Package com.nimbusds.jose.jwk

Class OctetSequenceKey.Builder

  • Enclosing class:
    OctetSequenceKey
    public static class OctetSequenceKey.Builder
extends java.lang.Object
    Builder for constructing octet sequence JWKs.

    Example usage: 

     OctetSequenceKey key = new OctetSequenceKey.Builder(k)
     .algorithm(JWSAlgorithm.HS512)
     .keyID("123")
     .build();

    • Constructor Detail

      • Builder

        public Builder​(Base64URL k)
        Creates a new octet sequence JWK builder.
        Parameters:
        k - The key value. It is represented as the Base64URL encoding of value's big endian representation. Must not be null.

      • Builder

        public Builder​(byte[] key)
        Creates a new octet sequence JWK builder.
        Parameters:
        key - The key value. Must not be empty byte array or null.

      • Builder

        public Builder​(javax.crypto.SecretKey secretKey)
        Creates a new octet sequence JWK builder.
        Parameters:
        secretKey - The secret key to represent. Must not be null.

      • Builder

        public Builder​(OctetSequenceKey octJWK)
        Creates a new octet sequence JWK builder.
        Parameters:
        octJWK - The octet sequence JWK to start with. Must not be null.

    • Method Detail

      • keyUse

        public OctetSequenceKey.Builder keyUse​(KeyUse use)
        Sets the use (use) of the JWK.
        Parameters:
        use - The key use, null if not specified or if the key is intended for signing as well as encryption.
        Returns:
        This builder.

      • keyOperations

        public OctetSequenceKey.Builder keyOperations​(java.util.Set<KeyOperation> ops)
        Sets the operations (key_ops) of the JWK (for a non-public key).
        Parameters:
        ops - The key operations, null if not specified.
        Returns:
        This builder.

      • algorithm

        public OctetSequenceKey.Builder algorithm​(Algorithm alg)
        Sets the intended JOSE algorithm (alg) for the JWK.
        Parameters:
        alg - The intended JOSE algorithm, null if not specified.
        Returns:
        This builder.

      • keyID

        public OctetSequenceKey.Builder keyID​(java.lang.String kid)
        Sets the ID (kid) of the JWK. The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
        Parameters:
        kid - The key ID, null if not specified.
        Returns:
        This builder.

      • keyIDFromThumbprint

        public OctetSequenceKey.Builder keyIDFromThumbprint()
                                             throws JOSEException
        Sets the ID (kid) of the JWK to its SHA-256 JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
        Returns:
        This builder.
        Throws:
        JOSEException - If the SHA-256 hash algorithm is not supported.

      • keyIDFromThumbprint

        public OctetSequenceKey.Builder keyIDFromThumbprint​(java.lang.String hashAlg)
                                             throws JOSEException
        Sets the ID (kid) of the JWK to its JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
        Parameters:
        hashAlg - The hash algorithm for the JWK thumbprint computation. Must not be null.
        Returns:
        This builder.
        Throws:
        JOSEException - If the hash algorithm is not supported.

      • x509CertURL

        public OctetSequenceKey.Builder x509CertURL​(java.net.URI x5u)
        Sets the X.509 certificate URL (x5u) of the JWK.
        Parameters:
        x5u - The X.509 certificate URL, null if not specified.
        Returns:
        This builder.

      • x509CertThumbprint

        @Deprecated
public OctetSequenceKey.Builder x509CertThumbprint​(Base64URL x5t)
        Deprecated.
        Sets the X.509 certificate SHA-1 thumbprint (x5t) of the JWK.
        Parameters:
        x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
        Returns:
        This builder.

      • x509CertSHA256Thumbprint

        public OctetSequenceKey.Builder x509CertSHA256Thumbprint​(Base64URL x5t256)
        Sets the X.509 certificate SHA-256 thumbprint (x5t#S256) of the JWK.
        Parameters:
        x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
        Returns:
        This builder.

      • x509CertChain

        public OctetSequenceKey.Builder x509CertChain​(java.util.List<Base64> x5c)
        Sets the X.509 certificate chain (x5c) of the JWK.
        Parameters:
        x5c - The X.509 certificate chain as a unmodifiable list, null if not specified.
        Returns:
        This builder.

      • expirationTime

        public OctetSequenceKey.Builder expirationTime​(java.util.Date exp)
        Sets the expiration time (exp) of the JWK.
        Parameters:
        exp - The expiration time, null if not specified.
        Returns:
        This builder.

      • notBeforeTime

        public OctetSequenceKey.Builder notBeforeTime​(java.util.Date nbf)
        Sets the not-before time (nbf) of the JWK.
        Parameters:
        nbf - The not-before time, null if not specified.
        Returns:
        This builder.

      • issueTime

        public OctetSequenceKey.Builder issueTime​(java.util.Date iat)
        Sets the issued-at time (iat) of the JWK.
        Parameters:
        iat - The issued-at time, null if not specified.
        Returns:
        This builder.

      • keyStore

        public OctetSequenceKey.Builder keyStore​(java.security.KeyStore keyStore)
        Sets the underlying key store.
        Parameters:
        keyStore - Reference to the underlying key store, null if none.
        Returns:
        This builder.

      • build

        public OctetSequenceKey build()
        Builds a new octet sequence JWK.
        Returns:
        The octet sequence JWK.
        Throws:
        java.lang.IllegalStateException - If the JWK parameters were inconsistently specified.