com.nimbusds.jose.jwk

Class OctetKeyPair.Builder

java.lang.Object

com.nimbusds.jose.jwk.OctetKeyPair.Builder

Enclosing class:

OctetKeyPair

public static class OctetKeyPair.Builder
extends Object

Builder for constructing Octet Key Pair JWKs.

Example usage:

 OctetKeyPair key = new OctetKeyPair.Builder(Curve.Ed25519, x)
     .d(d)
     .algorithm(JWSAlgorithm.EdDSA)
     .keyID("1")
     .build();
 

Constructor Summary

Constructors

Constructor and Description
Builder(Curve crv, Base64URL x) Creates a new Octet Key Pair JWK builder.
Builder(OctetKeyPair okpJWK) Creates a new Octet Key Pair JWK builder.

Method Summary

Modifier and Type	Method and Description
OctetKeyPair.Builder	algorithm(Algorithm alg) Sets the intended JOSE algorithm (alg) for the JWK.
OctetKeyPair	build() Builds a new Octet Key Pair JWK.
OctetKeyPair.Builder	d(Base64URL d) Sets the private 'd' parameter.
OctetKeyPair.Builder	keyID(String kid) Sets the ID (kid) of the JWK.
OctetKeyPair.Builder	keyIDFromThumbprint() Sets the ID (kid) of the JWK to its SHA-256 JWK thumbprint (RFC 7638).
OctetKeyPair.Builder	keyIDFromThumbprint(String hashAlg) Sets the ID (kid) of the JWK to its JWK thumbprint (RFC 7638).
OctetKeyPair.Builder	keyOperations(Set<KeyOperation> ops) Sets the operations (key_ops) of the JWK.
OctetKeyPair.Builder	keyStore(KeyStore keyStore) Sets the underlying key store.
OctetKeyPair.Builder	keyUse(KeyUse use) Sets the use (use) of the JWK.
OctetKeyPair.Builder	x509CertChain(List<Base64> x5c) Sets the X.509 certificate chain (x5c) of the JWK.
OctetKeyPair.Builder	x509CertSHA256Thumbprint(Base64URL x5t256) Sets the X.509 certificate SHA-256 thumbprint (x5t#S256) of the JWK.
OctetKeyPair.Builder	x509CertThumbprint(Base64URL x5t) Deprecated.
OctetKeyPair.Builder	x509CertURL(URI x5u) Sets the X.509 certificate URL (x5u) of the JWK.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Builder

public Builder(Curve crv,
               Base64URL x)

Creates a new Octet Key Pair JWK builder.

Parameters:

crv - The cryptographic curve. Must not be null.

x - The public 'x' parameter. Must not be null.

Builder

public Builder(OctetKeyPair okpJWK)

Creates a new Octet Key Pair JWK builder.

Parameters:

okpJWK - The Octet Key Pair to start with. Must not be null.

Method Detail

d

public OctetKeyPair.Builder d(Base64URL d)

Sets the private 'd' parameter.

Parameters:

d - The private 'd' parameter, null if not specified (for a public key).

Returns:

This builder.

keyUse

public OctetKeyPair.Builder keyUse(KeyUse use)

Sets the use (use) of the JWK.

Parameters:

use - The key use, null if not specified or if the key is intended for signing as well as encryption.

Returns:

This builder.

keyOperations

public OctetKeyPair.Builder keyOperations(Set<KeyOperation> ops)

Sets the operations (key_ops) of the JWK.

Parameters:

ops - The key operations, null if not specified.

Returns:

This builder.

algorithm

public OctetKeyPair.Builder algorithm(Algorithm alg)

Sets the intended JOSE algorithm (alg) for the JWK.

Parameters:

alg - The intended JOSE algorithm, null if not specified.

Returns:

This builder.

keyID

public OctetKeyPair.Builder keyID(String kid)

Sets the ID (kid) of the JWK. The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.

Parameters:

kid - The key ID, null if not specified.

Returns:

This builder.

keyIDFromThumbprint

public OctetKeyPair.Builder keyIDFromThumbprint()
                                         throws JOSEException

Sets the ID (kid) of the JWK to its SHA-256 JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.

Returns:

This builder.

Throws:

JOSEException - If the SHA-256 hash algorithm is not supported.

keyIDFromThumbprint

public OctetKeyPair.Builder keyIDFromThumbprint(String hashAlg)
                                         throws JOSEException

Sets the ID (kid) of the JWK to its JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.

Parameters:

hashAlg - The hash algorithm for the JWK thumbprint computation. Must not be null.

Returns:

This builder.

Throws:

JOSEException - If the hash algorithm is not supported.

x509CertURL

public OctetKeyPair.Builder x509CertURL(URI x5u)

Sets the X.509 certificate URL (x5u) of the JWK.

Parameters:

x5u - The X.509 certificate URL, null if not specified.

Returns:

This builder.

x509CertThumbprint

@Deprecated
public OctetKeyPair.Builder x509CertThumbprint(Base64URL x5t)

Deprecated.

Sets the X.509 certificate SHA-1 thumbprint (x5t) of the JWK.

Parameters:

x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.

Returns:

This builder.

x509CertSHA256Thumbprint

public OctetKeyPair.Builder x509CertSHA256Thumbprint(Base64URL x5t256)

Sets the X.509 certificate SHA-256 thumbprint (x5t#S256) of the JWK.

Parameters:

x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.

Returns:

This builder.

x509CertChain

public OctetKeyPair.Builder x509CertChain(List<Base64> x5c)

Sets the X.509 certificate chain (x5c) of the JWK.

Parameters:

x5c - The X.509 certificate chain as a unmodifiable list, null if not specified.

Returns:

This builder.

keyStore

public OctetKeyPair.Builder keyStore(KeyStore keyStore)

Sets the underlying key store.

Parameters:

keyStore - Reference to the underlying key store, null if none.

Returns:

This builder.

build

public OctetKeyPair build()

Builds a new Octet Key Pair JWK.

Returns:

The Octet Key Pair JWK.

Throws:

IllegalStateException - If the JWK parameters were inconsistently specified.