public static class ECKey.Builder extends Object
Example usage:
ECKey key = new ECKey.Builder(Curve.P521, x, y). d(d). algorithm(JWSAlgorithm.ES512). keyID("789"). build();
Constructor and Description |
---|
Builder(ECKey.Curve crv,
Base64URL x,
Base64URL y)
Creates a new Elliptic Curve JWK builder.
|
Builder(ECKey.Curve crv,
ECPublicKey pub)
Creates a new Elliptic Curve JWK builder.
|
Builder(ECKey ecJWK)
Creates a new Elliptic Curve JWK builder.
|
Modifier and Type | Method and Description |
---|---|
ECKey.Builder |
algorithm(Algorithm alg)
Sets the intended JOSE algorithm (
alg ) for the JWK. |
ECKey |
build()
Builds a new octet sequence JWK.
|
ECKey.Builder |
d(Base64URL d)
Sets the private 'd' coordinate for the elliptic curve
point.
|
ECKey.Builder |
keyID(String kid)
Sets the ID (
kid ) of the JWK. |
ECKey.Builder |
keyIDFromThumbprint()
Sets the ID (
kid ) of the JWK to its SHA-256 JWK
thumbprint (RFC 7638). |
ECKey.Builder |
keyIDFromThumbprint(String hashAlg)
Sets the ID (
kid ) of the JWK to its JWK thumbprint
(RFC 7638). |
ECKey.Builder |
keyOperations(Set<KeyOperation> ops)
Sets the operations (
key_ops ) of the JWK. |
ECKey.Builder |
keyStore(KeyStore keyStore)
Sets the underlying key store.
|
ECKey.Builder |
keyUse(KeyUse use)
Sets the use (
use ) of the JWK. |
ECKey.Builder |
privateKey(ECPrivateKey priv)
Sets the private Elliptic Curve key.
|
ECKey.Builder |
privateKey(PrivateKey priv)
Sets the private EC key, typically for a key located in a
PKCS#11 store that doesn't expose the private key parameters
(such as a smart card or HSM).
|
ECKey.Builder |
x509CertChain(List<Base64> x5c)
Sets the X.509 certificate chain (
x5c ) of the JWK. |
ECKey.Builder |
x509CertSHA256Thumbprint(Base64URL x5t256)
Sets the X.509 certificate SHA-256 thumbprint
(
x5t#S256 ) of the JWK. |
ECKey.Builder |
x509CertThumbprint(Base64URL x5t)
Deprecated.
|
ECKey.Builder |
x509CertURL(URI x5u)
Sets the X.509 certificate URL (
x5u ) of the JWK. |
public Builder(ECKey.Curve crv, Base64URL x, Base64URL y)
crv
- The cryptographic curve. Must not be
null
.x
- The public 'x' coordinate for the elliptic curve
point. It is represented as the Base64URL
encoding of the coordinate's big endian
representation. Must not be null
.y
- The public 'y' coordinate for the elliptic curve
point. It is represented as the Base64URL
encoding of the coordinate's big endian
representation. Must not be null
.public Builder(ECKey.Curve crv, ECPublicKey pub)
crv
- The cryptographic curve. Must not be
null
.pub
- The public EC key to represent. Must not be
null
.public ECKey.Builder d(Base64URL d)
privateKey(java.security.interfaces.ECPrivateKey)
.d
- The 'd' coordinate. It is represented as the
Base64URL encoding of the coordinate's big endian
representation. null
if not specified (for
a public key).public ECKey.Builder privateKey(ECPrivateKey priv)
d
.priv
- The private EC key, used to obtain the private
'd' coordinate for the elliptic curve point.
null
if not specified (for a public
key).public ECKey.Builder privateKey(PrivateKey priv)
priv
- The private EC key reference. Its algorithm must
be "EC". Must not be null
.public ECKey.Builder keyUse(KeyUse use)
use
) of the JWK.use
- The key use, null
if not specified or if
the key is intended for signing as well as
encryption.public ECKey.Builder keyOperations(Set<KeyOperation> ops)
key_ops
) of the JWK.ops
- The key operations, null
if not
specified.public ECKey.Builder algorithm(Algorithm alg)
alg
) for the JWK.alg
- The intended JOSE algorithm, null
if not
specified.public ECKey.Builder keyID(String kid)
kid
) of the JWK. The key ID can be used
to match a specific key. This can be used, for instance, to
choose a key within a JWKSet
during key rollover.
The key ID may also correspond to a JWS/JWE kid
header parameter value.kid
- The key ID, null
if not specified.public ECKey.Builder keyIDFromThumbprint() throws JOSEException
kid
) of the JWK to its SHA-256 JWK
thumbprint (RFC 7638). The key ID can be used to match a
specific key. This can be used, for instance, to choose a
key within a JWKSet
during key rollover. The key ID
may also correspond to a JWS/JWE kid
header
parameter value.JOSEException
- If the SHA-256 hash algorithm is not
supported.public ECKey.Builder keyIDFromThumbprint(String hashAlg) throws JOSEException
kid
) of the JWK to its JWK thumbprint
(RFC 7638). The key ID can be used to match a specific key.
This can be used, for instance, to choose a key within a
JWKSet
during key rollover. The key ID may also
correspond to a JWS/JWE kid
header parameter value.hashAlg
- The hash algorithm for the JWK thumbprint
computation. Must not be null
.JOSEException
- If the hash algorithm is not
supported.public ECKey.Builder x509CertURL(URI x5u)
x5u
) of the JWK.x5u
- The X.509 certificate URL, null
if not
specified.@Deprecated public ECKey.Builder x509CertThumbprint(Base64URL x5t)
x5t
) of
the JWK.x5t
- The X.509 certificate SHA-1 thumbprint,
null
if not specified.public ECKey.Builder x509CertSHA256Thumbprint(Base64URL x5t256)
x5t#S256
) of the JWK.x5t256
- The X.509 certificate SHA-256 thumbprint,
null
if not specified.public ECKey.Builder x509CertChain(List<Base64> x5c)
x5c
) of the JWK.x5c
- The X.509 certificate chain as a unmodifiable
list, null
if not specified.public ECKey.Builder keyStore(KeyStore keyStore)
keyStore
- Reference to the underlying key store,
null
if none.public ECKey build()
IllegalStateException
- If the JWK parameters were
inconsistently specified.Copyright © 2017 Connect2id Ltd.. All rights reserved.