Package com.nimbusds.jose.jwk

Class RSAKey.Builder

java.lang.Object
com.nimbusds.jose.jwk.RSAKey.Builder
Enclosing class:
RSAKey
public static class RSAKey.Builder extends Object
Builder for constructing RSA JWKs.

Example usage: 

 RSAKey key = new RSAKey.Builder(n, e).
              privateExponent(d).
              algorithm(JWSAlgorithm.RS512).
              keyID("456").
              build();

  • Constructor Details

    • Builder

      public Builder(Base64URL n, Base64URL e)
      Creates a new RSA JWK builder.
      Parameters:
      n - The the modulus value for the public RSA key. It is represented as the Base64URL encoding of value's big endian representation. Must not be null.
      e - The exponent value for the public RSA key. It is represented as the Base64URL encoding of value's big endian representation. Must not be null.

    • Builder

      public Builder(RSAPublicKey pub)
      Creates a new RSA JWK builder.
      Parameters:
      pub - The public RSA key to represent. Must not be null.

    • Builder

      public Builder(RSAKey rsaJWK)
      Creates a new RSA JWK builder.
      Parameters:
      rsaJWK - The RSA JWK to start with. Must not be null.

  • Method Details

    • privateExponent

      public RSAKey.Builder privateExponent(Base64URL d)
      Sets the private exponent (d) of the RSA key.
      Parameters:
      d - The private RSA key exponent. It is represented as the Base64URL encoding of the value's big endian representation. null if not specified (for a public key or a private key using the second representation only).
      Returns:
      This builder.

    • privateKey

      public RSAKey.Builder privateKey(RSAPrivateKey priv)
      Sets the private RSA key, using the first representation.
      Parameters:
      priv - The private RSA key, used to obtain the private exponent (d). Must not be null.
      Returns:
      This builder.

    • privateKey

      public RSAKey.Builder privateKey(PrivateKey priv)
      Sets the private RSA key, typically for a key located in a PKCS#11 store that doesn't expose the private key parameters (such as a smart card or HSM).
      Parameters:
      priv - The private RSA key reference. Its algorithm must be "RSA". Must not be null.
      Returns:
      This builder.

    • firstPrimeFactor

      public RSAKey.Builder firstPrimeFactor(Base64URL p)
      Sets the first prime factor (p) of the private RSA key.
      Parameters:
      p - The RSA first prime factor. It is represented as the Base64URL encoding of the value's big endian representation. null if not specified (for a public key or a private key using the first representation only).
      Returns:
      This builder.

    • secondPrimeFactor

      public RSAKey.Builder secondPrimeFactor(Base64URL q)
      Sets the second prime factor (q) of the private RSA key.
      Parameters:
      q - The RSA second prime factor. It is represented as the Base64URL encoding of the value's big endian representation. null if not specified (for a public key or a private key using the first representation only).
      Returns:
      This builder.

    • firstFactorCRTExponent

      public RSAKey.Builder firstFactorCRTExponent(Base64URL dp)
      Sets the first factor Chinese Remainder Theorem (CRT) exponent (dp) of the private RSA key.
      Parameters:
      dp - The RSA first factor CRT exponent. It is represented as the Base64URL encoding of the value's big endian representation. null if not specified (for a public key or a private key using the first representation only).
      Returns:
      This builder.

    • secondFactorCRTExponent

      public RSAKey.Builder secondFactorCRTExponent(Base64URL dq)
      Sets the second factor Chinese Remainder Theorem (CRT) exponent (dq) of the private RSA key.
      Parameters:
      dq - The RSA second factor CRT exponent. It is represented as the Base64URL encoding of the value's big endian representation. null if not specified (for a public key or a private key using the first representation only).
      Returns:
      This builder.

    • firstCRTCoefficient

      public RSAKey.Builder firstCRTCoefficient(Base64URL qi)
      Sets the first Chinese Remainder Theorem (CRT) coefficient (qi) of the private RSA key.
      Parameters:
      qi - The RSA first CRT coefficient. It is represented as the Base64URL encoding of the value's big endian representation. null if not specified (for a public key or a private key using the first representation only).
      Returns:
      This builder.

    • otherPrimes

      public RSAKey.Builder otherPrimes(List<RSAKey.OtherPrimesInfo> oth)
      Sets the other primes information (oth) for the private RSA key, should they exist.
      Parameters:
      oth - The RSA other primes information, null or empty list if not specified.
      Returns:
      This builder.

    • privateKey

      public RSAKey.Builder privateKey(RSAPrivateCrtKey priv)
      Sets the private RSA key, using the second representation (see RFC 3447, section 3.2).
      Parameters:
      priv - The private RSA key, used to obtain the private exponent (d), the first prime factor (p), the second prime factor (q), the first factor CRT exponent (dp), the second factor CRT exponent (dq) and the first CRT coefficient (qi). Must not be null.
      Returns:
      This builder.

    • privateKey

      public RSAKey.Builder privateKey(RSAMultiPrimePrivateCrtKey priv)
      Sets the private RSA key, using the second representation, with optional other primes info (see RFC 3447, section 3.2).
      Parameters:
      priv - The private RSA key, used to obtain the private exponent (d), the first prime factor (p), the second prime factor (q), the first factor CRT exponent (dp), the second factor CRT exponent (dq), the first CRT coefficient (qi) and the other primes info (oth). Must not be null.
      Returns:
      This builder.

    • keyUse

      public RSAKey.Builder keyUse(KeyUse use)
      Sets the use (use) of the JWK.
      Parameters:
      use - The key use, null if not specified or if the key is intended for signing as well as encryption.
      Returns:
      This builder.

    • keyOperations

      public RSAKey.Builder keyOperations(Set<KeyOperation> ops)
      Sets the operations (key_ops) of the JWK (for a non-public key).
      Parameters:
      ops - The key operations, null if not specified.
      Returns:
      This builder.

    • algorithm

      public RSAKey.Builder algorithm(Algorithm alg)
      Sets the intended JOSE algorithm (alg) for the JWK.
      Parameters:
      alg - The intended JOSE algorithm, null if not specified.
      Returns:
      This builder.

    • keyID

      public RSAKey.Builder keyID(String kid)
      Sets the ID (kid) of the JWK. The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
      Parameters:
      kid - The key ID, null if not specified.
      Returns:
      This builder.

    • keyIDFromThumbprint

      public RSAKey.Builder keyIDFromThumbprint() throws JOSEException
      Sets the ID (kid) of the JWK to its SHA-256 JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
      Returns:
      This builder.
      Throws:
      JOSEException - If the SHA-256 hash algorithm is not supported.

    • keyIDFromThumbprint

      public RSAKey.Builder keyIDFromThumbprint(String hashAlg) throws JOSEException
      Sets the ID (kid) of the JWK to its JWK thumbprint (RFC 7638). The key ID can be used to match a specific key. This can be used, for instance, to choose a key within a JWKSet during key rollover. The key ID may also correspond to a JWS/JWE kid header parameter value.
      Parameters:
      hashAlg - The hash algorithm for the JWK thumbprint computation. Must not be null.
      Returns:
      This builder.
      Throws:
      JOSEException - If the hash algorithm is not supported.

    • x509CertURL

      public RSAKey.Builder x509CertURL(URI x5u)
      Sets the X.509 certificate URL (x5u) of the JWK.
      Parameters:
      x5u - The X.509 certificate URL, null if not specified.
      Returns:
      This builder.

    • x509CertThumbprint

      @Deprecated public RSAKey.Builder x509CertThumbprint(Base64URL x5t)
      Deprecated.
      Sets the X.509 certificate SHA-1 thumbprint (x5t) of the JWK.
      Parameters:
      x5t - The X.509 certificate SHA-1 thumbprint, null if not specified.
      Returns:
      This builder.

    • x509CertSHA256Thumbprint

      public RSAKey.Builder x509CertSHA256Thumbprint(Base64URL x5t256)
      Sets the X.509 certificate SHA-256 thumbprint (x5t#S256) of the JWK.
      Parameters:
      x5t256 - The X.509 certificate SHA-256 thumbprint, null if not specified.
      Returns:
      This builder.

    • x509CertChain

      public RSAKey.Builder x509CertChain(List<Base64> x5c)
      Sets the X.509 certificate chain (x5c) of the JWK.
      Parameters:
      x5c - The X.509 certificate chain as a unmodifiable list, null if not specified.
      Returns:
      This builder.

    • expirationTime

      public RSAKey.Builder expirationTime(Date exp)
      Sets the expiration time (exp) of the JWK.
      Parameters:
      exp - The expiration time, null if not specified.
      Returns:
      This builder.

    • notBeforeTime

      public RSAKey.Builder notBeforeTime(Date nbf)
      Sets the not-before time (nbf) of the JWK.
      Parameters:
      nbf - The not-before time, null if not specified.
      Returns:
      This builder.

    • issueTime

      public RSAKey.Builder issueTime(Date iat)
      Sets the issued-at time (iat) of the JWK.
      Parameters:
      iat - The issued-at time, null if not specified.
      Returns:
      This builder.

    • keyStore

      public RSAKey.Builder keyStore(KeyStore keyStore)
      Sets the underlying key store.
      Parameters:
      keyStore - Reference to the underlying key store, null if none.
      Returns:
      This builder.

    • build

      public RSAKey build()
      Builds a new RSA JWK.
      Returns:
      The RSA JWK.
      Throws:
      IllegalStateException - If the JWK parameters were inconsistently specified.