Package com.nimbusds.jose.jwk

Class ECKey.Builder

  • Enclosing class:
    ECKey
    public static class ECKey.Builder
extends Object
    Builder for constructing Elliptic Curve JWKs.

    Example usage: 

     ECKey key = new ECKey.Builder(Curve.P521, x, y)
     .d(d)
     .algorithm(JWSAlgorithm.ES512)
     .keyID("1")
     .build();

    • Constructor Detail

      • Builder

        public Builder​(Curve crv,
               Base64URL x,
               Base64URL y)
        Creates a new Elliptic Curve JWK builder.
        Parameters:
        crv - The cryptographic curve. Must not be null.
        x - The public 'x' coordinate for the elliptic curve point. It is represented as the Base64URL encoding of the coordinate's big endian representation. Must not be null.
        y - The public 'y' coordinate for the elliptic curve point. It is represented as the Base64URL encoding of the coordinate's big endian representation. Must not be null.

      • Builder

        public Builder​(Curve crv,
               ECPublicKey pub)
        Creates a new Elliptic Curve JWK builder.
        Parameters:
        crv - The cryptographic curve. Must not be null.
        pub - The public EC key to represent. Must not be null.

      • Builder

        public Builder​(ECKey ecJWK)
        Creates a new Elliptic Curve JWK builder.
        Parameters:
        ecJWK - The EC JWK to start with. Must not be null.

    • Method Detail

      • d

        public ECKey.Builder d​(Base64URL d)
        Sets the private 'd' coordinate for the elliptic curve point. The alternative method is privateKey(java.security.interfaces.ECPrivateKey).
        Parameters:
        d - The private 'd' coordinate. It is represented as the Base64URL encoding of the coordinate's big endian representation. null if not specified (for a public key).
        Returns:
        This builder.

      • privateKey

        public ECKey.Builder privateKey​(ECPrivateKey priv)
        Sets the private Elliptic Curve key. The alternative method is d.
        Parameters:
        priv - The private EC key, used to obtain the private 'd' coordinate for the elliptic curve point. null if not specified (for a public key).
        Returns:
        This builder.

      • privateKey

        public ECKey.Builder privateKey​(PrivateKey priv)
        Sets the private EC key, typically for a key located in a PKCS#11 store that doesn't expose the private key parameters (such as a smart card or HSM).
        Parameters:
        priv - The private EC key reference. Its algorithm must be "EC". Must not be null.
        Returns:
        This builder.

      • keyUse

        public ECKey.Builder keyUse​(KeyUse use)
        Sets the use (use) of the JWK.
        Parameters:
        use - The key use, null if not specified or if the key is intended for signing as well as encryption.
        Returns:
        This builder.

      • keyOperations

        public ECKey.Builder keyOperations​(Set<KeyOperation> ops)
        Sets the operations (key_ops) of the JWK.
        Parameters:
        ops - The key operations, null if not specified.
        Returns:
        This builder.

      • algorithm

        public ECKey.Builder algorithm​(Algorithm alg)
        Sets the intended JOSE algorithm (alg) for the JWK.
        Parameters:
        alg - The intended JOSE algorithm, null if not specified.
        Returns:
        This builder.

      • keyID

        public ECKey.Builder keyID​(String kid)
        Sets the ID (kid) of the JWK. The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
        Parameters:
        kid - The key ID, null if not specified.
        Returns:
        This builder.

      • keyIDFromThumbprint

        public ECKey.Builder keyIDFromThumbprint()
                                  throws JOSEException
        Sets the ID (kid) of the JWK to its SHA-256 JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
        Returns:
        This builder.
        Throws:
        JOSEException - If the SHA-256 hash algorithm is not supported.

      • keyIDFromThumbprint

        public ECKey.Builder keyIDFromThumbprint​(String hashAlg)
                                  throws JOSEException
        Sets the ID (kid) of the JWK to its JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
        Parameters:
        hashAlg - The hash algorithm for the JWK thumbprint computation. Must not be null.
        Returns:
        This builder.
        Throws:
        JOSEException - If the hash algorithm is not supported.

      • x509CertURL

        public ECKey.Builder x509CertURL​(URI x5u)
        Sets the X.509 certificate URL (x5u) of the JWK.
        Parameters:
        x5u - The X.509 certificate URL, null if not specified.
        Returns:
        This builder.

      • x509CertThumbprint

        @Deprecated
public ECKey.Builder x509CertThumbprint​(Base64URL x5t)
        Deprecated.
        Sets the X.509 certificate SHA-1 thumbprint (x5t) of the JWK.
        Parameters:
        x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
        Returns:
        This builder.

      • x509CertSHA256Thumbprint

        public ECKey.Builder x509CertSHA256Thumbprint​(Base64URL x5t256)
        Sets the X.509 certificate SHA-256 thumbprint (x5t#S256) of the JWK.
        Parameters:
        x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
        Returns:
        This builder.

      • x509CertChain

        public ECKey.Builder x509CertChain​(List<Base64> x5c)
        Sets the X.509 certificate chain (x5c) of the JWK.
        Parameters:
        x5c - The X.509 certificate chain as a unmodifiable list, null if not specified.
        Returns:
        This builder.

      • expirationTime

        public ECKey.Builder expirationTime​(Date exp)
        Sets the expiration time (exp) of the JWK.
        Parameters:
        exp - The expiration time, null if not specified.
        Returns:
        This builder.

      • notBeforeTime

        public ECKey.Builder notBeforeTime​(Date nbf)
        Sets the not-before time (nbf) of the JWK.
        Parameters:
        nbf - The not-before time, null if not specified.
        Returns:
        This builder.

      • issueTime

        public ECKey.Builder issueTime​(Date iat)
        Sets the issued-at time (iat) of the JWK.
        Parameters:
        iat - The issued-at time, null if not specified.
        Returns:
        This builder.

      • keyStore

        public ECKey.Builder keyStore​(KeyStore keyStore)
        Sets the underlying key store.
        Parameters:
        keyStore - Reference to the underlying key store, null if none.
        Returns:
        This builder.

      • build

        public ECKey build()
        Builds a new Elliptic Curve JWK.
        Returns:
        The Elliptic Curve JWK.
        Throws:
        IllegalStateException - If the JWK parameters were inconsistently specified.