Package com.nimbusds.jose.jwk.gen

Class JWKGenerator<T extends JWK>

java.lang.Object

com.nimbusds.jose.jwk.gen.JWKGenerator<T>

Direct Known Subclasses:

ECKeyGenerator, OctetKeyPairGenerator, OctetSequenceKeyGenerator, RSAKeyGenerator

public abstract class JWKGenerator<T extends JWK>
extends Object

Abstract JWK generator.

Version:

2023-01-02

Author:

Vladimir Dzhuvinov, Justin Cranford

Field Summary

Fields

Modifier and Type	Field	Description
protected Algorithm	alg	The intended JOSE algorithm for the key, optional.
protected Date	exp	The key expiration time, optional.
protected Date	iat	The key issued-at time, optional.
protected KeyStore	keyStore	Reference to the underlying key store, null if none.
protected String	kid	The key ID, optional.
protected Date	nbf	The key not-before time, optional.
protected Set<KeyOperation>	ops	The key operations, optional.
protected SecureRandom	secureRandom	The secure random generator to use, null to use the default one.
protected KeyUse	use	The key use, optional.
protected boolean	x5tKid	If true sets the ID of the JWK to the SHA-256 thumbprint of the JWK.

Constructor Summary

Constructors

Constructor	Description
JWKGenerator()

Method Summary

Modifier and Type	Method	Description
JWKGenerator<T>	algorithm(Algorithm alg)	Sets the intended JOSE algorithm (alg) for the JWK.
JWKGenerator<T>	expirationTime(Date exp)	Sets the expiration time (exp) of the JWK.
abstract T	generate()	Generates the JWK according to the set parameters.
JWKGenerator<T>	issueTime(Date iat)	Sets the issued-at time (iat) of the JWK.
JWKGenerator<T>	keyID(String kid)	Sets the ID (kid) of the JWK.
JWKGenerator<T>	keyIDFromThumbprint(boolean x5tKid)	Sets the ID (kid) of the JWK to its SHA-256 JWK thumbprint (RFC 7638).
JWKGenerator<T>	keyOperations(Set<KeyOperation> ops)	Sets the operations (key_ops) of the JWK.
JWKGenerator<T>	keyStore(KeyStore keyStore)	Sets the underlying key store.
JWKGenerator<T>	keyUse(KeyUse use)	Sets the use (use) of the JWK.
JWKGenerator<T>	notBeforeTime(Date nbf)	Sets the not-before time (nbf) of the JWK.
JWKGenerator<T>	secureRandom(SecureRandom secureRandom)	Sets the secure random generator to use.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

use

protected KeyUse use

The key use, optional.

ops

protected Set<KeyOperation> ops

The key operations, optional.

alg

protected Algorithm alg

The intended JOSE algorithm for the key, optional.

kid

protected String kid

The key ID, optional.

x5tKid

protected boolean x5tKid

If true sets the ID of the JWK to the SHA-256 thumbprint of the JWK.

exp

protected Date exp

The key expiration time, optional.

nbf

protected Date nbf

The key not-before time, optional.

iat

protected Date iat

The key issued-at time, optional.

keyStore

protected KeyStore keyStore

Reference to the underlying key store, null if none.

secureRandom

protected SecureRandom secureRandom

The secure random generator to use, null to use the default one.

Constructor Detail

JWKGenerator

public JWKGenerator()

Method Detail

keyUse

public JWKGenerator<T> keyUse(KeyUse use)

Sets the use (use) of the JWK.

Parameters:

use - The key use, null if not specified or if the key is intended for signing as well as encryption.

Returns:

This generator.

keyOperations

public JWKGenerator<T> keyOperations(Set<KeyOperation> ops)

Sets the operations (key_ops) of the JWK.

Parameters:

ops - The key operations, null if not specified.

Returns:

This generator.

algorithm

public JWKGenerator<T> algorithm(Algorithm alg)

Sets the intended JOSE algorithm (alg) for the JWK.

Parameters:

alg - The intended JOSE algorithm, null if not specified.

Returns:

This generator.

keyID

public JWKGenerator<T> keyID(String kid)

Sets the ID (kid) of the JWK. The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.

Parameters:

kid - The key ID, null if not specified.

Returns:

This generator.

keyIDFromThumbprint

public JWKGenerator<T> keyIDFromThumbprint(boolean x5tKid)

Sets the ID (kid) of the JWK to its SHA-256 JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.

Parameters:

x5tKid - If true sets the ID of the JWK to the SHA-256 JWK thumbprint.

Returns:

This generator.

expirationTime

public JWKGenerator<T> expirationTime(Date exp)

Sets the expiration time (exp) of the JWK.

Parameters:

exp - The expiration time, null if not specified.

Returns:

This generator.

notBeforeTime

public JWKGenerator<T> notBeforeTime(Date nbf)

Sets the not-before time (nbf) of the JWK.

Parameters:

nbf - The not-before time, null if not specified.

Returns:

This generator.

issueTime

public JWKGenerator<T> issueTime(Date iat)

Sets the issued-at time (iat) of the JWK.

Parameters:

iat - The issued-at time, null if not specified.

Returns:

This generator.

keyStore

public JWKGenerator<T> keyStore(KeyStore keyStore)

Sets the underlying key store.

Parameters:

keyStore - Reference to the underlying key store, null if none.

Returns:

This generator.

generate

public abstract T generate()
                    throws JOSEException

Generates the JWK according to the set parameters.

Returns:

The generated JWK.

Throws:

JOSEException - If the key generation failed.

secureRandom

public JWKGenerator<T> secureRandom(SecureRandom secureRandom)

Sets the secure random generator to use.

Parameters:

secureRandom - The secure random generator to use, null to use the default one.

Returns:

This generator.