.- Returns:
- This generator.
-
expirationTime
public JWKGenerator<T> expirationTime(Date exp)
Sets the expiration time (exp) of the JWK.- Parameters:
exp- The expiration time,nullif not specified.- Returns:
- This generator.
-
notBeforeTime
public JWKGenerator<T> notBeforeTime(Date nbf)
Sets the not-before time (nbf) of the JWK.- Parameters:
nbf- The not-before time,nullif not specified.- Returns:
- This generator.
-
issueTime
public JWKGenerator<T> issueTime(Date iat)
Sets the issued-at time (iat) of the JWK.- Parameters:
iat- The issued-at time,nullif not specified.- Returns:
- This generator.
-
keyStore
public JWKGenerator<T> keyStore(KeyStore keyStore)
Sets the underlying key store. Overrides theJCA provideris set. Note, some JWK generators may not use the JCA key store API.- Parameters:
keyStore- Reference to the underlying key store,nullif none.- Returns:
- This generator.
-
provider
public JWKGenerator<T> provider(Provider provider)
Sets the JCA provider for the key generation. Note, some JWK generators may not use the JCA provider API.- Parameters:
provider- The JCA provider,nullto use the default one.- Returns:
- This generator.
-
secureRandom
public JWKGenerator<T> secureRandom(SecureRandom secureRandom)
Sets the secure random generator to use. Note, some JWK generators may not use the JCA secure random API.- Parameters:
secureRandom- The secure random generator to use,nullto use the default one.- Returns:
- This generator.
-
generate
public abstract T generate() throws JOSEException
Generates the JWK according to the set parameters.- Returns:
- The generated JWK.
- Throws:
JOSEException- If the key generation failed.
-
-