Source code

001/*
002 * nimbus-jose-jwt
003 *
004 * Copyright 2012-2016, Connect2id Ltd and contributors.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.jose.jwk.gen;
019
020
021import java.security.KeyStore;
022import java.util.Set;
023
024import com.nimbusds.jose.Algorithm;
025import com.nimbusds.jose.JOSEException;
026import com.nimbusds.jose.jwk.JWK;
027import com.nimbusds.jose.jwk.JWKSet;
028import com.nimbusds.jose.jwk.KeyOperation;
029import com.nimbusds.jose.jwk.KeyUse;
030
031
032/**
033 * Abstract JWK generator.
034 *
035 * @author Vladimir Dzhuvinov
036 * @version 2018-09-07
037 */
038public abstract class JWKGenerator<T extends JWK> {
039        
040        
041        /**
042         * The key use, optional.
043         */
044        protected KeyUse use;
045        
046        
047        /**
048         * The key operations, optional.
049         */
050        protected Set<KeyOperation> ops;
051        
052        
053        /**
054         * The intended JOSE algorithm for the key, optional.
055         */
056        protected Algorithm alg;
057        
058        
059        /**
060         * The key ID, optional.
061         */
062        protected String kid;
063        
064        
065        /**
066         * If {@code true} sets the ID of the JWK to the SHA-256 thumbprint of
067         * the JWK.
068         */
069        protected boolean x5tKid;
070        
071        
072        /**
073         * Reference to the underlying key store, {@code null} if none.
074         */
075        protected KeyStore keyStore;
076        
077        
078        /**
079         * Sets the use ({@code use}) of the JWK.
080         *
081         * @param use The key use, {@code null} if not specified or if 
082         *            the key is intended for signing as well as 
083         *            encryption.
084         *
085         * @return This generator.
086         */
087        public JWKGenerator<T> keyUse(final KeyUse use) {
088                
089                this.use = use;
090                return this;
091        }
092        
093        
094        /**
095         * Sets the operations ({@code key_ops}) of the JWK.
096         *
097         * @param ops The key operations, {@code null} if not
098         *            specified.
099         *
100         * @return This generator.
101         */
102        public JWKGenerator<T> keyOperations(final Set<KeyOperation> ops) {
103                
104                this.ops = ops;
105                return this;
106        }
107        
108        
109        /**
110         * Sets the intended JOSE algorithm ({@code alg}) for the JWK.
111         *
112         * @param alg The intended JOSE algorithm, {@code null} if not 
113         *            specified.
114         *
115         * @return This generator.
116         */
117        public JWKGenerator<T> algorithm(final Algorithm alg) {
118                
119                this.alg = alg;
120                return this;
121        }
122        
123        /**
124         * Sets the ID ({@code kid}) of the JWK. The key ID can be used 
125         * to match a specific key. This can be used, for instance, to 
126         * choose a key within a {@link JWKSet} during key rollover. 
127         * The key ID may also correspond to a JWS/JWE {@code kid}
128         * header parameter value.
129         *
130         * @param kid The key ID, {@code null} if not specified.
131         *
132         * @return This generator.
133         */
134        public JWKGenerator<T> keyID(final String kid) {
135                
136                this.kid = kid;
137                return this;
138        }
139        
140        
141        /**
142         * Sets the ID ({@code kid}) of the JWK to its SHA-256 JWK
143         * thumbprint (RFC 7638). The key ID can be used to match a
144         * specific key. This can be used, for instance, to choose a
145         * key within a {@link JWKSet} during key rollover. The key ID
146         * may also correspond to a JWS/JWE {@code kid} header
147         * parameter value.
148         *
149         * @param x5tKid If {@code true} sets the ID of the JWK to the SHA-256
150         *               JWK thumbprint.
151         *
152         * @return This generator.
153         */
154        public JWKGenerator<T> keyIDFromThumbprint(final boolean x5tKid) {
155                
156                this.x5tKid = x5tKid;
157                return this;
158        }
159        
160        
161        /**
162         * Sets the underlying key store.
163         *
164         * @param keyStore Reference to the underlying key store,
165         *                 {@code null} if none.
166         *
167         * @return This generator.
168         */
169        public JWKGenerator<T> keyStore(final KeyStore keyStore) {
170                
171                this.keyStore = keyStore;
172                return this;
173        }
174        
175        
176        /**
177         * Generates the JWK according to the set parameters.
178         *
179         * @return The generated JWK.
180         *
181         * @throws JOSEException If the key generation failed.
182         */
183        public abstract T generate() throws JOSEException;
184}