Source code

001/*
002 * nimbus-jose-jwt
003 *
004 * Copyright 2012-2016, Connect2id Ltd and contributors.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.jose.crypto.impl;
019
020
021import java.nio.ByteBuffer;
022import java.nio.charset.StandardCharsets;
023
024import com.nimbusds.jose.JWEHeader;
025import com.nimbusds.jose.util.Base64URL;
026import com.nimbusds.jose.util.ByteUtils;
027import com.nimbusds.jose.util.IntegerOverflowException;
028
029
030/**
031 * Additional authenticated data (AAD).
032 *
033 * <p>See RFC 7518 (JWA), section 5.1, point 14.
034 *
035 * @author Vladimir Dzhuvinov
036 * @version 2017-06-01
037 */
038public class AAD {
039
040
041        /**
042         * Computes the Additional Authenticated Data (AAD) for the specified
043         * JWE header.
044         *
045         * @param jweHeader The JWE header. Must not be {@code null}.
046         *
047         * @return The AAD.
048         */
049        public static byte[] compute(final JWEHeader jweHeader) {
050
051                return compute(jweHeader.toBase64URL());
052        }
053
054
055        /**
056         * Computes the Additional Authenticated Data (AAD) for the specified
057         * BASE64URL-encoded JWE header.
058         *
059         * @param encodedJWEHeader The BASE64URL-encoded JWE header. Must not
060         *                         be {@code null}.
061         *
062         * @return The AAD.
063         */
064        public static byte[] compute(final Base64URL encodedJWEHeader) {
065
066                return encodedJWEHeader.toString().getBytes(StandardCharsets.US_ASCII);
067        }
068
069
070        /**
071         * Computes the bit length of the specified Additional Authenticated
072         * Data (AAD). Used in AES/CBC/PKCS5Padding/HMAC-SHA2 encryption.
073         *
074         * @param aad The Additional Authenticated Data (AAD). Must not be
075         *            {@code null}.
076         *
077         * @return The computed AAD bit length, as a 64 bit big-endian
078         *         representation (8 byte array).
079         *
080         * @throws IntegerOverflowException On a integer overflow.
081         */
082        public static byte[] computeLength(final byte[] aad)
083                throws IntegerOverflowException {
084
085                final int bitLength = ByteUtils.safeBitLength(aad);
086                return ByteBuffer.allocate(8).putLong(bitLength).array();
087        }
088}