Package com.nimbusds.jose.jwk.gen

Class JWKGenerator<T extends JWK>

java.lang.Object
com.nimbusds.jose.jwk.gen.JWKGenerator<T>
Direct Known Subclasses:
ECKeyGenerator, OctetKeyPairGenerator, OctetSequenceKeyGenerator, RSAKeyGenerator
public abstract class JWKGenerator<T extends JWK> extends Object
Abstract JWK generator.
Version:
2023-01-29
Author:
Vladimir Dzhuvinov, Justin Cranford

  • Field Details

    • use

      protected KeyUse use
      The key use, optional.

    • ops

      protected Set<KeyOperation> ops
      The key operations, optional.

    • alg

      protected Algorithm alg
      The intended JOSE algorithm for the key, optional.

    • kid

      protected String kid
      The key ID, optional.

    • x5tKid

      protected boolean x5tKid
      If true sets the ID of the JWK to the SHA-256 thumbprint of the JWK.

    • exp

      protected Date exp
      The key expiration time, optional.

    • nbf

      protected Date nbf
      The key not-before time, optional.

    • iat

      protected Date iat
      The key issued-at time, optional.

    • keyStore

      protected KeyStore keyStore
      Reference to the underlying key store, null if none.

    • provider

      protected Provider provider
      The JCA provider, null to use the default one.

    • secureRandom

      protected SecureRandom secureRandom
      The secure random generator to use, null to use the default one.

  • Constructor Details

  • Method Details

    • keyUse

      public JWKGenerator<T> keyUse(KeyUse use)
      Sets the use (use) of the JWK.
      Parameters:
      use - The key use, null if not specified or if the key is intended for signing as well as encryption.
      Returns:
      This generator.

    • keyOperations

      public JWKGenerator<T> keyOperations(Set<KeyOperation> ops)
      Sets the operations (key_ops) of the JWK.
      Parameters:
      ops - The key operations, null if not specified.
      Returns:
      This generator.

    • algorithm

      public JWKGenerator<T> algorithm(Algorithm alg)
      Sets the intended JOSE algorithm (alg) for the JWK.
      Parameters:
      alg - The intended JOSE algorithm, null if not specified.
      Returns:
      This generator.

    • keyID

      public JWKGenerator<T> keyID(String kid)
      Sets the ID (kid) of the JWK. The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
      Parameters:
      kid - The key ID, null if not specified.
      Returns:
      This generator.

    • keyIDFromThumbprint

      public JWKGenerator<T> keyIDFromThumbprint(boolean x5tKid)
      Sets the ID (kid) of the JWK to its SHA-256 JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
      Parameters:
      x5tKid - If true sets the ID of the JWK to the SHA-256 JWK thumbprint.
      Returns:
      This generator.

    • expirationTime

      public JWKGenerator<T> expirationTime(Date exp)
      Sets the expiration time (exp) of the JWK.
      Parameters:
      exp - The expiration time, null if not specified.
      Returns:
      This generator.

    • notBeforeTime

      public JWKGenerator<T> notBeforeTime(Date nbf)
      Sets the not-before time (nbf) of the JWK.
      Parameters:
      nbf - The not-before time, null if not specified.
      Returns:
      This generator.

    • issueTime

      public JWKGenerator<T> issueTime(Date iat)
      Sets the issued-at time (iat) of the JWK.
      Parameters:
      iat - The issued-at time, null if not specified.
      Returns:
      This generator.

    • keyStore

      public JWKGenerator<T> keyStore(KeyStore keyStore)
      Sets the underlying key store. Overrides the JCA provider is set. Note, some JWK generators may not use the JCA key store API.
      Parameters:
      keyStore - Reference to the underlying key store, null if none.
      Returns:
      This generator.

    • provider

      public JWKGenerator<T> provider(Provider provider)
      Sets the JCA provider for the key generation. Note, some JWK generators may not use the JCA provider API.
      Parameters:
      provider - The JCA provider, null to use the default.
      Returns:
      This generator.

    • secureRandom

      public JWKGenerator<T> secureRandom(SecureRandom secureRandom)
      Sets the secure random generator to use. Note, some JWK generators may not use the JCA secure random API.
      Parameters:
      secureRandom - The secure random generator to use, null to use the default one.
      Returns:
      This generator.

    • generate

      public abstract T generate() throws JOSEException
      Generates the JWK according to the set parameters.
      Returns:
      The generated JWK.
      Throws:
      JOSEException - If the key generation failed.