001package com.nimbusds.jose.proc; 002 003 004import java.security.Key; 005import java.util.List; 006 007import com.nimbusds.jose.JWEHeader; 008 009 010/** 011 * Interface for selecting key candidates for decrypting a JSON Web Encryption 012 * (JWE) object. Applications should utilise this interface or a similar 013 * framework to determine whether a received JWE object (or encrypted JWT) is 014 * eligible for {@link com.nimbusds.jose.JWEDecrypter decryption} and further 015 * processing. 016 * 017 * <p>The key selection should be based on application specific criteria, such 018 * as recognised header parameters referencing the key (e.g. {@code kid}, 019 * {@code x5t}) and / or the JWE object {@link SecurityContext}. 020 * 021 * <p>See JSON Web Signature (JWE), Appendix D. Notes on Key Selection for 022 * suggestions. 023 * 024 * <p>Possible key types: 025 * 026 * <ul> 027 * <li>{@link javax.crypto.SecretKey} for AES keys. 028 * <li>{@link java.security.interfaces.RSAPrivateKey} private RSA keys. 029 * <li>{@link java.security.interfaces.ECPrivateKey} private EC keys. 030 * </ul> 031 * 032 * @author Vladimir Dzhuvinov 033 * @version 2015-06-08 034 */ 035public interface JWEKeySelector <C extends SecurityContext> { 036 037 038 /** 039 * Selects key candidates for decrypting a JWE object. 040 * 041 * @param header The header of the JWE object. Must not be 042 * {@code null}. 043 * @param context Optional context of the JWE object, {@code null} if 044 * not required. 045 * 046 * @return The key candidates in trial order, empty list if none. 047 */ 048 List<? extends Key> selectJWEKeys(final JWEHeader header, final C context); 049}