Class SecretsJwtTokenHandler.Builder
- java.lang.Object
-
- org.forgerock.json.jose.tokenhandler.SecretsJwtTokenHandler.Builder
-
- Enclosing class:
- SecretsJwtTokenHandler
public static final class SecretsJwtTokenHandler.Builder extends Object
Builder pattern object for configuring aSecretsJwtTokenHandler.
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description SecretsJwtTokenHandlerbuild()Builds theSecretsJwtTokenHandlerbased on the configuration specified.SecretsJwtTokenHandler.Builderclock(Clock clock)Specifies the clock to use for checking if tokens have expired.SecretsJwtTokenHandler.BuilderdecryptionPurpose(Purpose<? extends CryptoKey> decryptionKeyPurpose)Specifies thePurposeused to retrieve decryption keys from the secrets provider.SecretsJwtTokenHandler.BuilderencryptionMethod(EncryptionMethod encryptionMethod)Specifies the JWE content encryption method to use when encrypting tokens produced by this token handler.SecretsJwtTokenHandler.BuilderencryptionPurpose(Purpose<? extends CryptoKey> encryptionKeyPurpose)Specifies thePurposeused to retrieve encryption keys from the secrets provider.SecretsJwtTokenHandler.BuilderjweAlgorithm(JweAlgorithm algorithm)Specifies the JWE key management algorithm to use when encrypting tokens produced by this token handler.SecretsJwtTokenHandler.BuilderjwsAlgorithm(JwsAlgorithm algorithm)Specifies the JWS signature algorithm to use to sign tokens produced by this token handler.SecretsJwtTokenHandler.BuildersecretsProvider(SecretsProvider secretsProvider)Configures theSecretsProviderfrom which to retrieve signing and encryption keys.SecretsJwtTokenHandler.BuildersigningPurpose(Purpose<SigningKey> signingKeyPurpose)Specifies thePurposeused to retrieve signing keys from the secrets provider.SecretsJwtTokenHandler.BuildertokenLifetimeInSeconds(long tokenLifetimeSeconds)Specifies the maximum lifetime (in seconds) of the tokens produced by this token handler.SecretsJwtTokenHandler.BuildertokenLifetimeInSeconds(Optional<Long> tokenLifeTimeInSeconds)Specifies the maximum lifetime (in seconds) of the tokens produced by this token handler.SecretsJwtTokenHandler.BuilderverificationPurpose(Purpose<VerificationKey> verificationKeyPurpose)Specifies thePurposeused to retrieve verification keys from the secrets provider.
-
-
-
Method Detail
-
jweAlgorithm
public SecretsJwtTokenHandler.Builder jweAlgorithm(JweAlgorithm algorithm)
Specifies the JWE key management algorithm to use when encrypting tokens produced by this token handler. Defaults toJweAlgorithm.RSA_OAEP_256.- Parameters:
algorithm- the algorithm to use.- Returns:
- this builder.
-
encryptionMethod
public SecretsJwtTokenHandler.Builder encryptionMethod(EncryptionMethod encryptionMethod)
Specifies the JWE content encryption method to use when encrypting tokens produced by this token handler. Defaults toEncryptionMethod.A128CBC_HS256.- Parameters:
encryptionMethod- the encryption method to use.- Returns:
- this builder.
-
jwsAlgorithm
public SecretsJwtTokenHandler.Builder jwsAlgorithm(JwsAlgorithm algorithm)
Specifies the JWS signature algorithm to use to sign tokens produced by this token handler. Defaults toJwsAlgorithm.HS256.- Parameters:
algorithm- the JWS signature algorithm.- Returns:
- this builder.
-
tokenLifetimeInSeconds
public SecretsJwtTokenHandler.Builder tokenLifetimeInSeconds(long tokenLifetimeSeconds)
Specifies the maximum lifetime (in seconds) of the tokens produced by this token handler.- Parameters:
tokenLifetimeSeconds- the lifetime in seconds. Must be greater than zero.- Returns:
- this builder.
-
tokenLifetimeInSeconds
public SecretsJwtTokenHandler.Builder tokenLifetimeInSeconds(Optional<Long> tokenLifeTimeInSeconds)
Specifies the maximum lifetime (in seconds) of the tokens produced by this token handler.- Parameters:
tokenLifeTimeInSeconds- the lifetime in seconds. If present, must be greater than zero.- Returns:
- this builder.
-
secretsProvider
public SecretsJwtTokenHandler.Builder secretsProvider(SecretsProvider secretsProvider)
Configures theSecretsProviderfrom which to retrieve signing and encryption keys.- Parameters:
secretsProvider- the secrets provider.- Returns:
- this builder.
-
signingPurpose
public SecretsJwtTokenHandler.Builder signingPurpose(Purpose<SigningKey> signingKeyPurpose)
Specifies thePurposeused to retrieve signing keys from the secrets provider.- Parameters:
signingKeyPurpose- the signing purpose.- Returns:
- this builder.
-
verificationPurpose
public SecretsJwtTokenHandler.Builder verificationPurpose(Purpose<VerificationKey> verificationKeyPurpose)
Specifies thePurposeused to retrieve verification keys from the secrets provider.- Parameters:
verificationKeyPurpose- the verification purpose.- Returns:
- this builder.
-
encryptionPurpose
public SecretsJwtTokenHandler.Builder encryptionPurpose(Purpose<? extends CryptoKey> encryptionKeyPurpose)
Specifies thePurposeused to retrieve encryption keys from the secrets provider. This will typically be aDataEncryptionKey,KeyEncryptionKey, orKeyAgreementKey, depending on JWE algorithm being used.- Parameters:
encryptionKeyPurpose- the encryption purpose.- Returns:
- this builder.
-
decryptionPurpose
public SecretsJwtTokenHandler.Builder decryptionPurpose(Purpose<? extends CryptoKey> decryptionKeyPurpose)
Specifies thePurposeused to retrieve decryption keys from the secrets provider. This will typically be aDataDecryptionKey,KeyDecryptionKey, orKeyAgreementKey, depending on JWE algorithm being used.- Parameters:
decryptionKeyPurpose- the decryption purpose.- Returns:
- this builder.
-
clock
public SecretsJwtTokenHandler.Builder clock(Clock clock)
Specifies the clock to use for checking if tokens have expired.- Parameters:
clock- the clock to use for checking token expiry.- Returns:
- this builder.
-
build
public SecretsJwtTokenHandler build()
Builds theSecretsJwtTokenHandlerbased on the configuration specified.- Returns:
- the configured token handler.
- Throws:
IllegalArgumentException- if any of the specified configuration values are invalid.NullPointerException- if a required value has not been specified and has no default.
-
-