001package com.nimbusds.jose; 002 003 004import java.util.Collections; 005import java.util.Set; 006 007import net.jcip.annotations.ThreadSafe; 008 009 010/** 011 * JSON Web Encryption (JWE) header filter implementation. Intended to be 012 * incorporated by {@link JWEDecrypter} implementations. This class is 013 * thread-safe. 014 * 015 * @author Vladimir Dzhuvinov 016 * @version $version$ (2013-03-27) 017 */ 018@ThreadSafe 019public class DefaultJWEHeaderFilter extends DefaultHeaderFilter implements JWEHeaderFilter { 020 021 022 /** 023 * The supported algorithms. Used to bound the subset of the accepted 024 * ones. 025 */ 026 private final Set<JWEAlgorithm> algs; 027 028 029 /** 030 * The accepted algorithms. 031 */ 032 private Set<JWEAlgorithm> acceptedAlgs; 033 034 035 /** 036 * The supported encryption methods. Used to bound the subset of the 037 * accepted ones. 038 */ 039 private final Set<EncryptionMethod> encs; 040 041 042 /** 043 * The accepted encryption methods. 044 */ 045 private Set<EncryptionMethod> acceptedEncs; 046 047 048 /** 049 * Validates the specified accepted parameters. 050 * 051 * @param acceptedParams The accepted JWE header parameters. Must 052 * contain at least the {@code alg} and 053 * {@code enc} parameters. Must not be 054 * {@code null}. 055 * 056 * @throws IllegalArgumentException If the parameters didn't meet the 057 * validation criteria. 058 */ 059 private static void validateAcceptedParameters(final Set<String> acceptedParams) { 060 061 if (! acceptedParams.contains("alg") || ! acceptedParams.contains("enc")) { 062 063 throw new IllegalArgumentException("The accepted JWE header parameters set must include at least the \"alg\" and \"enc\" parameters"); 064 } 065 } 066 067 068 /** 069 * Creates a new JWE header filter. The accepted algorithms and 070 * encryption methods are set to equal the specified supported ones. 071 * The accepted header parameters are set to match 072 * {@link JWEHeader#getReservedParameterNames}. 073 * 074 * @param algs The supported JWE algorithms. Used to bound the 075 * {@link #setAcceptedAlgorithms accepted algorithms}. Must 076 * not be {@code null}. 077 * @param encs The supported encryption methods. Used to bound the 078 * {@link #setAcceptedEncryptionMethods accepted encryption 079 * methods}. Must not be {@code null}. 080 */ 081 public DefaultJWEHeaderFilter(final Set<JWEAlgorithm> algs, 082 final Set<EncryptionMethod> encs) { 083 084 this(algs, encs, JWEHeader.getReservedParameterNames()); 085 } 086 087 088 /** 089 * Creates a new JWE header filter. The accepted algorithms and 090 * encryption methods are set to equal the specified supported ones. 091 * 092 * @param algs The supported JWE algorithms. Used to bound 093 * the {@link #setAcceptedAlgorithms accepted 094 * algorithms}. Must not be {@code null}. 095 * @param encs The supported encryption methods. Used to 096 * bound the {@link #setAcceptedEncryptionMethods 097 * accepted encryption methods}. Must not be 098 * {@code null}. 099 * @param acceptedParams The accepted JWE header parameters. Must 100 * contain at least the {@code alg} and 101 * {@code enc} parameters. Must not be 102 * {@code null}. 103 */ 104 public DefaultJWEHeaderFilter(final Set<JWEAlgorithm> algs, 105 final Set<EncryptionMethod> encs, 106 final Set<String> acceptedParams) { 107 108 super(acceptedParams); 109 110 validateAcceptedParameters(acceptedParams); 111 112 if (algs == null) { 113 114 throw new IllegalArgumentException("The supported JWE algorithm set must not be null"); 115 } 116 117 this.algs = Collections.unmodifiableSet(algs); 118 119 // Initially the accepted set equals the supported set 120 acceptedAlgs = this.algs; 121 122 123 if (encs == null) { 124 125 throw new IllegalArgumentException("The supported encryption methods set must not be null"); 126 } 127 128 this.encs = Collections.unmodifiableSet(encs); 129 130 // Initially the accepted set equals the supported set 131 acceptedEncs = this.encs; 132 } 133 134 135 /** 136 * Returns the names of the supported JWE algorithms. Used to bound the 137 * {@link #setAcceptedAlgorithms accepted algorithms}. 138 * 139 * @return The supported JWE algorithms as a read-only set, empty set 140 * if none. 141 */ 142 public Set<JWEAlgorithm> supportedAlgorithms() { 143 144 return algs; 145 } 146 147 148 @Override 149 public Set<JWEAlgorithm> getAcceptedAlgorithms() { 150 151 return acceptedAlgs; 152 } 153 154 155 @Override 156 public void setAcceptedAlgorithms(final Set<JWEAlgorithm> acceptedAlgs) { 157 158 if (acceptedAlgs == null) { 159 160 throw new IllegalArgumentException("The accepted JWE algorithm set must not be null"); 161 } 162 163 if (! supportedAlgorithms().containsAll(acceptedAlgs)) { 164 165 throw new IllegalArgumentException("One or more of the JWE algorithms is not in the supported set"); 166 } 167 168 this.acceptedAlgs = Collections.unmodifiableSet(acceptedAlgs); 169 } 170 171 172 /** 173 * Returns the names of the supported encryption methods. Used to bound 174 * the {@link #setAcceptedEncryptionMethods accepted encryption 175 * methods}. 176 * 177 * @return The supported encryption methods as a read-only set, empty 178 * set if none. 179 */ 180 public Set<EncryptionMethod> supportedEncryptionMethods() { 181 182 return encs; 183 } 184 185 186 @Override 187 public Set<EncryptionMethod> getAcceptedEncryptionMethods() { 188 189 return acceptedEncs; 190 } 191 192 193 @Override 194 public void setAcceptedEncryptionMethods(final Set<EncryptionMethod> acceptedEncs) { 195 196 if (acceptedEncs == null) { 197 198 throw new IllegalArgumentException("The accepted encryption methods set must not be null"); 199 } 200 201 if (! encs.containsAll(acceptedEncs)) { 202 203 throw new IllegalArgumentException("One or more of the encryption methods is not in the supported set"); 204 } 205 206 this.acceptedEncs = Collections.unmodifiableSet(acceptedEncs); 207 208 } 209 210 211 @Override 212 public void setAcceptedParameters(final Set<String> acceptedParams) { 213 214 validateAcceptedParameters(acceptedParams); 215 216 super.setAcceptedParameters(acceptedParams); 217 } 218}