@ThreadSafe public class AESDecrypter extends Object implements JWEDecrypter, CriticalHeaderParamsAware
JWE
objects
. This class is thread-safe.
Supports the following key management algorithms:
JWEAlgorithm.A128KW
JWEAlgorithm.A192KW
JWEAlgorithm.A256KW
JWEAlgorithm.A128GCMKW
JWEAlgorithm.A192GCMKW
JWEAlgorithm.A256GCMKW
Supports the following content encryption algorithms:
Modifier and Type | Field and Description |
---|---|
static Map<Integer,Set<JWEAlgorithm>> |
COMPATIBLE_ALGORITHMS
The JWE algorithms compatible with each key size in bits.
|
static Set<JWEAlgorithm> |
SUPPORTED_ALGORITHMS
The supported JWE algorithms by the AES crypto provider class.
|
static Set<EncryptionMethod> |
SUPPORTED_ENCRYPTION_METHODS
The supported encryption methods by the AES crypto provider class.
|
Constructor and Description |
---|
AESDecrypter(byte[] keyBytes)
Creates a new AES decrypter.
|
AESDecrypter(OctetSequenceKey octJWK)
Creates a new AES decrypter.
|
AESDecrypter(SecretKey kek)
Creates a new AES decrypter.
|
AESDecrypter(SecretKey kek,
Set<String> defCritHeaders)
Creates a new AES decrypter.
|
Modifier and Type | Method and Description |
---|---|
byte[] |
decrypt(JWEHeader header,
Base64URL encryptedKey,
Base64URL iv,
Base64URL cipherText,
Base64URL authTag)
Decrypts the specified cipher text of a
JWE Object . |
Set<String> |
getDeferredCriticalHeaderParams()
Returns the names of the critical (
crit ) header parameters
that are deferred to the application for processing and will be
ignored by the JWS verifier / JWE decrypter. |
JWEJCAContext |
getJCAContext()
Returns the Java Cryptography Architecture (JCA) context.
|
SecretKey |
getKey()
Gets the Key Encryption Key (KEK).
|
Set<String> |
getProcessedCriticalHeaderParams()
Returns the names of the critical (
crit ) header parameters
that are understood and processed by the JWS verifier / JWE
decrypter. |
Set<EncryptionMethod> |
supportedEncryptionMethods()
Returns the names of the supported encryption methods by the JWE
provier.
|
Set<JWEAlgorithm> |
supportedJWEAlgorithms()
Returns the names of the supported algorithms by the JWE provider
instance.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
supportedEncryptionMethods, supportedJWEAlgorithms
getJCAContext
public static final Set<JWEAlgorithm> SUPPORTED_ALGORITHMS
public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS
public static final Map<Integer,Set<JWEAlgorithm>> COMPATIBLE_ALGORITHMS
public AESDecrypter(SecretKey kek) throws KeyLengthException
kek
- The Key Encrypting Key. Must be 128 bits (16 bytes), 192
bits (24 bytes) or 256 bits (32 bytes). Must not be
null
.KeyLengthException
- If the KEK length is invalid.public AESDecrypter(byte[] keyBytes) throws KeyLengthException
keyBytes
- The Key Encrypting Key, as a byte array. Must be 128
bits (16 bytes), 192 bits (24 bytes) or 256 bits (32
bytes). Must not be null
.KeyLengthException
- If the KEK length is invalid.public AESDecrypter(OctetSequenceKey octJWK) throws KeyLengthException
octJWK
- The Key Encryption Key, as a JWK. Must be 128 bits (16
bytes), 192 bits (24 bytes), 256 bits (32 bytes), 384
bits (48 bytes) or 512 bits (64 bytes) long. Must not
be null
.KeyLengthException
- If the KEK length is invalid.public AESDecrypter(SecretKey kek, Set<String> defCritHeaders) throws KeyLengthException
kek
- The Key Encrypting Key. Must be 128 bits (16
bytes), 192 bits (24 bytes) or 256 bits (32
bytes). Must not be null
.defCritHeaders
- The names of the critical header parameters
that are deferred to the application for
processing, empty set or null
if none.KeyLengthException
- If the KEK length is invalid.public Set<String> getProcessedCriticalHeaderParams()
CriticalHeaderParamsAware
crit
) header parameters
that are understood and processed by the JWS verifier / JWE
decrypter.getProcessedCriticalHeaderParams
in interface CriticalHeaderParamsAware
public Set<String> getDeferredCriticalHeaderParams()
CriticalHeaderParamsAware
crit
) header parameters
that are deferred to the application for processing and will be
ignored by the JWS verifier / JWE decrypter.getDeferredCriticalHeaderParams
in interface CriticalHeaderParamsAware
public byte[] decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) throws JOSEException
JWEDecrypter
JWE Object
.decrypt
in interface JWEDecrypter
header
- The JSON Web Encryption (JWE) header. Must
specify a supported JWE algorithm and method.
Must not be null
.encryptedKey
- The encrypted key, null
if not required
by the JWE algorithm.iv
- The initialisation vector, null
if not
required by the JWE algorithm.cipherText
- The cipher text to decrypt. Must not be
null
.authTag
- The authentication tag, null
if not
required.JOSEException
- If the JWE algorithm or method is not
supported, if a critical header parameter is
not supported or marked for deferral to the
application, or if decryption failed for some
other reason.public SecretKey getKey()
public Set<JWEAlgorithm> supportedJWEAlgorithms()
JWEProvider
alg
JWE header parameter.supportedJWEAlgorithms
in interface JWEProvider
public Set<EncryptionMethod> supportedEncryptionMethods()
JWEProvider
enc
JWE header parameter.supportedEncryptionMethods
in interface JWEProvider
public JWEJCAContext getJCAContext()
JCAAware
getJCAContext
in interface JCAAware<JWEJCAContext>
null
.Copyright © 2016 Connect2id Ltd.. All rights reserved.