Source code

001/*
002 * nimbus-jose-jwt
003 *
004 * Copyright 2012-2016, Connect2id Ltd and contributors.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.jose.crypto.impl;
019
020
021import java.util.Collections;
022import java.util.LinkedHashSet;
023import java.util.Set;
024import javax.crypto.SecretKey;
025
026import com.nimbusds.jose.EncryptionMethod;
027import com.nimbusds.jose.JWEAlgorithm;
028import com.nimbusds.jose.KeyLengthException;
029import com.nimbusds.jose.util.ByteUtils;
030
031
032/**
033 * The base abstract class for direct encrypters and decrypters of
034 * {@link com.nimbusds.jose.JWEObject JWE objects} with a shared symmetric key.
035 *
036 * <p>Supports the following key management algorithms:
037 *
038 * <ul>
039 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#DIR}
040 * </ul>
041 *
042 * <p>Supports the following content encryption algorithms:
043 *
044 * <ul>
045 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256}
046 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A192CBC_HS384}
047 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512}
048 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A128GCM}
049 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A192GCM}
050 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A256GCM}
051 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256_DEPRECATED}
052 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512_DEPRECATED}
053 * </ul>
054 * 
055 * @author Vladimir Dzhuvinov
056 * @version 2015-06-29
057 */
058public abstract class DirectCryptoProvider extends BaseJWEProvider {
059
060
061        /**
062         * The supported JWE algorithms by the direct crypto provider class.
063         */
064        public static final Set<JWEAlgorithm> SUPPORTED_ALGORITHMS;
065
066
067        /**
068         * The supported encryption methods by the direct crypto provider
069         * class.
070         */
071        public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS = ContentCryptoProvider.SUPPORTED_ENCRYPTION_METHODS;
072
073
074        static {
075                Set<JWEAlgorithm> algs = new LinkedHashSet<>();
076                algs.add(JWEAlgorithm.DIR);
077                SUPPORTED_ALGORITHMS = Collections.unmodifiableSet(algs);
078        }
079
080
081        /**
082         * Returns the compatible encryption methods for the specified Content
083         * Encryption Key (CEK) length.
084         *
085         * @param cekLength The CEK length in bits.
086         *
087         * @return The compatible encryption methods.
088         *
089         * @throws KeyLengthException If the CEK length is not compatible.
090         */
091        private static Set<EncryptionMethod> getCompatibleEncryptionMethods(final int cekLength)
092                throws KeyLengthException {
093
094                Set<EncryptionMethod> encs = ContentCryptoProvider.COMPATIBLE_ENCRYPTION_METHODS.get(cekLength);
095
096                if (encs == null) {
097                        throw new KeyLengthException("The Content Encryption Key length must be 128 bits (16 bytes), 192 bits (24 bytes), 256 bits (32 bytes), 384 bits (48 bytes) or 512 bites (64 bytes)");
098                }
099
100                return encs;
101        }
102
103
104        /**
105         * The Content Encryption Key (CEK).
106         */
107        private final SecretKey cek;
108
109
110        /**
111         * Creates a new direct encryption / decryption provider.
112         *
113         * @param cek The Content Encryption Key (CEK). Must be 128 bits (16
114         *            bytes), 192 bits (24 bytes), 256 bits (32 bytes), 384
115         *            bits (48 bytes) or 512 bits (64 bytes) long. Must not be
116         *            {@code null}.
117         *
118         * @throws KeyLengthException If the CEK length is not compatible.
119         */
120        protected DirectCryptoProvider(final SecretKey cek)
121                throws KeyLengthException {
122
123                super(SUPPORTED_ALGORITHMS, getCompatibleEncryptionMethods(ByteUtils.bitLength(cek.getEncoded())));
124
125                this.cek = cek;
126        }
127
128
129        /**
130         * Gets the Content Encryption Key (CEK).
131         *
132         * @return The key.
133         */
134        public SecretKey getKey() {
135
136                return cek;
137        }
138}