Package com.nimbusds.jose.crypto.impl

Class ContentCryptoProvider

java.lang.Object

com.nimbusds.jose.crypto.impl.ContentCryptoProvider

public class ContentCryptoProvider
extends Object

JWE content encryption / decryption provider.

Version:

2022-09-20

Author:

Vladimir Dzhuvinov

Field Summary

Fields

Modifier and Type	Field	Description
static Map<Integer,Set<EncryptionMethod>>	COMPATIBLE_ENCRYPTION_METHODS	The encryption methods compatible with each key size in bits.
static Set<EncryptionMethod>	SUPPORTED_ENCRYPTION_METHODS	The supported encryption methods.

Constructor Summary

Constructors

Constructor	Description
ContentCryptoProvider()

Method Summary

Modifier and Type	Method	Description
static byte[]	decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag, SecretKey cek, JWEJCAContext jcaProvider)	Decrypts the specified cipher text.
static JWECryptoParts	encrypt(JWEHeader header, byte[] clearText, SecretKey cek, Base64URL encryptedKey, JWEJCAContext jcaProvider)	Encrypts the specified clear text (content).
static SecretKey	generateCEK(EncryptionMethod enc, SecureRandom randomGen)	Generates a Content Encryption Key (CEK) for the specified JOSE encryption method.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SUPPORTED_ENCRYPTION_METHODS

public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS

The supported encryption methods.

COMPATIBLE_ENCRYPTION_METHODS

public static final Map<Integer,Set<EncryptionMethod>> COMPATIBLE_ENCRYPTION_METHODS

The encryption methods compatible with each key size in bits.

Constructor Detail

ContentCryptoProvider

public ContentCryptoProvider()

Method Detail

generateCEK

public static SecretKey generateCEK(EncryptionMethod enc,
                                    SecureRandom randomGen)
                             throws JOSEException

Generates a Content Encryption Key (CEK) for the specified JOSE encryption method.

Parameters:

enc - The encryption method. Must not be null.

randomGen - The secure random generator to use. Must not be null.

Returns:

The generated CEK (with algorithm "AES").

Throws:

JOSEException - If the encryption method is not supported.

encrypt

public static JWECryptoParts encrypt(JWEHeader header,
                                     byte[] clearText,
                                     SecretKey cek,
                                     Base64URL encryptedKey,
                                     JWEJCAContext jcaProvider)
                              throws JOSEException

Encrypts the specified clear text (content).

Parameters:

header - The final JWE header. Must not be null.

clearText - The clear text to encrypt and optionally compress. Must not be null.

cek - The Content Encryption Key (CEK). Must not be null.

encryptedKey - The encrypted CEK, null if not required.

jcaProvider - The JWE JCA provider specification. Must not be null.

Returns:

The JWE crypto parts.

Throws:

JOSEException - If encryption failed.

decrypt

public static byte[] decrypt(JWEHeader header,
                             Base64URL encryptedKey,
                             Base64URL iv,
                             Base64URL cipherText,
                             Base64URL authTag,
                             SecretKey cek,
                             JWEJCAContext jcaProvider)
                      throws JOSEException

Decrypts the specified cipher text.

Parameters:

header - The JWE header. Must not be null.

encryptedKey - The encrypted key, null if not specified.

iv - The initialisation vector (IV). Must not be null.

cipherText - The cipher text. Must not be null.

authTag - The authentication tag. Must not be null.

cek - The Content Encryption Key (CEK). Must not be null.

jcaProvider - The JWE JCA provider specification. Must not be null.

Returns:

The clear text.

Throws:

JOSEException - If decryption failed.