001/* 002 * nimbus-jose-jwt 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.jose.jwk.gen; 019 020 021import java.security.KeyStore; 022import java.util.Set; 023 024import com.nimbusds.jose.Algorithm; 025import com.nimbusds.jose.JOSEException; 026import com.nimbusds.jose.jwk.JWK; 027import com.nimbusds.jose.jwk.JWKSet; 028import com.nimbusds.jose.jwk.KeyOperation; 029import com.nimbusds.jose.jwk.KeyUse; 030 031 032/** 033 * Abstract JWK generator. 034 * 035 * @author Vladimir Dzhuvinov 036 * @version 2018-09-07 037 */ 038public abstract class JWKGenerator<T extends JWK> { 039 040 041 /** 042 * The key use, optional. 043 */ 044 protected KeyUse use; 045 046 047 /** 048 * The key operations, optional. 049 */ 050 protected Set<KeyOperation> ops; 051 052 053 /** 054 * The intended JOSE algorithm for the key, optional. 055 */ 056 protected Algorithm alg; 057 058 059 /** 060 * The key ID, optional. 061 */ 062 protected String kid; 063 064 065 /** 066 * If {@code true} sets the ID of the JWK to the SHA-256 thumbprint of 067 * the JWK. 068 */ 069 protected boolean x5tKid; 070 071 072 /** 073 * Reference to the underlying key store, {@code null} if none. 074 */ 075 protected KeyStore keyStore; 076 077 078 /** 079 * Sets the use ({@code use}) of the JWK. 080 * 081 * @param use The key use, {@code null} if not specified or if 082 * the key is intended for signing as well as 083 * encryption. 084 * 085 * @return This generator. 086 */ 087 public JWKGenerator<T> keyUse(final KeyUse use) { 088 089 this.use = use; 090 return this; 091 } 092 093 094 /** 095 * Sets the operations ({@code key_ops}) of the JWK. 096 * 097 * @param ops The key operations, {@code null} if not 098 * specified. 099 * 100 * @return This generator. 101 */ 102 public JWKGenerator<T> keyOperations(final Set<KeyOperation> ops) { 103 104 this.ops = ops; 105 return this; 106 } 107 108 109 /** 110 * Sets the intended JOSE algorithm ({@code alg}) for the JWK. 111 * 112 * @param alg The intended JOSE algorithm, {@code null} if not 113 * specified. 114 * 115 * @return This generator. 116 */ 117 public JWKGenerator<T> algorithm(final Algorithm alg) { 118 119 this.alg = alg; 120 return this; 121 } 122 123 /** 124 * Sets the ID ({@code kid}) of the JWK. The key ID can be used 125 * to match a specific key. This can be used, for instance, to 126 * choose a key within a {@link JWKSet} during key rollover. 127 * The key ID may also correspond to a JWS/JWE {@code kid} 128 * header parameter value. 129 * 130 * @param kid The key ID, {@code null} if not specified. 131 * 132 * @return This generator. 133 */ 134 public JWKGenerator<T> keyID(final String kid) { 135 136 this.kid = kid; 137 return this; 138 } 139 140 141 /** 142 * Sets the ID ({@code kid}) of the JWK to its SHA-256 JWK 143 * thumbprint (RFC 7638). The key ID can be used to match a 144 * specific key. This can be used, for instance, to choose a 145 * key within a {@link JWKSet} during key rollover. The key ID 146 * may also correspond to a JWS/JWE {@code kid} header 147 * parameter value. 148 * 149 * @param x5tKid If {@code true} sets the ID of the JWK to the SHA-256 150 * JWK thumbprint. 151 * 152 * @return This generator. 153 */ 154 public JWKGenerator<T> keyIDFromThumbprint(final boolean x5tKid) { 155 156 this.x5tKid = x5tKid; 157 return this; 158 } 159 160 161 /** 162 * Sets the underlying key store. 163 * 164 * @param keyStore Reference to the underlying key store, 165 * {@code null} if none. 166 * 167 * @return This generator. 168 */ 169 public JWKGenerator<T> keyStore(final KeyStore keyStore) { 170 171 this.keyStore = keyStore; 172 return this; 173 } 174 175 176 /** 177 * Generates the JWK according to the set parameters. 178 * 179 * @return The generated JWK. 180 * 181 * @throws JOSEException If the key generation failed. 182 */ 183 public abstract T generate() throws JOSEException; 184}