@ThreadSafe public class AESDecrypter extends Object implements JWEDecrypter, CriticalHeaderParamsAware
JWE
objects
. Expects an AES key.
Unwraps the encrypted Content Encryption Key (CEK) with the specified AES key, and then uses the CEK along with the IV and authentication tag to decrypt the cipher text. See RFC 7518, sections 4.4 and 4.7 for more information.
This class is thread-safe.
Supports the following key management algorithms:
JWEAlgorithm.A128KW
JWEAlgorithm.A192KW
JWEAlgorithm.A256KW
JWEAlgorithm.A128GCMKW
JWEAlgorithm.A192GCMKW
JWEAlgorithm.A256GCMKW
Supports the following content encryption algorithms:
Modifier and Type | Field and Description |
---|---|
static Map<Integer,Set<JWEAlgorithm>> |
COMPATIBLE_ALGORITHMS
The JWE algorithms compatible with each key size in bits.
|
static Set<JWEAlgorithm> |
SUPPORTED_ALGORITHMS
The supported JWE algorithms by the AES crypto provider class.
|
static Set<EncryptionMethod> |
SUPPORTED_ENCRYPTION_METHODS
The supported encryption methods by the AES crypto provider class.
|
Constructor and Description |
---|
AESDecrypter(byte[] keyBytes)
Creates a new AES decrypter.
|
AESDecrypter(OctetSequenceKey octJWK)
Creates a new AES decrypter.
|
AESDecrypter(SecretKey kek)
Creates a new AES decrypter.
|
AESDecrypter(SecretKey kek,
Set<String> defCritHeaders)
Creates a new AES decrypter.
|
Modifier and Type | Method and Description |
---|---|
byte[] |
decrypt(JWEHeader header,
Base64URL encryptedKey,
Base64URL iv,
Base64URL cipherText,
Base64URL authTag)
Decrypts the specified cipher text of a
JWE Object . |
Set<String> |
getDeferredCriticalHeaderParams()
Returns the names of the critical (
crit ) header parameters
that are deferred to the application for processing and will be
ignored by the JWS verifier / JWE decrypter. |
JWEJCAContext |
getJCAContext()
Returns the Java Cryptography Architecture (JCA) context.
|
SecretKey |
getKey()
Gets the Key Encryption Key (KEK).
|
Set<String> |
getProcessedCriticalHeaderParams()
Returns the names of the critical (
crit ) header parameters
that are understood and processed by the JWS verifier / JWE
decrypter. |
Set<EncryptionMethod> |
supportedEncryptionMethods()
Returns the names of the supported encryption methods by the JWE
provier.
|
Set<JWEAlgorithm> |
supportedJWEAlgorithms()
Returns the names of the supported algorithms by the JWE provider
instance.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
supportedEncryptionMethods, supportedJWEAlgorithms
getJCAContext
public static final Set<JWEAlgorithm> SUPPORTED_ALGORITHMS
public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS
public static final Map<Integer,Set<JWEAlgorithm>> COMPATIBLE_ALGORITHMS
public AESDecrypter(SecretKey kek) throws KeyLengthException
kek
- The Key Encrypting Key. Must be 128 bits (16 bytes), 192
bits (24 bytes) or 256 bits (32 bytes). Must not be
null
.KeyLengthException
- If the KEK length is invalid.public AESDecrypter(byte[] keyBytes) throws KeyLengthException
keyBytes
- The Key Encrypting Key, as a byte array. Must be 128
bits (16 bytes), 192 bits (24 bytes) or 256 bits (32
bytes). Must not be null
.KeyLengthException
- If the KEK length is invalid.public AESDecrypter(OctetSequenceKey octJWK) throws KeyLengthException
octJWK
- The Key Encryption Key, as a JWK. Must be 128 bits (16
bytes), 192 bits (24 bytes), 256 bits (32 bytes), 384
bits (48 bytes) or 512 bits (64 bytes) long. Must not
be null
.KeyLengthException
- If the KEK length is invalid.public AESDecrypter(SecretKey kek, Set<String> defCritHeaders) throws KeyLengthException
kek
- The Key Encrypting Key. Must be 128 bits (16
bytes), 192 bits (24 bytes) or 256 bits (32
bytes). Must not be null
.defCritHeaders
- The names of the critical header parameters
that are deferred to the application for
processing, empty set or null
if none.KeyLengthException
- If the KEK length is invalid.public Set<String> getProcessedCriticalHeaderParams()
CriticalHeaderParamsAware
crit
) header parameters
that are understood and processed by the JWS verifier / JWE
decrypter.getProcessedCriticalHeaderParams
in interface CriticalHeaderParamsAware
public Set<String> getDeferredCriticalHeaderParams()
CriticalHeaderParamsAware
crit
) header parameters
that are deferred to the application for processing and will be
ignored by the JWS verifier / JWE decrypter.getDeferredCriticalHeaderParams
in interface CriticalHeaderParamsAware
public byte[] decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) throws JOSEException
JWEDecrypter
JWE Object
.decrypt
in interface JWEDecrypter
header
- The JSON Web Encryption (JWE) header. Must
specify a supported JWE algorithm and method.
Must not be null
.encryptedKey
- The encrypted key, null
if not required
by the JWE algorithm.iv
- The initialisation vector, null
if not
required by the JWE algorithm.cipherText
- The cipher text to decrypt. Must not be
null
.authTag
- The authentication tag, null
if not
required.JOSEException
- If the JWE algorithm or method is not
supported, if a critical header parameter is
not supported or marked for deferral to the
application, or if decryption failed for some
other reason.public SecretKey getKey()
public Set<JWEAlgorithm> supportedJWEAlgorithms()
JWEProvider
alg
JWE header parameter.supportedJWEAlgorithms
in interface JWEProvider
public Set<EncryptionMethod> supportedEncryptionMethods()
JWEProvider
enc
JWE header parameter.supportedEncryptionMethods
in interface JWEProvider
public JWEJCAContext getJCAContext()
JCAAware
getJCAContext
in interface JCAAware<JWEJCAContext>
null
.Copyright © 2017 Connect2id Ltd.. All rights reserved.