Package com.nimbusds.jose.jwk

Class OctetKeyPair.Builder

java.lang.Object
com.nimbusds.jose.jwk.OctetKeyPair.Builder
Enclosing class:
OctetKeyPair
public static class OctetKeyPair.Builder extends Object
Builder for constructing Octet Key Pair JWKs.

Example usage: 

 OctetKeyPair key = new OctetKeyPair.Builder(Curve.Ed25519, x)
     .d(d)
     .algorithm(JWSAlgorithm.EdDSA)
     .keyID("1")
     .build();

  • Constructor Details

    • Builder

      public Builder(Curve crv, Base64URL x)
      Creates a new Octet Key Pair JWK builder.
      Parameters:
      crv - The cryptographic curve. Must not be null.
      x - The public 'x' parameter. Must not be null.

    • Builder

      public Builder(OctetKeyPair okpJWK)
      Creates a new Octet Key Pair JWK builder.
      Parameters:
      okpJWK - The Octet Key Pair to start with. Must not be null.

  • Method Details

    • d

      public OctetKeyPair.Builder d(Base64URL d)
      Sets the private 'd' parameter.
      Parameters:
      d - The private 'd' parameter, null if not specified (for a public key).
      Returns:
      This builder.

    • keyUse

      public OctetKeyPair.Builder keyUse(KeyUse use)
      Sets the use (use) of the JWK.
      Parameters:
      use - The key use, null if not specified or if the key is intended for signing as well as encryption.
      Returns:
      This builder.

    • keyOperations

      public OctetKeyPair.Builder keyOperations(Set<KeyOperation> ops)
      Sets the operations (key_ops) of the JWK.
      Parameters:
      ops - The key operations, null if not specified.
      Returns:
      This builder.

    • algorithm

      public OctetKeyPair.Builder algorithm(Algorithm alg)
      Sets the intended JOSE algorithm (alg) for the JWK.
      Parameters:
      alg - The intended JOSE algorithm, null if not specified.
      Returns:
      This builder.

    • keyID

      public OctetKeyPair.Builder keyID(String kid)
      Sets the ID (kid) of the JWK. The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
      Parameters:
      kid - The key ID, null if not specified.
      Returns:
      This builder.

    • keyIDFromThumbprint

      public OctetKeyPair.Builder keyIDFromThumbprint() throws JOSEException
      Sets the ID (kid) of the JWK to its SHA-256 JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
      Returns:
      This builder.
      Throws:
      JOSEException - If the SHA-256 hash algorithm is not supported.

    • keyIDFromThumbprint

      public OctetKeyPair.Builder keyIDFromThumbprint(String hashAlg) throws JOSEException
      Sets the ID (kid) of the JWK to its JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
      Parameters:
      hashAlg - The hash algorithm for the JWK thumbprint computation. Must not be null.
      Returns:
      This builder.
      Throws:
      JOSEException - If the hash algorithm is not supported.

    • x509CertURL

      public OctetKeyPair.Builder x509CertURL(URI x5u)
      Sets the X.509 certificate URL (x5u) of the JWK.
      Parameters:
      x5u - The X.509 certificate URL, null if not specified.
      Returns:
      This builder.

    • x509CertThumbprint

      @Deprecated public OctetKeyPair.Builder x509CertThumbprint(Base64URL x5t)
      Deprecated.
      Sets the X.509 certificate SHA-1 thumbprint (x5t) of the JWK.
      Parameters:
      x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
      Returns:
      This builder.

    • x509CertSHA256Thumbprint

      public OctetKeyPair.Builder x509CertSHA256Thumbprint(Base64URL x5t256)
      Sets the X.509 certificate SHA-256 thumbprint (x5t#S256) of the JWK.
      Parameters:
      x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
      Returns:
      This builder.

    • x509CertChain

      public OctetKeyPair.Builder x509CertChain(List<Base64> x5c)
      Sets the X.509 certificate chain (x5c) of the JWK.
      Parameters:
      x5c - The X.509 certificate chain as a unmodifiable list, null if not specified.
      Returns:
      This builder.

    • expirationTime

      public OctetKeyPair.Builder expirationTime(Date exp)
      Sets the expiration time (exp) of the JWK.
      Parameters:
      exp - The expiration time, null if not specified.
      Returns:
      This builder.

    • notBeforeTime

      public OctetKeyPair.Builder notBeforeTime(Date nbf)
      Sets the not-before time (nbf) of the JWK.
      Parameters:
      nbf - The not-before time, null if not specified.
      Returns:
      This builder.

    • issueTime

      public OctetKeyPair.Builder issueTime(Date iat)
      Sets the issued-at time (iat) of the JWK.
      Parameters:
      iat - The issued-at time, null if not specified.
      Returns:
      This builder.

    • keyRevocation

      public OctetKeyPair.Builder keyRevocation(KeyRevocation revocation)
      Sets the revocation (revoked) of the JWK.
      Parameters:
      revocation - The key revocation, null if not specified.
      Returns:
      This builder.

    • keyStore

      public OctetKeyPair.Builder keyStore(KeyStore keyStore)
      Sets the underlying key store.
      Parameters:
      keyStore - Reference to the underlying key store, null if none.
      Returns:
      This builder.

    • build

      public OctetKeyPair build()
      Builds a new Octet Key Pair JWK.
      Returns:
      The Octet Key Pair JWK.
      Throws:
      IllegalStateException - If the JWK parameters were inconsistently specified.