Change addOther to add, validate that we don't overwrite named proper…

…ties

README.md

@@ -148,7 +148,6 @@ assertEquals(jwt.subject, "f1e33ab3-027f-47c5-bb07-8dd8ab37a2d3");
 
 ```java
 JSONWebKey jwk = JSONWebKey.build(publicKey);
-
 String json = jwk.toJSON();
 ```
 
@@ -165,7 +164,6 @@ String json = jwk.toJSON();
 
 ```java
 JSONWebKey jwk = JSONWebKey.build(privateKey);
-
 String json = jwk.toJSON();
 ```
 
@@ -188,9 +186,8 @@ String json = jwk.toJSON();
 
 ```java
 JSONWebKey jwk = JSONWebKey.build(privateKey)
-                           .addOther("boom", "goes the dynamite")
-                           .addOther("more", "cowbell");
-
+                           .add("boom", "goes the dynamite")
+                           .add("more", "cowbell");
 String json = jwk.toJSON();
 ```
 

src/main/java/io/fusionauth/jwks/domain/JSONWebKey.java

@@ -21,6 +21,7 @@
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import io.fusionauth.jwks.JSONWebKeyBuilder;
+import io.fusionauth.jwks.JSONWebKeyBuilderException;
 import io.fusionauth.jwt.domain.Algorithm;
 import io.fusionauth.jwt.domain.Buildable;
 import io.fusionauth.jwt.domain.KeyType;
@@ -203,8 +204,35 @@ public static JSONWebKey build(PublicKey publicKey) {
   }
 
   @JsonIgnore
-  public JSONWebKey addOther(String key, Object value) {
-    other.put(key, value);
+  public JSONWebKey add(String key, Object value) {
+    if (key == null || value == null) {
+      return this;
+    }
+
+    switch (key) {
+      case "alg":
+      case "crv":
+      case "d":
+      case "dp":
+      case "dq":
+      case "e":
+      case "kid":
+      case "kty":
+      case "n":
+      case "p":
+      case "q":
+      case "qi":
+      case "use":
+      case "x":
+      case "x5c":
+      case "x5t":
+      case "x5t_256":
+      case "y":
+        throw new JSONWebKeyBuilderException("You can not add a named property. Use the field for [" + key + "] instead.", new IllegalArgumentException());
+      default:
+        other.put(key, value);
+    }
+
     return this;
   }
 

src/test/java/io/fusionauth/jwks/JSONWebKeyBuilderTest.java

@@ -27,11 +27,36 @@
 import java.security.interfaces.ECPublicKey;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
+import java.util.Arrays;
 
 /**
  * @author Daniel DeGroff
  */
 public class JSONWebKeyBuilderTest extends BaseTest {
+  @Test
+  public void add_named_properties() {
+    Arrays.asList(
+        "alg",
+        "crv",
+        "d",
+        "dp",
+        "dq",
+        "e",
+        "kid",
+        "kty",
+        "n",
+        "p",
+        "q",
+        "qi",
+        "use",
+        "x",
+        "x5c",
+        "x5t",
+        "x5t_256",
+        "y"
+    ).forEach(key -> expectException(JSONWebKeyBuilderException.class, () -> new JSONWebKey().add(key, "Nunya, Business")));
+  }
+
   @Test
   public void ec_private() throws Exception {
     // EC 256 Private key - PKCS#8 encapsulated already
@@ -63,8 +88,8 @@ public void extra_properties() throws Exception {
     // EC 256 Public key
     ECPublicKey ecPublic_p256 = PEM.decode(Paths.get("src/test/resources/ec_public_key_p_256.pem")).getPublicKey();
     assertJSONEquals(JSONWebKey.build(ecPublic_p256)
-                               .addOther("more", "cowbell")
-                               .addOther("boom", "goes the dynamite"), "src/test/resources/jwk/extra_properties.json");
+                               .add("more", "cowbell")
+                               .add("boom", "goes the dynamite"), "src/test/resources/jwk/extra_properties.json");
   }
 
   @Test