com.nimbusds.jose.crypto

Class AESDecrypter

java.lang.Object

com.nimbusds.jose.crypto.AESDecrypter

All Implemented Interfaces:

AlgorithmProvider, JWEAlgorithmProvider, JWEDecrypter

@ThreadSafe
public class AESDecrypter
extends Object
implements JWEDecrypter

AES decrypter of JWE objects. This class is thread-safe.

Supports the following JWE algorithms:

• JWEAlgorithm.A128KW
• JWEAlgorithm.A192KW
• JWEAlgorithm.A256KW
• JWEAlgorithm.A128GCMKW
• JWEAlgorithm.A192GCMKW
• JWEAlgorithm.A256GCMKW

Supports the following encryption methods:

• EncryptionMethod.A128CBC_HS256
• EncryptionMethod.A192CBC_HS384
• EncryptionMethod.A256CBC_HS512
• EncryptionMethod.A128GCM
• EncryptionMethod.A192GCM
• EncryptionMethod.A256GCM
• EncryptionMethod.A128CBC_HS256_DEPRECATED
• EncryptionMethod.A256CBC_HS512_DEPRECATED

Accepts all registered JWE header parameters. Use setAcceptedAlgorithms(java.util.Set<com.nimbusds.jose.JWEAlgorithm>) and setAcceptedEncryptionMethods(java.util.Set<com.nimbusds.jose.EncryptionMethod>) to restrict the acceptable JWE algorithms and encryption methods.

Version:

$version$ (2014-08-20)

Author:

Melisa Halsband

Field Summary

Fields

Modifier and Type	Field and Description
static Map<Integer,Set<JWEAlgorithm>>	COMPATIBLE_ALGORITHMS The JWE algorithms compatible with each key size.
protected Provider	contentEncryptionProvider The JCA provider for the content encryption, null if not specified (implies default one).
protected Provider	keyEncryptionProvider The JCA provider for the key encryption, null if not specified (implies default one).
protected Provider	macProvider The JCA provider for the MAC computation, null if not specified (implies default one).
static Set<JWEAlgorithm>	SUPPORTED_ALGORITHMS The supported JWE algorithms.
static Set<EncryptionMethod>	SUPPORTED_ENCRYPTION_METHODS The supported encryption methods.

Constructor Summary

Constructors

Constructor and Description
AESDecrypter(byte[] keyBytes) Creates a new AES decrypter.
AESDecrypter(SecretKey kek) Creates a new AES decrypter.

Method Summary

Methods

Modifier and Type	Method and Description
Set<JWEAlgorithm>	compatibleAlgorithms() Returns the JWK algorithms compatible with the key size.
byte[]	decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) Decrypts the specified cipher text of a JWE Object.
Set<JWEAlgorithm>	getAcceptedAlgorithms() Gets the names of the accepted JWE algorithms.
Set<EncryptionMethod>	getAcceptedEncryptionMethods() Gets the names of the accepted encryption methods.
Set<String>	getIgnoredCriticalHeaderParameters() Gets the names of the critical JWE header parameters to ignore.
SecretKey	getKey() Gets the Key Encrypting Key.
protected SecureRandom	getSecureRandom() Returns the secure random generator for this JWE provider.
void	setAcceptedAlgorithms(Set<JWEAlgorithm> acceptedAlgs) Sets the names of the accepted JWE algorithms.
void	setAcceptedEncryptionMethods(Set<EncryptionMethod> acceptedEncs) Sets the names of the accepted encryption methods.
void	setContentEncryptionProvider(Provider provider) Sets a specific JCA provider for the content encryption.
void	setIgnoredCriticalHeaderParameters(Set<String> headers) Sets the names of the critical JWE header parameters to ignore.
void	setKeyEncryptionProvider(Provider provider) Sets a specific JCA provider for the key encryption.
void	setMACProvider(Provider provider) Sets a specific JCA provider for MAC computation (where required by the JWE encryption method).
void	setProvider(Provider provider) Sets a specific JCA provider, to be used for all operations.
void	setSecureRandom(SecureRandom randomGen) Sets a specific secure random generator for the initialisation vector and other purposes requiring a random number.
Set<JWEAlgorithm>	supportedAlgorithms() Returns the names of the supported JWE algorithms.
Set<EncryptionMethod>	supportedEncryptionMethods() Returns the names of the supported encryption methods.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.nimbusds.jose.JWEAlgorithmProvider

setContentEncryptionProvider, setKeyEncryptionProvider, setMACProvider, setSecureRandom, supportedAlgorithms, supportedEncryptionMethods

Methods inherited from interface com.nimbusds.jose.AlgorithmProvider

setProvider

Field Detail

SUPPORTED_ALGORITHMS

public static final Set<JWEAlgorithm> SUPPORTED_ALGORITHMS

The supported JWE algorithms.

SUPPORTED_ENCRYPTION_METHODS

public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS

The supported encryption methods.

COMPATIBLE_ALGORITHMS

public static final Map<Integer,Set<JWEAlgorithm>> COMPATIBLE_ALGORITHMS

The JWE algorithms compatible with each key size.

keyEncryptionProvider

protected Provider keyEncryptionProvider

The JCA provider for the key encryption, null if not specified (implies default one).

contentEncryptionProvider

protected Provider contentEncryptionProvider

The JCA provider for the content encryption, null if not specified (implies default one).

macProvider

protected Provider macProvider

The JCA provider for the MAC computation, null if not specified (implies default one).

Constructor Detail

AESDecrypter

public AESDecrypter(SecretKey kek)

Creates a new AES decrypter.

Parameters:

kek - The Key Encrypting Key. Must be 128 bits (16 bytes), 192 bits (24 bytes) or 256 bits (32 bytes). Must not be null.

Throws:

IllegalArgumentException - If called with a null parameter or unsupported key length

AESDecrypter

public AESDecrypter(byte[] keyBytes)
             throws IllegalArgumentException

Creates a new AES decrypter.

Parameters:

keyBytes - The Key Encrypting Key, as a byte array. Must be 128 bits (16 bytes), 192 bits (24 bytes) or 256 bits (32 bytes). Must not be null.

Throws:

IllegalArgumentException - If called with a null parameter or unsupported key length

Method Detail

compatibleAlgorithms

public Set<JWEAlgorithm> compatibleAlgorithms()

Returns the JWK algorithms compatible with the key size.

Returns:

The set of compatible algorithms.

getKey

public SecretKey getKey()

Gets the Key Encrypting Key.

Returns:

The Key Encrypting Key.

getAcceptedAlgorithms

public Set<JWEAlgorithm> getAcceptedAlgorithms()

Description copied from interface: JWEDecrypter

Gets the names of the accepted JWE algorithms. These correspond to the alg JWE header parameter.

Specified by:

getAcceptedAlgorithms in interface JWEDecrypter

Returns:

The accepted JWE algorithms, as a read-only set, empty set if none.

See Also:

JWEDecrypter.setAcceptedAlgorithms(java.util.Set<com.nimbusds.jose.JWEAlgorithm>)

setAcceptedAlgorithms

public void setAcceptedAlgorithms(Set<JWEAlgorithm> acceptedAlgs)

Description copied from interface: JWEDecrypter

Sets the names of the accepted JWE algorithms. These correspond to the alg JWE header parameter.

For JWE decrypters that support multiple JWE algorithms this method can be used to indicate that only a subset should be accepted for processing.

Specified by:

setAcceptedAlgorithms in interface JWEDecrypter

Parameters:

acceptedAlgs - The accepted JWE algorithms. Must be a subset of the supported algorithms and not null.

getAcceptedEncryptionMethods

public Set<EncryptionMethod> getAcceptedEncryptionMethods()

Description copied from interface: JWEDecrypter

Gets the names of the accepted encryption methods. These correspond to the enc JWE header parameter.

Specified by:

getAcceptedEncryptionMethods in interface JWEDecrypter

Returns:

The accepted encryption methods, as a read-only set, empty set if none.

See Also:

JWEDecrypter.setAcceptedEncryptionMethods(java.util.Set<com.nimbusds.jose.EncryptionMethod>)

setAcceptedEncryptionMethods

public void setAcceptedEncryptionMethods(Set<EncryptionMethod> acceptedEncs)

Description copied from interface: JWEDecrypter

Sets the names of the accepted encryption methods. These correspond to the enc JWE header parameter.

For JWE decrypters that support multiple encryption methods this method can be used to indicate that only a subset should be accepted for processing.

Specified by:

setAcceptedEncryptionMethods in interface JWEDecrypter

Parameters:

acceptedEncs - The accepted encryption methods. Must be a subset of the supported encryption methods and not null.

getIgnoredCriticalHeaderParameters

public Set<String> getIgnoredCriticalHeaderParameters()

Description copied from interface: JWEDecrypter

Gets the names of the critical JWE header parameters to ignore. These are indicated by the crit header parameter. The JWE decrypter should not ignore critical headers by default.

Specified by:

getIgnoredCriticalHeaderParameters in interface JWEDecrypter

Returns:

The names of the critical JWS header parameters to ignore, empty or null if none.

setIgnoredCriticalHeaderParameters

public void setIgnoredCriticalHeaderParameters(Set<String> headers)

Description copied from interface: JWEDecrypter

Sets the names of the critical JWE header parameters to ignore. These are indicated by the crit header parameter. The JWE decrypter should not ignore critical headers by default. Use this setter to delegate processing of selected critical headers to the application.

Specified by:

setIgnoredCriticalHeaderParameters in interface JWEDecrypter

Parameters:

headers - The names of the critical JWS header parameters to ignore, empty or null if none.

decrypt

public byte[] decrypt(JWEHeader header,
             Base64URL encryptedKey,
             Base64URL iv,
             Base64URL cipherText,
             Base64URL authTag)
               throws JOSEException

Description copied from interface: JWEDecrypter

Decrypts the specified cipher text of a JWE Object.

Specified by:

decrypt in interface JWEDecrypter

Parameters:

header - The JSON Web Encryption (JWE) header. Must specify an accepted JWE algorithm, must contain only accepted header parameters, and must not be null.

encryptedKey - The encrypted key, null if not required by the JWE algorithm.

iv - The initialisation vector, null if not required by the JWE algorithm.

cipherText - The cipher text to decrypt. Must not be null.

authTag - The authentication tag, null if not required.

Returns:

The clear text.

Throws:

JOSEException - If the JWE algorithm is not accepted, if a header parameter is not accepted, or if decryption failed for some other reason.

supportedAlgorithms

public Set<JWEAlgorithm> supportedAlgorithms()

Description copied from interface: JWEAlgorithmProvider

Returns the names of the supported JWE algorithms. These correspond to the alg JWE header parameter.

Specified by:

supportedAlgorithms in interface JWEAlgorithmProvider

Returns:

The supported JWE algorithms, empty set if none.

supportedEncryptionMethods

public Set<EncryptionMethod> supportedEncryptionMethods()

Description copied from interface: JWEAlgorithmProvider

Returns the names of the supported encryption methods. These correspond to the enc JWE header parameter.

Specified by:

supportedEncryptionMethods in interface JWEAlgorithmProvider

Returns:

The supported encryption methods, empty set if none.

setProvider

public void setProvider(Provider provider)

Description copied from interface: AlgorithmProvider

Sets a specific JCA provider, to be used for all operations.

Specified by:

setProvider in interface AlgorithmProvider

Parameters:

provider - The JCA provider, or null to use the default one.

setKeyEncryptionProvider

public void setKeyEncryptionProvider(Provider provider)

Description copied from interface: JWEAlgorithmProvider

Sets a specific JCA provider for the key encryption.

Specified by:

setKeyEncryptionProvider in interface JWEAlgorithmProvider

Parameters:

provider - The JCA provider, or null to use the default one.

setContentEncryptionProvider

public void setContentEncryptionProvider(Provider provider)

Description copied from interface: JWEAlgorithmProvider

Sets a specific JCA provider for the content encryption.

Specified by:

setContentEncryptionProvider in interface JWEAlgorithmProvider

Parameters:

provider - The JCA provider, or null to use the default one.

setMACProvider

public void setMACProvider(Provider provider)

Description copied from interface: JWEAlgorithmProvider

Sets a specific JCA provider for MAC computation (where required by the JWE encryption method).

Specified by:

setMACProvider in interface JWEAlgorithmProvider

Parameters:

provider - The JCA provider, or null to use the default one.

setSecureRandom

public void setSecureRandom(SecureRandom randomGen)

Description copied from interface: JWEAlgorithmProvider

Sets a specific secure random generator for the initialisation vector and other purposes requiring a random number.

Specified by:

setSecureRandom in interface JWEAlgorithmProvider

Parameters:

randomGen - The secure random generator, or null to use the default one.

getSecureRandom

protected SecureRandom getSecureRandom()

Returns the secure random generator for this JWE provider.

Returns:

The secure random generator.