Source code

001/*
002 * nimbus-jose-jwt
003 *
004 * Copyright 2012-2016, Connect2id Ltd and contributors.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.jose.crypto.impl;
019
020
021import java.util.Collections;
022import java.util.HashMap;
023import java.util.HashSet;
024import java.util.LinkedHashSet;
025import java.util.Map;
026import java.util.Set;
027import javax.crypto.SecretKey;
028
029import com.nimbusds.jose.EncryptionMethod;
030import com.nimbusds.jose.JWEAlgorithm;
031import com.nimbusds.jose.KeyLengthException;
032import com.nimbusds.jose.jwk.Curve;
033
034
035/**
036 * The base abstract class for multi-recipient encrypters and decrypters of
037 * {@link com.nimbusds.jose.JWEObjectJSON JWE objects} with a shared symmetric
038 * key.
039 *
040 * <p>Supports the following key management algorithms:
041 *
042 * <ul>
043 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#A128KW}
044 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#A192KW}
045 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#A256KW}
046 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#A128GCMKW}
047 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#A192GCMKW}
048 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#A256GCMKW}
049 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#DIR}
050 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES}
051 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES_A128KW}
052 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES_A192KW}
053 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES_A256KW}
054 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#RSA_OAEP_256}
055 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#RSA_OAEP_384}
056 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#RSA_OAEP_512}
057 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#RSA_OAEP} (deprecated)
058 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#RSA1_5} (deprecated)
059 * </ul>
060 *
061 * <p>Supports the following elliptic curves:
062 *
063 * <ul>
064 *     <li>{@link com.nimbusds.jose.jwk.Curve#P_256}
065 *     <li>{@link com.nimbusds.jose.jwk.Curve#P_384}
066 *     <li>{@link com.nimbusds.jose.jwk.Curve#P_521}
067 *     <li>{@link com.nimbusds.jose.jwk.Curve#X25519} (Curve25519)
068 * </ul>
069 *
070 * <p>Supports the following content encryption algorithms:
071 *
072 * <ul>
073 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256}
074 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A192CBC_HS384}
075 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512}
076 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A128GCM}
077 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A192GCM}
078 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A256GCM}
079 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256_DEPRECATED}
080 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512_DEPRECATED}
081 *     <li>{@link com.nimbusds.jose.EncryptionMethod#XC20P}
082 * </ul>
083 * 
084 * @version 2023-03-24
085 */
086public abstract class MultiCryptoProvider extends BaseJWEProvider {
087
088
089        /**
090         * The supported JWE algorithms by the direct crypto provider class.
091         */
092        public static final Set<JWEAlgorithm> SUPPORTED_ALGORITHMS;
093
094
095        /**
096         * The supported encryption methods by the direct crypto provider
097         * class.
098         */
099        public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS = ContentCryptoProvider.SUPPORTED_ENCRYPTION_METHODS;
100
101
102        /**
103         * The JWE algorithms compatible with each key size in bits.
104         */
105        public static final Map<Integer,Set<JWEAlgorithm>> COMPATIBLE_ALGORITHMS;
106
107
108        /**
109         * The supported EC JWK curves by the ECDH crypto provider class.
110         */
111        public static final Set<Curve> SUPPORTED_ELLIPTIC_CURVES;
112
113
114        static {
115                Set<JWEAlgorithm> algs = new LinkedHashSet<>();
116                algs.add(null);
117                algs.add(JWEAlgorithm.A128KW);
118                algs.add(JWEAlgorithm.A192KW);
119                algs.add(JWEAlgorithm.A256KW);
120                algs.add(JWEAlgorithm.A128GCMKW);
121                algs.add(JWEAlgorithm.A192GCMKW);
122                algs.add(JWEAlgorithm.A256GCMKW);
123                algs.add(JWEAlgorithm.DIR);
124                algs.add(JWEAlgorithm.ECDH_ES_A128KW);
125                algs.add(JWEAlgorithm.ECDH_ES_A192KW);
126                algs.add(JWEAlgorithm.ECDH_ES_A256KW);
127                algs.add(JWEAlgorithm.RSA1_5);
128                algs.add(JWEAlgorithm.RSA_OAEP);
129                algs.add(JWEAlgorithm.RSA_OAEP_256);
130                algs.add(JWEAlgorithm.RSA_OAEP_384);
131                algs.add(JWEAlgorithm.RSA_OAEP_512);
132                SUPPORTED_ALGORITHMS = Collections.unmodifiableSet(algs);
133
134                Map<Integer,Set<JWEAlgorithm>> algsMap = new HashMap<>();
135                Set<JWEAlgorithm> bit128Algs = new HashSet<>();
136                Set<JWEAlgorithm> bit192Algs = new HashSet<>();
137                Set<JWEAlgorithm> bit256Algs = new HashSet<>();
138                bit128Algs.add(JWEAlgorithm.A128GCMKW);
139                bit128Algs.add(JWEAlgorithm.A128KW);
140                bit192Algs.add(JWEAlgorithm.A192GCMKW);
141                bit192Algs.add(JWEAlgorithm.A192KW);
142                bit256Algs.add(JWEAlgorithm.A256GCMKW);
143                bit256Algs.add(JWEAlgorithm.A256KW);
144                algsMap.put(128,Collections.unmodifiableSet(bit128Algs));
145                algsMap.put(192,Collections.unmodifiableSet(bit192Algs));
146                algsMap.put(256,Collections.unmodifiableSet(bit256Algs));
147                COMPATIBLE_ALGORITHMS = Collections.unmodifiableMap(algsMap);
148
149                Set<Curve> curves = new LinkedHashSet<>();
150                curves.add(Curve.P_256);
151                curves.add(Curve.P_384);
152                curves.add(Curve.P_521);
153                curves.add(Curve.X25519);
154                SUPPORTED_ELLIPTIC_CURVES = Collections.unmodifiableSet(curves);
155        }
156
157
158        /**
159         * Returns the names of the supported elliptic curves. These correspond
160         * to the {@code crv} EC JWK parameter.
161         *
162         * @return The supported elliptic curves.
163         */
164        public Set<Curve> supportedEllipticCurves() {
165
166                return SUPPORTED_ELLIPTIC_CURVES;
167        }
168
169
170        /**
171         * Creates a new multi-recipient encryption / decryption provider.
172         *
173         * @param cek The Content Encryption Key (CEK). Must be 128 bits (16
174         *            bytes), 192 bits (24 bytes), 256 bits (32 bytes), 384
175         *            bits (48 bytes) or 512 bits (64 bytes) long. Must not be
176         *            {@code null}.
177         *
178         * @throws KeyLengthException If the CEK length is not compatible.
179         */
180        protected MultiCryptoProvider(final SecretKey cek)
181                throws KeyLengthException {
182
183                super(SUPPORTED_ALGORITHMS, ContentCryptoProvider.SUPPORTED_ENCRYPTION_METHODS, cek);
184        }
185}