Package com.nimbusds.jose.jwk
Class RSAKey.Builder
- java.lang.Object
-
- com.nimbusds.jose.jwk.RSAKey.Builder
-
- Enclosing class:
- RSAKey
public static class RSAKey.Builder extends Object
Builder for constructing RSA JWKs.Example usage:
RSAKey key = new RSAKey.Builder(n, e). privateExponent(d). algorithm(JWSAlgorithm.RS512). keyID("456"). build();
-
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description RSAKey.Builder
algorithm(Algorithm alg)
Sets the intended JOSE algorithm (alg
) for the JWK.RSAKey
build()
Builds a new RSA JWK.RSAKey.Builder
expirationTime(Date exp)
Sets the expiration time (exp
) of the JWK.RSAKey.Builder
firstCRTCoefficient(Base64URL qi)
Sets the first Chinese Remainder Theorem (CRT) coefficient (qi
) of the private RSA key.RSAKey.Builder
firstFactorCRTExponent(Base64URL dp)
Sets the first factor Chinese Remainder Theorem (CRT) exponent (dp
) of the private RSA key.RSAKey.Builder
firstPrimeFactor(Base64URL p)
Sets the first prime factor (p
) of the private RSA key.RSAKey.Builder
issueTime(Date iat)
Sets the issued-at time (iat
) of the JWK.RSAKey.Builder
keyID(String kid)
Sets the ID (kid
) of the JWK.RSAKey.Builder
keyIDFromThumbprint()
Sets the ID (kid
) of the JWK to its SHA-256 JWK thumbprint (RFC 7638).RSAKey.Builder
keyIDFromThumbprint(String hashAlg)
Sets the ID (kid
) of the JWK to its JWK thumbprint (RFC 7638).RSAKey.Builder
keyOperations(Set<KeyOperation> ops)
Sets the operations (key_ops
) of the JWK (for a non-public key).RSAKey.Builder
keyStore(KeyStore keyStore)
Sets the underlying key store.RSAKey.Builder
keyUse(KeyUse use)
Sets the use (use
) of the JWK.RSAKey.Builder
notBeforeTime(Date nbf)
Sets the not-before time (nbf
) of the JWK.RSAKey.Builder
otherPrimes(List<RSAKey.OtherPrimesInfo> oth)
Sets the other primes information (oth
) for the private RSA key, should they exist.RSAKey.Builder
privateExponent(Base64URL d)
Sets the private exponent (d
) of the RSA key.RSAKey.Builder
privateKey(RSAMultiPrimePrivateCrtKey priv)
Sets the private RSA key, using the second representation, with optional other primes info (see RFC 3447, section 3.2).RSAKey.Builder
privateKey(RSAPrivateCrtKey priv)
Sets the private RSA key, using the second representation (see RFC 3447, section 3.2).RSAKey.Builder
privateKey(RSAPrivateKey priv)
Sets the private RSA key, using the first representation.RSAKey.Builder
privateKey(PrivateKey priv)
Sets the private RSA key, typically for a key located in a PKCS#11 store that doesn't expose the private key parameters (such as a smart card or HSM).RSAKey.Builder
secondFactorCRTExponent(Base64URL dq)
Sets the second factor Chinese Remainder Theorem (CRT) exponent (dq
) of the private RSA key.RSAKey.Builder
secondPrimeFactor(Base64URL q)
Sets the second prime factor (q
) of the private RSA key.RSAKey.Builder
x509CertChain(List<Base64> x5c)
Sets the X.509 certificate chain (x5c
) of the JWK.RSAKey.Builder
x509CertSHA256Thumbprint(Base64URL x5t256)
Sets the X.509 certificate SHA-256 thumbprint (x5t#S256
) of the JWK.RSAKey.Builder
x509CertThumbprint(Base64URL x5t)
Deprecated.RSAKey.Builder
x509CertURL(URI x5u)
Sets the X.509 certificate URL (x5u
) of the JWK.
-
-
-
Constructor Detail
-
Builder
public Builder(Base64URL n, Base64URL e)
Creates a new RSA JWK builder.- Parameters:
n
- The the modulus value for the public RSA key. It is represented as the Base64URL encoding of value's big endian representation. Must not benull
.e
- The exponent value for the public RSA key. It is represented as the Base64URL encoding of value's big endian representation. Must not benull
.
-
Builder
public Builder(RSAPublicKey pub)
Creates a new RSA JWK builder.- Parameters:
pub
- The public RSA key to represent. Must not benull
.
-
-
Method Detail
-
privateExponent
public RSAKey.Builder privateExponent(Base64URL d)
Sets the private exponent (d
) of the RSA key.- Parameters:
d
- The private RSA key exponent. It is represented as the Base64URL encoding of the value's big endian representation.null
if not specified (for a public key or a private key using the second representation only).- Returns:
- This builder.
-
privateKey
public RSAKey.Builder privateKey(RSAPrivateKey priv)
Sets the private RSA key, using the first representation.- Parameters:
priv
- The private RSA key, used to obtain the private exponent (d
). Must not benull
.- Returns:
- This builder.
-
privateKey
public RSAKey.Builder privateKey(PrivateKey priv)
Sets the private RSA key, typically for a key located in a PKCS#11 store that doesn't expose the private key parameters (such as a smart card or HSM).- Parameters:
priv
- The private RSA key reference. Its algorithm must be "RSA". Must not benull
.- Returns:
- This builder.
-
firstPrimeFactor
public RSAKey.Builder firstPrimeFactor(Base64URL p)
Sets the first prime factor (p
) of the private RSA key.- Parameters:
p
- The RSA first prime factor. It is represented as the Base64URL encoding of the value's big endian representation.null
if not specified (for a public key or a private key using the first representation only).- Returns:
- This builder.
-
secondPrimeFactor
public RSAKey.Builder secondPrimeFactor(Base64URL q)
Sets the second prime factor (q
) of the private RSA key.- Parameters:
q
- The RSA second prime factor. It is represented as the Base64URL encoding of the value's big endian representation.null
if not specified (for a public key or a private key using the first representation only).- Returns:
- This builder.
-
firstFactorCRTExponent
public RSAKey.Builder firstFactorCRTExponent(Base64URL dp)
Sets the first factor Chinese Remainder Theorem (CRT) exponent (dp
) of the private RSA key.- Parameters:
dp
- The RSA first factor CRT exponent. It is represented as the Base64URL encoding of the value's big endian representation.null
if not specified (for a public key or a private key using the first representation only).- Returns:
- This builder.
-
secondFactorCRTExponent
public RSAKey.Builder secondFactorCRTExponent(Base64URL dq)
Sets the second factor Chinese Remainder Theorem (CRT) exponent (dq
) of the private RSA key.- Parameters:
dq
- The RSA second factor CRT exponent. It is represented as the Base64URL encoding of the value's big endian representation.null
if not specified (for a public key or a private key using the first representation only).- Returns:
- This builder.
-
firstCRTCoefficient
public RSAKey.Builder firstCRTCoefficient(Base64URL qi)
Sets the first Chinese Remainder Theorem (CRT) coefficient (qi
) of the private RSA key.- Parameters:
qi
- The RSA first CRT coefficient. It is represented as the Base64URL encoding of the value's big endian representation.null
if not specified (for a public key or a private key using the first representation only).- Returns:
- This builder.
-
otherPrimes
public RSAKey.Builder otherPrimes(List<RSAKey.OtherPrimesInfo> oth)
Sets the other primes information (oth
) for the private RSA key, should they exist.- Parameters:
oth
- The RSA other primes information,null
or empty list if not specified.- Returns:
- This builder.
-
privateKey
public RSAKey.Builder privateKey(RSAPrivateCrtKey priv)
Sets the private RSA key, using the second representation (see RFC 3447, section 3.2).- Parameters:
priv
- The private RSA key, used to obtain the private exponent (d
), the first prime factor (p
), the second prime factor (q
), the first factor CRT exponent (dp
), the second factor CRT exponent (dq
) and the first CRT coefficient (qi
). Must not benull
.- Returns:
- This builder.
-
privateKey
public RSAKey.Builder privateKey(RSAMultiPrimePrivateCrtKey priv)
Sets the private RSA key, using the second representation, with optional other primes info (see RFC 3447, section 3.2).- Parameters:
priv
- The private RSA key, used to obtain the private exponent (d
), the first prime factor (p
), the second prime factor (q
), the first factor CRT exponent (dp
), the second factor CRT exponent (dq
), the first CRT coefficient (qi
) and the other primes info (oth
). Must not benull
.- Returns:
- This builder.
-
keyUse
public RSAKey.Builder keyUse(KeyUse use)
Sets the use (use
) of the JWK.- Parameters:
use
- The key use,null
if not specified or if the key is intended for signing as well as encryption.- Returns:
- This builder.
-
keyOperations
public RSAKey.Builder keyOperations(Set<KeyOperation> ops)
Sets the operations (key_ops
) of the JWK (for a non-public key).- Parameters:
ops
- The key operations,null
if not specified.- Returns:
- This builder.
-
algorithm
public RSAKey.Builder algorithm(Algorithm alg)
Sets the intended JOSE algorithm (alg
) for the JWK.- Parameters:
alg
- The intended JOSE algorithm,null
if not specified.- Returns:
- This builder.
-
keyID
public RSAKey.Builder keyID(String kid)
Sets the ID (kid
) of the JWK. The key ID can be used to match a specific key. This can be used, for instance, to choose a key within aJWKSet
during key rollover. The key ID may also correspond to a JWS/JWEkid
header parameter value.- Parameters:
kid
- The key ID,null
if not specified.- Returns:
- This builder.
-
keyIDFromThumbprint
public RSAKey.Builder keyIDFromThumbprint() throws JOSEException
Sets the ID (kid
) of the JWK to its SHA-256 JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within aJWKSet
during key rollover. The key ID may also correspond to a JWS/JWEkid
header parameter value.- Returns:
- This builder.
- Throws:
JOSEException
- If the SHA-256 hash algorithm is not supported.
-
keyIDFromThumbprint
public RSAKey.Builder keyIDFromThumbprint(String hashAlg) throws JOSEException
Sets the ID (kid
) of the JWK to its JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within aJWKSet
during key rollover. The key ID may also correspond to a JWS/JWEkid
header parameter value.- Parameters:
hashAlg
- The hash algorithm for the JWK thumbprint computation. Must not benull
.- Returns:
- This builder.
- Throws:
JOSEException
- If the hash algorithm is not supported.
-
x509CertURL
public RSAKey.Builder x509CertURL(URI x5u)
Sets the X.509 certificate URL (x5u
) of the JWK.- Parameters:
x5u
- The X.509 certificate URL,null
if not specified.- Returns:
- This builder.
-
x509CertThumbprint
@Deprecated public RSAKey.Builder x509CertThumbprint(Base64URL x5t)
Deprecated.Sets the X.509 certificate SHA-1 thumbprint (x5t
) of the JWK.- Parameters:
x5t
- The X.509 certificate SHA-1 thumbprint,null
if not specified.- Returns:
- This builder.
-
x509CertSHA256Thumbprint
public RSAKey.Builder x509CertSHA256Thumbprint(Base64URL x5t256)
Sets the X.509 certificate SHA-256 thumbprint (x5t#S256
) of the JWK.- Parameters:
x5t256
- The X.509 certificate SHA-256 thumbprint,null
if not specified.- Returns:
- This builder.
-
x509CertChain
public RSAKey.Builder x509CertChain(List<Base64> x5c)
Sets the X.509 certificate chain (x5c
) of the JWK.- Parameters:
x5c
- The X.509 certificate chain as a unmodifiable list,null
if not specified.- Returns:
- This builder.
-
expirationTime
public RSAKey.Builder expirationTime(Date exp)
Sets the expiration time (exp
) of the JWK.- Parameters:
exp
- The expiration time,null
if not specified.- Returns:
- This builder.
-
notBeforeTime
public RSAKey.Builder notBeforeTime(Date nbf)
Sets the not-before time (nbf
) of the JWK.- Parameters:
nbf
- The not-before time,null
if not specified.- Returns:
- This builder.
-
issueTime
public RSAKey.Builder issueTime(Date iat)
Sets the issued-at time (iat
) of the JWK.- Parameters:
iat
- The issued-at time,null
if not specified.- Returns:
- This builder.
-
keyStore
public RSAKey.Builder keyStore(KeyStore keyStore)
Sets the underlying key store.- Parameters:
keyStore
- Reference to the underlying key store,null
if none.- Returns:
- This builder.
-
build
public RSAKey build()
Builds a new RSA JWK.- Returns:
- The RSA JWK.
- Throws:
IllegalStateException
- If the JWK parameters were inconsistently specified.
-
-