001/* 002 * nimbus-jose-jwt 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.jose.crypto.impl; 019 020 021import java.security.Provider; 022import java.util.Objects; 023 024import com.nimbusds.jose.JOSEException; 025import com.nimbusds.jose.JWEAlgorithm; 026import net.jcip.annotations.Immutable; 027 028 029/** 030 * Pseudo-Random Function (PRF) parameters, intended for use in the Password- 031 * Based Key Derivation Function 2 (PBKDF2). 032 * 033 * @author Vladimir Dzhuvinov 034 * @version 2024-09-10 035 */ 036@Immutable 037public final class PRFParams { 038 039 040 /** 041 * The JCA MAC algorithm name. 042 */ 043 private final String jcaMacAlg; 044 045 046 /** 047 * The JCA MAC provider, {@code null} to use the default one. 048 */ 049 private final Provider macProvider; 050 051 052 /** 053 * The byte length of the key to derive. 054 */ 055 private final int dkLen; 056 057 058 /** 059 * Creates a new pseudo-random function parameters instance. 060 * 061 * @param jcaMacAlg The JCA MAC algorithm name. Must not be 062 * {@code null}. 063 * @param macProvider The JCA MAC provider, {@code null} to use the 064 * default one. 065 * @param dkLen The byte length of the key to derive. 066 067 */ 068 public PRFParams(final String jcaMacAlg, final Provider macProvider, final int dkLen) { 069 this.jcaMacAlg = Objects.requireNonNull(jcaMacAlg); 070 this.macProvider = macProvider; 071 this.dkLen = dkLen; 072 } 073 074 075 /** 076 * Returns the JCA MAC algorithm name. 077 * 078 * @return The JCA MAC algorithm name. 079 */ 080 public String getMACAlgorithm() { 081 082 return jcaMacAlg; 083 } 084 085 086 /** 087 * Returns the JCA MAC provider. 088 * 089 * @return The JCA MAC provider, {@code null} to use the default one. 090 */ 091 public Provider getMacProvider() { 092 093 return macProvider; 094 } 095 096 097 /** 098 * Returns the byte length of the key to derive. 099 * 100 * @return The byte length of the key to derive. 101 */ 102 public int getDerivedKeyByteLength() { 103 104 return dkLen; 105 } 106 107 108 /** 109 * Resolves the Pseudo-Random Function (PRF) parameters for the 110 * specified PBES2 JWE algorithm. 111 * 112 * @param alg The JWE algorithm. Must be supported and not 113 * {@code null}. 114 * @param macProvider The specific MAC JCA provider, {@code null} to 115 * use the default one. 116 * 117 * @return The PRF parameters. 118 * 119 * @throws JOSEException If the JWE algorithm is not supported. 120 */ 121 public static PRFParams resolve(final JWEAlgorithm alg, final Provider macProvider) 122 throws JOSEException { 123 124 final String jcaMagAlg; 125 final int dkLen; 126 127 if (JWEAlgorithm.PBES2_HS256_A128KW.equals(alg)) { 128 jcaMagAlg = "HmacSHA256"; 129 dkLen = 16; 130 } else if (JWEAlgorithm.PBES2_HS384_A192KW.equals(alg)) { 131 jcaMagAlg = "HmacSHA384"; 132 dkLen = 24; 133 } else if (JWEAlgorithm.PBES2_HS512_A256KW.equals(alg)) { 134 jcaMagAlg = "HmacSHA512"; 135 dkLen = 32; 136 } else { 137 throw new JOSEException(AlgorithmSupportMessage.unsupportedJWEAlgorithm( 138 alg, 139 PasswordBasedCryptoProvider.SUPPORTED_ALGORITHMS)); 140 } 141 142 return new PRFParams(jcaMagAlg, macProvider, dkLen); 143 } 144}