001/* 002 * nimbus-jose-jwt 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.jose.crypto.impl; 019 020 021import java.security.Provider; 022 023import com.nimbusds.jose.JOSEException; 024import com.nimbusds.jose.JWEAlgorithm; 025import net.jcip.annotations.Immutable; 026 027 028/** 029 * Pseudo-Random Function (PRF) parameters, intended for use in the Password- 030 * Based Key Derivation Function 2 (PBKDF2). 031 * 032 * @author Vladimir Dzhuvinov 033 * @version 2015-05-26 034 */ 035@Immutable 036public final class PRFParams { 037 038 039 /** 040 * The JCA MAC algorithm name. 041 */ 042 private final String jcaMacAlg; 043 044 045 /** 046 * The JCA MAC provider, {@code null} to use the default one. 047 */ 048 private final Provider macProvider; 049 050 051 /** 052 * The byte length of the key to derive. 053 */ 054 private final int dkLen; 055 056 057 /** 058 * Creates a new pseudo-random function parameters instance. 059 * 060 * @param jcaMacAlg The JCA MAC algorithm name. Must not be 061 * {@code null}. 062 * @param macProvider The JCA MAC provider, {@code null} to use the 063 * default one. 064 * @param dkLen The byte length of the key to derive. 065 066 */ 067 public PRFParams(String jcaMacAlg, Provider macProvider, int dkLen) { 068 this.jcaMacAlg = jcaMacAlg; 069 this.macProvider = macProvider; 070 this.dkLen = dkLen; 071 } 072 073 074 /** 075 * Returns the JCA MAC algorithm name. 076 * 077 * @return The JCA MAC algorithm name. 078 */ 079 public String getMACAlgorithm() { 080 081 return jcaMacAlg; 082 } 083 084 085 /** 086 * Returns the JCA MAC provider. 087 * 088 * @return The JCA MAC provider, {@code null} to use the default one. 089 */ 090 public Provider getMacProvider() { 091 092 return macProvider; 093 } 094 095 096 /** 097 * Returns the byte length of the key to derive. 098 * 099 * @return The byte length of the key to derive. 100 */ 101 public int getDerivedKeyByteLength() { 102 103 return dkLen; 104 } 105 106 107 /** 108 * Resolves the Pseudo-Random Function (PRF) parameters for the 109 * specified PBES2 JWE algorithm. 110 * 111 * @param alg The JWE algorithm. Must be supported and not 112 * {@code null}. 113 * @param macProvider The specific MAC JCA provider, {@code null} to 114 * use the default one. 115 * 116 * @return The PRF parameters. 117 * 118 * @throws JOSEException If the JWE algorithm is not supported. 119 */ 120 public static PRFParams resolve(final JWEAlgorithm alg, 121 final Provider macProvider) 122 throws JOSEException { 123 124 final String jcaMagAlg; 125 final int dkLen; 126 127 if (JWEAlgorithm.PBES2_HS256_A128KW.equals(alg)) { 128 jcaMagAlg = "HmacSHA256"; 129 dkLen = 16; 130 } else if (JWEAlgorithm.PBES2_HS384_A192KW.equals(alg)) { 131 jcaMagAlg = "HmacSHA384"; 132 dkLen = 24; 133 } else if (JWEAlgorithm.PBES2_HS512_A256KW.equals(alg)) { 134 jcaMagAlg = "HmacSHA512"; 135 dkLen = 32; 136 } else { 137 throw new JOSEException(AlgorithmSupportMessage.unsupportedJWEAlgorithm( 138 alg, 139 PasswordBasedCryptoProvider.SUPPORTED_ALGORITHMS)); 140 } 141 142 return new PRFParams(jcaMagAlg, macProvider, dkLen); 143 } 144}