com.nimbusds.jose.crypto

Class DirectDecrypter

java.lang.Object

com.nimbusds.jose.crypto.DirectDecrypter

All Implemented Interfaces:

JWEAlgorithmProvider, JWEDecrypter

public class DirectDecrypter
extends Object
implements JWEDecrypter

Direct decrypter of JWE objects with a shared symmetric key. This class is thread-safe.

Supports the following JWE algorithms:

• JWEAlgorithm.DIR

Supports the following encryption methods:

• EncryptionMethod.A128CBC_HS256
• EncryptionMethod.A256CBC_HS512
• EncryptionMethod.A128GCM
• EncryptionMethod.A256GCM

Accepts all reserved JWE header parameters. Modify the header filter properties to restrict the acceptable JWE algorithms, encryption methods and header parameters, or to allow custom JWE header parameters.

Version:

$version$ (2013-05-29)

Author:

Vladimir Dzhuvinov

Field Summary

Fields

Modifier and Type	Field and Description
static Set<JWEAlgorithm>	SUPPORTED_ALGORITHMS The supported JWE algorithms.
static Set<EncryptionMethod>	SUPPORTED_ENCRYPTION_METHODS The supported encryption methods.

Constructor Summary

Constructors

Constructor and Description
DirectDecrypter(byte[] keyBytes) Creates a new direct decrypter.
DirectDecrypter(SecretKey key) Creates a new direct decrypter.

Method Summary

Methods

Modifier and Type	Method and Description
byte[]	decrypt(ReadOnlyJWEHeader readOnlyJWEHeader, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) Decrypts the specified cipher text of a JWE Object.
JWEHeaderFilter	getJWEHeaderFilter() Gets the JWE header filter associated with the decrypter.
SecretKey	getKey() Gets the shared symmetric key.
Set<JWEAlgorithm>	supportedAlgorithms() Returns the names of the supported JWE algorithms.
Set<EncryptionMethod>	supportedEncryptionMethods() Returns the names of the supported encryption methods.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.nimbusds.jose.JWEAlgorithmProvider

supportedAlgorithms, supportedEncryptionMethods

Field Detail

SUPPORTED_ALGORITHMS

public static final Set<JWEAlgorithm> SUPPORTED_ALGORITHMS

The supported JWE algorithms.

SUPPORTED_ENCRYPTION_METHODS

public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS

The supported encryption methods.

Constructor Detail

DirectDecrypter

public DirectDecrypter(SecretKey key)
                throws JOSEException

Creates a new direct decrypter.

Parameters:

key - The shared symmetric key. Its algorithm must be "AES". Must be 128 bits (16 bytes), 256 bits (32 bytes) or 512 bits (64 bytes) long. Must not be null.

Throws:

JOSEException - If the key length is unexpected.

DirectDecrypter

public DirectDecrypter(byte[] keyBytes)
                throws JOSEException

Creates a new direct decrypter.

Parameters:

keyBytes - The shared symmetric key, as a byte array. Must be 128 bits (16 bytes), 256 bits (32 bytes) or 512 bits (64 bytes) long. Must not be null.

Throws:

JOSEException - If the key length is unexpected.

Method Detail

getJWEHeaderFilter

public JWEHeaderFilter getJWEHeaderFilter()

Description copied from interface: JWEDecrypter

Gets the JWE header filter associated with the decrypter. Specifies the names of those supported JWE algorithms and header parameters that the decrypter is configured to accept.

Attempting to decrypt a JWE object with an algorithm or header parameter that is not accepted must result in a JOSEException.

Specified by:

getJWEHeaderFilter in interface JWEDecrypter

Returns:

The JWE header filter.

decrypt

public byte[] decrypt(ReadOnlyJWEHeader readOnlyJWEHeader,
             Base64URL encryptedKey,
             Base64URL iv,
             Base64URL cipherText,
             Base64URL authTag)
               throws JOSEException

Description copied from interface: JWEDecrypter

Decrypts the specified cipher text of a JWE Object.

Specified by:

decrypt in interface JWEDecrypter

Parameters:

readOnlyJWEHeader - The JSON Web Encryption (JWE) header. Must specify an accepted JWE algorithm, must contain only accepted header parameters, and must not be null.

encryptedKey - The encrypted key, null if not required by the JWE algorithm.

iv - The initialisation vector, null if not required by the JWE algorithm.

cipherText - The cipher text to decrypt. Must not be null.

authTag - The authentication tag, null if not required.

Returns:

The clear text.

Throws:

JOSEException - If the JWE algorithm is not accepted, if a header parameter is not accepted, or if decryption failed for some other reason.

getKey

public SecretKey getKey()

Gets the shared symmetric key.

Returns:

The key.

supportedAlgorithms

public Set<JWEAlgorithm> supportedAlgorithms()

Description copied from interface: JWEAlgorithmProvider

Returns the names of the supported JWE algorithms. These correspond to the alg JWE header parameter.

Specified by:

supportedAlgorithms in interface JWEAlgorithmProvider

Returns:

The supported JWE algorithms, empty set if none.

supportedEncryptionMethods

public Set<EncryptionMethod> supportedEncryptionMethods()

Description copied from interface: JWEAlgorithmProvider

Returns the names of the supported encryption methods. These correspond to the enc JWE header parameter.

Specified by:

supportedEncryptionMethods in interface JWEAlgorithmProvider

Returns:

The supported encryption methods, empty set if none.