com.nimbusds.openid.connect.provider.jwksetgen

Class JWKSetGenerator

java.lang.Object

com.nimbusds.openid.connect.provider.jwksetgen.JWKSetGenerator

public class JWKSetGenerator
extends Object

JWK set generators for Connect2id servers.

Field Summary

Fields

Modifier and Type	Field and Description
static int	AES_KEY_BIT_SIZE The AES key bit size.
static int	HMAC_SHA_KEY_BIT_SIZE The HMAC SHA key bit size.
static int	REFRESH_TOKEN_AES_SIV_KEY_BIT_SIZE The refresh token AES SIV key bit size.
static int	RSA_KEY_BIT_SIZE The RSA key bit size.
static int	SUBJECT_AES_SIV_KEY_BIT_SIZE The subject AES SIV key bit size.

Constructor Summary

Constructors

Constructor and Description
JWKSetGenerator()

Method Summary

Modifier and Type	Method and Description
com.nimbusds.jose.jwk.JWKSet	generate(boolean withMessage) Generates a new JWK set for a Connect2id server.
com.nimbusds.jose.jwk.JWKSet	generateAndPrefixNewKeys(com.nimbusds.jose.jwk.JWKSet oldJWKSet, boolean withMessage) A generates a new set of signing and encryption keys and prefixes them to the specified Connect2id server JWK set.
static com.nimbusds.jose.jwk.OctetSequenceKey	generateEncryptionAESKey(String kid) Generates a 128 bit AES encryption key with the specified key ID.
static com.nimbusds.jose.jwk.ECKey	generateEncryptionECKey(com.nimbusds.jose.jwk.Curve crv, String kid) Generates an EC encryption key with the specified curve and key ID.
static com.nimbusds.jose.jwk.RSAKey	generateEncryptionRSAKey(String kid) Generates a 2048 bit RSA encryption key with the specified key ID.
static com.nimbusds.jose.jwk.OctetSequenceKey	generateHMACSHA256Key() Generates a 256 bit HMAC SHA key with key ID "hmac".
List<com.nimbusds.jose.jwk.JWK>	generatePermanentKeys(boolean withMessage) Generates a new set of permanent keys for a Connect2id server.
static com.nimbusds.jose.jwk.OctetSequenceKey	generateRefreshTokenEncryptionKey() Generates a 256 bit refresh token encryption key (intended for AES SIV mode) with key ID "refresh-token-encrypt".
List<com.nimbusds.jose.jwk.JWK>	generateRotatingKeys(KeyIDs reservedKeyIDs, boolean withMessage) Generates a new set of rotating signature and encryption keys for a Connect2id server.
static com.nimbusds.jose.jwk.ECKey	generateSigningECKey(com.nimbusds.jose.jwk.Curve crv, String kid) Generates an EC signing key with the specified curve and key ID.
static com.nimbusds.jose.jwk.OctetKeyPair	generateSigningEd25519Key(String kid) Generates an Ed25519 signing key with the specified key ID.
static com.nimbusds.jose.jwk.RSAKey	generateSigningRSAKey(String kid) Generates a 2048 bit RSA signing key with the specified key ID.
static com.nimbusds.jose.jwk.OctetSequenceKey	generateSubjectEncryptionKey() Generates a 256 bit subject encryption key (intended for AES SIV mode) with key ID "subject-encrypt".
static void	main(String[] args) Console method for generating a new Connect2id server JWK set, or updating an existing JWK set with new signing and encryption keys.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

RSA_KEY_BIT_SIZE

public static final int RSA_KEY_BIT_SIZE

The RSA key bit size.

See Also:

Constant Field Values

AES_KEY_BIT_SIZE

public static final int AES_KEY_BIT_SIZE

The AES key bit size.

See Also:

Constant Field Values

HMAC_SHA_KEY_BIT_SIZE

public static final int HMAC_SHA_KEY_BIT_SIZE

The HMAC SHA key bit size.

See Also:

Constant Field Values

SUBJECT_AES_SIV_KEY_BIT_SIZE

public static final int SUBJECT_AES_SIV_KEY_BIT_SIZE

The subject AES SIV key bit size.

See Also:

Constant Field Values

REFRESH_TOKEN_AES_SIV_KEY_BIT_SIZE

public static final int REFRESH_TOKEN_AES_SIV_KEY_BIT_SIZE

The refresh token AES SIV key bit size.

See Also:

Constant Field Values

Constructor Detail

JWKSetGenerator

public JWKSetGenerator()

Method Detail

generateSigningRSAKey

public static com.nimbusds.jose.jwk.RSAKey generateSigningRSAKey(String kid)
                                                          throws com.nimbusds.jose.JOSEException

Generates a 2048 bit RSA signing key with the specified key ID.

Parameters:

kid - The key ID, null if not specified.

Returns:

The RSA key pair.

Throws:

com.nimbusds.jose.JOSEException

generateEncryptionRSAKey

public static com.nimbusds.jose.jwk.RSAKey generateEncryptionRSAKey(String kid)
                                                             throws com.nimbusds.jose.JOSEException

Generates a 2048 bit RSA encryption key with the specified key ID.

Parameters:

kid - The key ID, null if not specified.

Returns:

The RSA key pair.

Throws:

com.nimbusds.jose.JOSEException

generateSigningECKey

public static com.nimbusds.jose.jwk.ECKey generateSigningECKey(com.nimbusds.jose.jwk.Curve crv,
                                                               String kid)
                                                        throws com.nimbusds.jose.JOSEException

Generates an EC signing key with the specified curve and key ID.

Parameters:

crv - The curve. Must not be null.

kid - The key ID, null if not specified.

Returns:

The EC key pair.

Throws:

com.nimbusds.jose.JOSEException

generateEncryptionECKey

public static com.nimbusds.jose.jwk.ECKey generateEncryptionECKey(com.nimbusds.jose.jwk.Curve crv,
                                                                  String kid)
                                                           throws com.nimbusds.jose.JOSEException

Generates an EC encryption key with the specified curve and key ID.

Parameters:

crv - The curve. Must not be null.

kid - The key ID, null if not specified.

Returns:

The EC key pair.

Throws:

com.nimbusds.jose.JOSEException

generateSigningEd25519Key

public static com.nimbusds.jose.jwk.OctetKeyPair generateSigningEd25519Key(String kid)
                                                                    throws com.nimbusds.jose.JOSEException

Generates an Ed25519 signing key with the specified key ID.

Parameters:

kid - The key ID, null if not specified.

Returns:

The EC key pair.

Throws:

com.nimbusds.jose.JOSEException

generateEncryptionAESKey

public static com.nimbusds.jose.jwk.OctetSequenceKey generateEncryptionAESKey(String kid)
                                                                       throws com.nimbusds.jose.JOSEException

Generates a 128 bit AES encryption key with the specified key ID.

Parameters:

kid - The key ID, null if not specified.

Returns:

The AES key.

Throws:

com.nimbusds.jose.JOSEException

generateHMACSHA256Key

public static com.nimbusds.jose.jwk.OctetSequenceKey generateHMACSHA256Key()
                                                                    throws com.nimbusds.jose.JOSEException

Generates a 256 bit HMAC SHA key with key ID "hmac".

Returns:

The HMAC SHA key.

Throws:

com.nimbusds.jose.JOSEException

generateSubjectEncryptionKey

public static com.nimbusds.jose.jwk.OctetSequenceKey generateSubjectEncryptionKey()
                                                                           throws com.nimbusds.jose.JOSEException

Generates a 256 bit subject encryption key (intended for AES SIV mode) with key ID "subject-encrypt".

Returns:

The subject encryption key.

Throws:

com.nimbusds.jose.JOSEException

generateRefreshTokenEncryptionKey

public static com.nimbusds.jose.jwk.OctetSequenceKey generateRefreshTokenEncryptionKey()
                                                                                throws com.nimbusds.jose.JOSEException

Generates a 256 bit refresh token encryption key (intended for AES SIV mode) with key ID "refresh-token-encrypt".

Returns:

The refresh token encryption key.

Throws:

com.nimbusds.jose.JOSEException

generateRotatingKeys

public List<com.nimbusds.jose.jwk.JWK> generateRotatingKeys(KeyIDs reservedKeyIDs,
                                                            boolean withMessage)
                                                     throws com.nimbusds.jose.JOSEException

Generates a new set of rotating signature and encryption keys for a Connect2id server.

Parameters:

reservedKeyIDs - The reserved key IDs, empty if none.

withMessage - If true a message will be printed to standard output.

Returns:

The generated rotating keys.

Throws:

com.nimbusds.jose.JOSEException

generatePermanentKeys

public List<com.nimbusds.jose.jwk.JWK> generatePermanentKeys(boolean withMessage)
                                                      throws com.nimbusds.jose.JOSEException

Generates a new set of permanent keys for a Connect2id server.

Parameters:

withMessage - If true a message will be printed to standard output.

Returns:

The generated keys.

Throws:

com.nimbusds.jose.JOSEException

generate

public com.nimbusds.jose.jwk.JWKSet generate(boolean withMessage)
                                      throws com.nimbusds.jose.JOSEException

Generates a new JWK set for a Connect2id server.

Parameters:

withMessage - If true a message will be printed to standard output.

Returns:

The JWK set.

Throws:

com.nimbusds.jose.JOSEException

generateAndPrefixNewKeys

public com.nimbusds.jose.jwk.JWKSet generateAndPrefixNewKeys(com.nimbusds.jose.jwk.JWKSet oldJWKSet,
                                                             boolean withMessage)
                                                      throws Exception

A generates a new set of signing and encryption keys and prefixes them to the specified Connect2id server JWK set.

Parameters:

oldJWKSet - The Connect2id server JWK set. Must not be null.

withMessage - If true a message will be printed to std output.

Returns:

The updated JWK set.

Throws:

Exception

main

public static void main(String[] args)

Console method for generating a new Connect2id server JWK set, or updating an existing JWK set with new signing and encryption keys.

Parameters:

args - The command line arguments.