T - the mutator subtype, for method chainingpublic interface X509Mutator<T extends X509Mutator<T>>
| Modifier and Type | Method and Description |
|---|---|
T |
x509Chain(List<X509Certificate> chain)
Sets the
x5c (X.509 Certificate Chain) of the associated JWT or JWK. |
T |
x509Sha1Thumbprint(byte[] thumbprint)
Sets the
x5t (X.509 Certificate SHA-1 Thumbprint) (a.k.a. |
T |
x509Sha256Thumbprint(byte[] thumbprint)
Sets the
x5t#S256 (X.509 Certificate SHA-256 Thumbprint) (a.k.a. |
T |
x509Url(URI uri)
Sets the
x5u (X.509 URL) that refers to a resource containing the X.509 public key certificate or
certificate chain of the associated JWT or JWK. |
T x509Url(URI uri)
x5u (X.509 URL) that refers to a resource containing the X.509 public key certificate or
certificate chain of the associated JWT or JWK. A null value will remove the property from the JSON map.
The URI MUST refer to a resource for an X.509 public key certificate or certificate chain that conforms to RFC 5280 in PEM-encoded form, with each certificate delimited as specified in Section 6.1 of RFC 4945. The key in the first certificate MUST match the public key represented by other members of the associated JWT or JWK. The protocol used to acquire the resource MUST provide integrity protection; an HTTP GET request to retrieve the certificate MUST use HTTP over TLS; the identity of the server MUST be validated, as per Section 6 of RFC 6125.
JwsHeader, the certificate or first certificate in the chain contains
the public key complement of the private key used to digitally sign the JWS.JweHeader, the certificate or first certificate in the chain contains the
public key to which the JWE was encrypted, and may be used to determine the private key needed to
decrypt the JWE.AsymmetricJwk, the certificate or first certificate in the chain
MUST contain the public key represented by the JWK.uri - the x5u (X.509 URL) that refers to a resource for the X.509 public key certificate or
certificate chain associated with the JWT or JWK.x5u (X.509 URL) Parameter,
JWS x5u (X.509 URL) Header Parameter,
JWE x5u (X.509 URL) Header ParameterT x509Chain(List<X509Certificate> chain)
x5c (X.509 Certificate Chain) of the associated JWT or JWK. A null value will remove the
property from the JSON map. The initial certificate MAY be followed by additional certificates, with
each subsequent certificate being the one used to certify the previous one.
JwsHeader, the first certificate (at list index 0) MUST contain
the public key complement of the private key used to digitally sign the JWS.JweHeader, the first certificate (at list index 0) MUST contain the
public key to which the JWE was encrypted, and may be used to determine the private key needed to
decrypt the JWE.AsymmetricJwk, the first certificate (at list index 0) MUST contain
the public key represented by the JWK.chain - the x5c (X.509 Certificate Chain) of the associated JWT or JWK.x5c (X.509 Certificate Chain) Parameter,
JWS x5c (X.509 Certificate Chain) Header Parameter,
JWE x5c (X.509 Certificate Chain) Header ParameterT x509Sha1Thumbprint(byte[] thumbprint)
x5t (X.509 Certificate SHA-1 Thumbprint) (a.k.a. digest) of the DER-encoding of the
X.509 Certificate associated with the JWT or JWK. A null value will remove the
property from the JSON map.
Note that certificate thumbprints are also sometimes known as certificate fingerprints.
JwsHeader, it is the SHA-1 thumbprint of the X.509 certificate complement of
the private key used to digitally sign the JWS.JweHeader, it is the thumbprint of the X.509 Certificate containing the
public key to which the JWE was encrypted, and may be used to determine the private key needed to
decrypt the JWE.AsymmetricJwk, it is the thumbprint of the X.509 certificate containing the
public key represented by the JWK.thumbprint - the x5t (X.509 Certificate SHA-1 Thumbprint) (a.k.a. digest) of the DER-encoding of the
X.509 Certificate associated with the JWT or JWKx5t (X.509 Certificate SHA-1 Thumbprint) Parameter,
JWS x5t (X.509 Certificate SHA-1 Thumbprint) Header Parameter,
JWE x5t (X.509 Certificate SHA-1 Thumbprint) Header ParameterT x509Sha256Thumbprint(byte[] thumbprint)
x5t#S256 (X.509 Certificate SHA-256 Thumbprint) (a.k.a. digest) of the DER-encoding of the
X.509 Certificate associated with the JWT or JWK. A null value will remove the
property from the JSON map.
Note that certificate thumbprints are also sometimes known as certificate fingerprints.
JwsHeader, it is the SHA-256 thumbprint of the X.509 certificate complement
of the private key used to digitally sign the JWS.JweHeader, it is the SHA-256 thumbprint of the X.509 Certificate containing the
public key to which the JWE was encrypted, and may be used to determine the private key needed to
decrypt the JWE.AsymmetricJwk, it is the SHA-256 thumbprint of the X.509 certificate
containing the public key represented by the JWK.thumbprint - the x5t (X.509 Certificate SHA-1 Thumbprint) (a.k.a. digest) of the DER-encoding of the
X.509 Certificate associated with the JWT or JWKx5t#S256 (X.509 Certificate SHA-256 Thumbprint) Parameter,
JWS x5t#S256 (X.509 Certificate SHA-256 Thumbprint) Header Parameter,
JWE x5t#S256 (X.509 Certificate SHA-256 Thumbprint) Header ParameterCopyright © 2014–2025 jsonwebtoken.io. All rights reserved.