Package com.nimbusds.jose.jwk

Class OctetKeyPair.Builder

  • Enclosing class:
    OctetKeyPair
    public static class OctetKeyPair.Builder
extends Object
    Builder for constructing Octet Key Pair JWKs.

    Example usage: 

     OctetKeyPair key = new OctetKeyPair.Builder(Curve.Ed25519, x)
     .d(d)
     .algorithm(JWSAlgorithm.EdDSA)
     .keyID("1")
     .build();

    • Constructor Detail

      • Builder

        public Builder​(Curve crv,
               Base64URL x)
        Creates a new Octet Key Pair JWK builder.
        Parameters:
        crv - The cryptographic curve. Must not be null.
        x - The public 'x' parameter. Must not be null.

      • Builder

        public Builder​(OctetKeyPair okpJWK)
        Creates a new Octet Key Pair JWK builder.
        Parameters:
        okpJWK - The Octet Key Pair to start with. Must not be null.

    • Method Detail

      • d

        public OctetKeyPair.Builder d​(Base64URL d)
        Sets the private 'd' parameter.
        Parameters:
        d - The private 'd' parameter, null if not specified (for a public key).
        Returns:
        This builder.

      • keyUse

        public OctetKeyPair.Builder keyUse​(KeyUse use)
        Sets the use (use) of the JWK.
        Parameters:
        use - The key use, null if not specified or if the key is intended for signing as well as encryption.
        Returns:
        This builder.

      • algorithm

        public OctetKeyPair.Builder algorithm​(Algorithm alg)
        Sets the intended JOSE algorithm (alg) for the JWK.
        Parameters:
        alg - The intended JOSE algorithm, null if not specified.
        Returns:
        This builder.

      • keyID

        public OctetKeyPair.Builder keyID​(String kid)
        Sets the ID (kid) of the JWK. The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
        Parameters:
        kid - The key ID, null if not specified.
        Returns:
        This builder.

      • keyIDFromThumbprint

        public OctetKeyPair.Builder keyIDFromThumbprint()
                                         throws JOSEException
        Sets the ID (kid) of the JWK to its SHA-256 JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
        Returns:
        This builder.
        Throws:
        JOSEException - If the SHA-256 hash algorithm is not supported.

      • keyIDFromThumbprint

        public OctetKeyPair.Builder keyIDFromThumbprint​(String hashAlg)
                                         throws JOSEException
        Sets the ID (kid) of the JWK to its JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
        Parameters:
        hashAlg - The hash algorithm for the JWK thumbprint computation. Must not be null.
        Returns:
        This builder.
        Throws:
        JOSEException - If the hash algorithm is not supported.

      • x509CertURL

        public OctetKeyPair.Builder x509CertURL​(URI x5u)
        Sets the X.509 certificate URL (x5u) of the JWK.
        Parameters:
        x5u - The X.509 certificate URL, null if not specified.
        Returns:
        This builder.

      • x509CertSHA256Thumbprint

        public OctetKeyPair.Builder x509CertSHA256Thumbprint​(Base64URL x5t256)
        Sets the X.509 certificate SHA-256 thumbprint (x5t#S256) of the JWK.
        Parameters:
        x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
        Returns:
        This builder.

      • x509CertChain

        public OctetKeyPair.Builder x509CertChain​(List<Base64> x5c)
        Sets the X.509 certificate chain (x5c) of the JWK.
        Parameters:
        x5c - The X.509 certificate chain as a unmodifiable list, null if not specified.
        Returns:
        This builder.

      • expirationTime

        public OctetKeyPair.Builder expirationTime​(Date exp)
        Sets the expiration time (exp) of the JWK.
        Parameters:
        exp - The expiration time, null if not specified.
        Returns:
        This builder.

      • notBeforeTime

        public OctetKeyPair.Builder notBeforeTime​(Date nbf)
        Sets the not-before time (nbf) of the JWK.
        Parameters:
        nbf - The not-before time, null if not specified.
        Returns:
        This builder.

      • issueTime

        public OctetKeyPair.Builder issueTime​(Date iat)
        Sets the issued-at time (iat) of the JWK.
        Parameters:
        iat - The issued-at time, null if not specified.
        Returns:
        This builder.

      • keyStore

        public OctetKeyPair.Builder keyStore​(KeyStore keyStore)
        Sets the underlying key store.
        Parameters:
        keyStore - Reference to the underlying key store, null if none.
        Returns:
        This builder.