com.nimbusds.jose.proc

Interface JWEKeySelector<C extends SecurityContext>

All Known Implementing Classes:

JWEDecryptionKeySelector

public interface JWEKeySelector<C extends SecurityContext>

Interface for selecting key candidates for decrypting a JSON Web Encryption (JWE) object. Applications should utilise this interface or a similar framework to determine whether a received JWE object (or encrypted JWT) is eligible for decryption and further processing.

The key selection should be based on application specific criteria, such as recognised header parameters referencing the key (e.g. kid, x5t) and / or the JWE object SecurityContext.

See JSON Web Signature (JWE), Appendix D. Notes on Key Selection for suggestions.

Possible key types:

• SecretKey for AES keys.
• RSAPrivateKey private RSA keys.
• ECPrivateKey private EC keys.

Version:

2016-06-21

Author:

Vladimir Dzhuvinov

Method Summary

Modifier and Type	Method and Description
List<? extends Key>	selectJWEKeys(JWEHeader header, C context) Selects key candidates for decrypting a JWE object.

Method Detail

selectJWEKeys

List<? extends Key> selectJWEKeys(JWEHeader header,
                                  C context)
                           throws KeySourceException

Selects key candidates for decrypting a JWE object.

Parameters:

header - The header of the JWE object. Must not be null.

context - Optional context of the JWE object, null if not required.

Returns:

The key candidates in trial order, empty list if none.

Throws:

KeySourceException - If a key source exception is encountered, e.g. on remote JWK retrieval.