Package com.nimbusds.jose.jwk

Class ECKey.Builder

java.lang.Object
com.nimbusds.jose.jwk.ECKey.Builder
Enclosing class:
ECKey
public static class ECKey.Builder extends Object
Builder for constructing Elliptic Curve JWKs.

Example usage: 

 ECKey key = new ECKey.Builder(Curve.P521, x, y)
     .d(d)
     .algorithm(JWSAlgorithm.ES512)
     .keyID("1")
     .build();

  • Constructor Details

    • Builder

      public Builder(Curve crv, Base64URL x, Base64URL y)
      Creates a new Elliptic Curve JWK builder.
      Parameters:
      crv - The cryptographic curve. Must not be null.
      x - The public 'x' coordinate for the elliptic curve point. It is represented as the Base64URL encoding of the coordinate's big endian representation. Must not be null.
      y - The public 'y' coordinate for the elliptic curve point. It is represented as the Base64URL encoding of the coordinate's big endian representation. Must not be null.

    • Builder

      public Builder(Curve crv, ECPublicKey pub)
      Creates a new Elliptic Curve JWK builder.
      Parameters:
      crv - The cryptographic curve. Must not be null.
      pub - The public EC key to represent. Must not be null.

    • Builder

      public Builder(ECKey ecJWK)
      Creates a new Elliptic Curve JWK builder.
      Parameters:
      ecJWK - The EC JWK to start with. Must not be null.

  • Method Details

    • d

      public ECKey.Builder d(Base64URL d)
      Sets the private 'd' coordinate for the elliptic curve point. The alternative method is privateKey(java.security.interfaces.ECPrivateKey).
      Parameters:
      d - The private 'd' coordinate. It is represented as the Base64URL encoding of the coordinate's big endian representation. null if not specified (for a public key or private key specified otherwise).
      Returns:
      This builder.

    • privateKey

      public ECKey.Builder privateKey(ECPrivateKey priv)
      Sets the private Elliptic Curve key. The alternative method is d.
      Parameters:
      priv - The private EC key, used to obtain the private 'd' coordinate for the elliptic curve point. null if not specified (for a public key or private key specified otherwise).
      Returns:
      This builder.

    • privateKey

      public ECKey.Builder privateKey(PrivateKey priv)
      Sets the private EC key, typically for a key located in a PKCS#11 store that doesn't expose the private key parameters (such as a smart card or HSM).
      Parameters:
      priv - The private EC key reference. Its algorithm must be "EC". null if not specified (for a public key or private key specified otherwise).
      Returns:
      This builder.

    • keyUse

      public ECKey.Builder keyUse(KeyUse use)
      Sets the use (use) of the JWK.
      Parameters:
      use - The key use, null if not specified or if the key is intended for signing as well as encryption.
      Returns:
      This builder.

    • keyOperations

      public ECKey.Builder keyOperations(Set<KeyOperation> ops)
      Sets the operations (key_ops) of the JWK.
      Parameters:
      ops - The key operations, null if not specified.
      Returns:
      This builder.

    • algorithm

      public ECKey.Builder algorithm(Algorithm alg)
      Sets the intended JOSE algorithm (alg) for the JWK.
      Parameters:
      alg - The intended JOSE algorithm, null if not specified.
      Returns:
      This builder.

    • keyID

      public ECKey.Builder keyID(String kid)
      Sets the ID (kid) of the JWK. The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
      Parameters:
      kid - The key ID, null if not specified.
      Returns:
      This builder.

    • keyIDFromThumbprint

      public ECKey.Builder keyIDFromThumbprint() throws JOSEException
      Sets the ID (kid) of the JWK to its SHA-256 JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
      Returns:
      This builder.
      Throws:
      JOSEException - If the SHA-256 hash algorithm is not supported.

    • keyIDFromThumbprint

      public ECKey.Builder keyIDFromThumbprint(String hashAlg) throws JOSEException
      Sets the ID (kid) of the JWK to its JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
      Parameters:
      hashAlg - The hash algorithm for the JWK thumbprint computation. Must not be null.
      Returns:
      This builder.
      Throws:
      JOSEException - If the hash algorithm is not supported.

    • x509CertURL

      public ECKey.Builder x509CertURL(URI x5u)
      Sets the X.509 certificate URL (x5u) of the JWK.
      Parameters:
      x5u - The X.509 certificate URL, null if not specified.
      Returns:
      This builder.

    • x509CertThumbprint

      @Deprecated public ECKey.Builder x509CertThumbprint(Base64URL x5t)
      Deprecated.
      Sets the X.509 certificate SHA-1 thumbprint (x5t) of the JWK.
      Parameters:
      x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
      Returns:
      This builder.

    • x509CertSHA256Thumbprint

      public ECKey.Builder x509CertSHA256Thumbprint(Base64URL x5t256)
      Sets the X.509 certificate SHA-256 thumbprint (x5t#S256) of the JWK.
      Parameters:
      x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
      Returns:
      This builder.

    • x509CertChain

      public ECKey.Builder x509CertChain(List<Base64> x5c)
      Sets the X.509 certificate chain (x5c) of the JWK.
      Parameters:
      x5c - The X.509 certificate chain as a unmodifiable list, null if not specified.
      Returns:
      This builder.

    • expirationTime

      public ECKey.Builder expirationTime(Date exp)
      Sets the expiration time (exp) of the JWK.
      Parameters:
      exp - The expiration time, null if not specified.
      Returns:
      This builder.

    • notBeforeTime

      public ECKey.Builder notBeforeTime(Date nbf)
      Sets the not-before time (nbf) of the JWK.
      Parameters:
      nbf - The not-before time, null if not specified.
      Returns:
      This builder.

    • issueTime

      public ECKey.Builder issueTime(Date iat)
      Sets the issued-at time (iat) of the JWK.
      Parameters:
      iat - The issued-at time, null if not specified.
      Returns:
      This builder.

    • keyRevocation

      public ECKey.Builder keyRevocation(KeyRevocation revocation)
      Sets the revocation (revoked) of the JWK.
      Parameters:
      revocation - The key revocation, null if not specified.
      Returns:
      This builder.

    • keyStore

      public ECKey.Builder keyStore(KeyStore keyStore)
      Sets the underlying key store.
      Parameters:
      keyStore - Reference to the underlying key store, null if none.
      Returns:
      This builder.

    • build

      public ECKey build()
      Builds a new Elliptic Curve JWK.
      Returns:
      The Elliptic Curve JWK.
      Throws:
      IllegalStateException - If the JWK parameters were inconsistently specified.