Package com.nimbusds.jose.jwk.gen

Class JWKGenerator<T extends JWK>

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected Algorithm alg
      The intended JOSE algorithm for the key, optional.
      protected java.util.Date exp
      The key expiration time, optional.
      protected java.util.Date iat
      The key issued-at time, optional.
      protected java.security.KeyStore keyStore
      Reference to the underlying key store, null if none.
      protected java.lang.String kid
      The key ID, optional.
      protected java.util.Date nbf
      The key not-before time, optional.
      protected java.util.Set<KeyOperation> ops
      The key operations, optional.
      protected java.security.Provider provider
      The JCA provider, null to use the default one.
      protected java.security.SecureRandom secureRandom
      The secure random generator to use, null to use the default one.
      protected KeyUse use
      The key use, optional.
      protected boolean x5tKid
      If true sets the ID of the JWK to the SHA-256 thumbprint of the JWK.

    • Constructor Summary

      Constructors 
      Constructor Description
      JWKGenerator()  

    • Field Detail

      • use

        protected KeyUse use
        The key use, optional.

      • ops

        protected java.util.Set<KeyOperation> ops
        The key operations, optional.

      • alg

        protected Algorithm alg
        The intended JOSE algorithm for the key, optional.

      • kid

        protected java.lang.String kid
        The key ID, optional.

      • x5tKid

        protected boolean x5tKid
        If true sets the ID of the JWK to the SHA-256 thumbprint of the JWK.

      • exp

        protected java.util.Date exp
        The key expiration time, optional.

      • nbf

        protected java.util.Date nbf
        The key not-before time, optional.

      • iat

        protected java.util.Date iat
        The key issued-at time, optional.

      • keyStore

        protected java.security.KeyStore keyStore
        Reference to the underlying key store, null if none.

      • provider

        protected java.security.Provider provider
        The JCA provider, null to use the default one.

      • secureRandom

        protected java.security.SecureRandom secureRandom
        The secure random generator to use, null to use the default one.

    • Constructor Detail

      • JWKGenerator

        public JWKGenerator()

    • Method Detail

      • keyUse

        public JWKGenerator<T> keyUse​(KeyUse use)
        Sets the use (use) of the JWK.
        Parameters:
        use - The key use, null if not specified or if the key is intended for signing as well as encryption.
        Returns:
        This generator.

      • keyOperations

        public JWKGenerator<T> keyOperations​(java.util.Set<KeyOperation> ops)
        Sets the operations (key_ops) of the JWK.
        Parameters:
        ops - The key operations, null if not specified.
        Returns:
        This generator.

      • algorithm

        public JWKGenerator<T> algorithm​(Algorithm alg)
        Sets the intended JOSE algorithm (alg) for the JWK.
        Parameters:
        alg - The intended JOSE algorithm, null if not specified.
        Returns:
        This generator.

      • keyID

        public JWKGenerator<T> keyID​(java.lang.String kid)
        Sets the ID (kid) of the JWK. The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
        Parameters:
        kid - The key ID, null if not specified.
        Returns:
        This generator.

      • keyIDFromThumbprint

        public JWKGenerator<T> keyIDFromThumbprint​(boolean x5tKid)
        Sets the ID (kid) of the JWK to its SHA-256 JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
        Parameters:
        x5tKid - If true sets the ID of the JWK to the SHA-256 JWK thumbprint.
        Returns:
        This generator.

      • expirationTime

        public JWKGenerator<T> expirationTime​(java.util.Date exp)
        Sets the expiration time (exp) of the JWK.
        Parameters:
        exp - The expiration time, null if not specified.
        Returns:
        This generator.

      • notBeforeTime

        public JWKGenerator<T> notBeforeTime​(java.util.Date nbf)
        Sets the not-before time (nbf) of the JWK.
        Parameters:
        nbf - The not-before time, null if not specified.
        Returns:
        This generator.

      • issueTime

        public JWKGenerator<T> issueTime​(java.util.Date iat)
        Sets the issued-at time (iat) of the JWK.
        Parameters:
        iat - The issued-at time, null if not specified.
        Returns:
        This generator.

      • keyStore

        public JWKGenerator<T> keyStore​(java.security.KeyStore keyStore)
        Sets the underlying key store. Overrides the JCA provider is set. Note, some JWK generators may not use the JCA key store API.
        Parameters:
        keyStore - Reference to the underlying key store, null if none.
        Returns:
        This generator.

      • provider

        public JWKGenerator<T> provider​(java.security.Provider provider)
        Sets the JCA provider for the key generation. Note, some JWK generators may not use the JCA provider API.
        Parameters:
        provider - The JCA provider, null to use the default one.
        Returns:
        This generator.

      • secureRandom

        public JWKGenerator<T> secureRandom​(java.security.SecureRandom secureRandom)
        Sets the secure random generator to use. Note, some JWK generators may not use the JCA secure random API.
        Parameters:
        secureRandom - The secure random generator to use, null to use the default one.
        Returns:
        This generator.

      • generate

        public abstract T generate()
                    throws JOSEException
        Generates the JWK according to the set parameters.
        Returns:
        The generated JWK.
        Throws:
        JOSEException - If the key generation failed.