Package com.nimbusds.jose.jwk

Class OctetSequenceKey.Builder

java.lang.Object

com.nimbusds.jose.jwk.OctetSequenceKey.Builder

Enclosing class:

OctetSequenceKey

public static class OctetSequenceKey.Builder
extends Object

Builder for constructing octet sequence JWKs.

Example usage:

 OctetSequenceKey key = new OctetSequenceKey.Builder(k)
     .algorithm(JWSAlgorithm.HS512)
     .keyID("123")
     .build();
 

Constructor Summary

Constructors

Constructor	Description
Builder(byte[] key)	Creates a new octet sequence JWK builder.
Builder(OctetSequenceKey octJWK)	Creates a new octet sequence JWK builder.
Builder(Base64URL k)	Creates a new octet sequence JWK builder.
Builder(SecretKey secretKey)	Creates a new octet sequence JWK builder.

Method Summary

Modifier and Type	Method	Description
OctetSequenceKey.Builder	algorithm(Algorithm alg)	Sets the intended JOSE algorithm (alg) for the JWK.
OctetSequenceKey	build()	Builds a new octet sequence JWK.
OctetSequenceKey.Builder	expirationTime(Date exp)	Sets the expiration time (exp) of the JWK.
OctetSequenceKey.Builder	issueTime(Date iat)	Sets the issued-at time (iat) of the JWK.
OctetSequenceKey.Builder	keyID(String kid)	Sets the ID (kid) of the JWK.
OctetSequenceKey.Builder	keyIDFromThumbprint()	Sets the ID (kid) of the JWK to its SHA-256 JWK thumbprint (RFC 7638).
OctetSequenceKey.Builder	keyIDFromThumbprint(String hashAlg)	Sets the ID (kid) of the JWK to its JWK thumbprint (RFC 7638).
OctetSequenceKey.Builder	keyOperations(Set<KeyOperation> ops)	Sets the operations (key_ops) of the JWK (for a non-public key).
OctetSequenceKey.Builder	keyRevocation(KeyRevocation revocation)	Sets the revocation (revoked) of the JWK.
OctetSequenceKey.Builder	keyStore(KeyStore keyStore)	Sets the underlying key store.
OctetSequenceKey.Builder	keyUse(KeyUse use)	Sets the use (use) of the JWK.
OctetSequenceKey.Builder	notBeforeTime(Date nbf)	Sets the not-before time (nbf) of the JWK.
OctetSequenceKey.Builder	x509CertChain(List<Base64> x5c)	Sets the X.509 certificate chain (x5c) of the JWK.
OctetSequenceKey.Builder	x509CertSHA256Thumbprint(Base64URL x5t256)	Sets the X.509 certificate SHA-256 thumbprint (x5t#S256) of the JWK.
OctetSequenceKey.Builder	x509CertThumbprint(Base64URL x5t)	Deprecated.
OctetSequenceKey.Builder	x509CertURL(URI x5u)	Sets the X.509 certificate URL (x5u) of the JWK.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

Builder

public Builder(Base64URL k)

Creates a new octet sequence JWK builder.

Parameters:

k - The key value. It is represented as the Base64URL encoding of value's big endian representation. Must not be null.

Builder

public Builder(byte[] key)

Creates a new octet sequence JWK builder.

Parameters:

key - The key value. Must not be empty byte array or null.

Builder

public Builder(SecretKey secretKey)

Creates a new octet sequence JWK builder.

Parameters:

secretKey - The secret key to represent. Must not be null.

Builder

public Builder(OctetSequenceKey octJWK)

Creates a new octet sequence JWK builder.

Parameters:

octJWK - The octet sequence JWK to start with. Must not be null.

Method Details

keyUse

public OctetSequenceKey.Builder keyUse(KeyUse use)

Sets the use (use) of the JWK.

Parameters:

use - The key use, null if not specified or if the key is intended for signing as well as encryption.

Returns:

This builder.

keyOperations

public OctetSequenceKey.Builder keyOperations(Set<KeyOperation> ops)

Sets the operations (key_ops) of the JWK (for a non-public key).

Parameters:

ops - The key operations, null if not specified.

Returns:

This builder.

algorithm

public OctetSequenceKey.Builder algorithm(Algorithm alg)

Sets the intended JOSE algorithm (alg) for the JWK.

Parameters:

alg - The intended JOSE algorithm, null if not specified.

Returns:

This builder.

keyID

public OctetSequenceKey.Builder keyID(String kid)

Sets the ID (kid) of the JWK. The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.

Parameters:

kid - The key ID, null if not specified.

Returns:

This builder.

keyIDFromThumbprint

public OctetSequenceKey.Builder keyIDFromThumbprint()
                                             throws JOSEException

Sets the ID (kid) of the JWK to its SHA-256 JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.

Returns:

This builder.

Throws:

JOSEException - If the SHA-256 hash algorithm is not supported.

keyIDFromThumbprint

public OctetSequenceKey.Builder keyIDFromThumbprint(String hashAlg)
                                             throws JOSEException

Sets the ID (kid) of the JWK to its JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.

Parameters:

hashAlg - The hash algorithm for the JWK thumbprint computation. Must not be null.

Returns:

This builder.

Throws:

JOSEException - If the hash algorithm is not supported.

x509CertURL

public OctetSequenceKey.Builder x509CertURL(URI x5u)

Sets the X.509 certificate URL (x5u) of the JWK.

Parameters:

x5u - The X.509 certificate URL, null if not specified.

Returns:

This builder.

x509CertThumbprint

@Deprecated
public OctetSequenceKey.Builder x509CertThumbprint(Base64URL x5t)

Deprecated.

Sets the X.509 certificate SHA-1 thumbprint (x5t) of the JWK.

Parameters:

x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.

Returns:

This builder.

x509CertSHA256Thumbprint

public OctetSequenceKey.Builder x509CertSHA256Thumbprint(Base64URL x5t256)

Sets the X.509 certificate SHA-256 thumbprint (x5t#S256) of the JWK.

Parameters:

x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.

Returns:

This builder.

x509CertChain

public OctetSequenceKey.Builder x509CertChain(List<Base64> x5c)

Sets the X.509 certificate chain (x5c) of the JWK.

Parameters:

x5c - The X.509 certificate chain as a unmodifiable list, null if not specified.

Returns:

This builder.

expirationTime

public OctetSequenceKey.Builder expirationTime(Date exp)

Sets the expiration time (exp) of the JWK.

Parameters:

exp - The expiration time, null if not specified.

Returns:

This builder.

notBeforeTime

public OctetSequenceKey.Builder notBeforeTime(Date nbf)

Sets the not-before time (nbf) of the JWK.

Parameters:

nbf - The not-before time, null if not specified.

Returns:

This builder.

issueTime

public OctetSequenceKey.Builder issueTime(Date iat)

Sets the issued-at time (iat) of the JWK.

Parameters:

iat - The issued-at time, null if not specified.

Returns:

This builder.

keyRevocation

public OctetSequenceKey.Builder keyRevocation(KeyRevocation revocation)

Sets the revocation (revoked) of the JWK.

Parameters:

revocation - The key revocation, null if not specified.

Returns:

This builder.

keyStore

public OctetSequenceKey.Builder keyStore(KeyStore keyStore)

Sets the underlying key store.

Parameters:

keyStore - Reference to the underlying key store, null if none.

Returns:

This builder.

build

public OctetSequenceKey build()

Builds a new octet sequence JWK.

Returns:

The octet sequence JWK.

Throws:

IllegalStateException - If the JWK parameters were inconsistently specified.