Class MultiEncrypter

    • Constructor Detail

      • MultiEncrypter

        public MultiEncrypter​(JWKSet keys,
                              SecretKey contentEncryptionKey)
                       throws KeyLengthException
        Creates a new multi-recipient encrypter.
        Parameters:
        keys - The keys to encrypt to. Must not be null.
        contentEncryptionKey - The content encryption key (CEK) to use. If specified its algorithm must be "AES" or "ChaCha20" and its length must match the expected for the JWE encryption method ("enc"). If null a CEK will be generated for each JWE.
        Throws:
        KeyLengthException - If the symmetric key length is not compatible.
    • Method Detail

      • encrypt

        @Deprecated
        public JWECryptoParts encrypt​(JWEHeader header,
                                      byte[] clearText)
                               throws JOSEException
        Deprecated.
        Encrypts the specified clear text of a JWE object.
        Parameters:
        header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.
        clearText - The clear text to encrypt. Must not be null.
        Returns:
        The resulting JWE crypto parts.
        Throws:
        JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.
      • encrypt

        public JWECryptoParts encrypt​(JWEHeader header,
                                      byte[] clearText,
                                      byte[] aad)
                               throws JOSEException
        Description copied from interface: JWEEncrypter
        Encrypts the specified clear text of a JWE object.
        Specified by:
        encrypt in interface JWEEncrypter
        Parameters:
        header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.
        clearText - The clear text to encrypt. Must not be null.
        aad - The additional authenticated data. Must not be null.
        Returns:
        The resulting JWE crypto parts.
        Throws:
        JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.
      • supportedJWEAlgorithms

        public Set<JWEAlgorithm> supportedJWEAlgorithms()
        Description copied from interface: JWEProvider
        Returns the names of the supported algorithms by the JWE provider instance. These correspond to the alg JWE header parameter.
        Specified by:
        supportedJWEAlgorithms in interface JWEProvider
        Returns:
        The supported JWE algorithms, empty set if none.
      • supportedEncryptionMethods

        public Set<EncryptionMethod> supportedEncryptionMethods()
        Description copied from interface: JWEProvider
        Returns the names of the supported encryption methods by the JWE provier. These correspond to the enc JWE header parameter.
        Specified by:
        supportedEncryptionMethods in interface JWEProvider
        Returns:
        The supported encryption methods, empty set if none.
      • getJCAContext

        public JWEJCAContext getJCAContext()
        Description copied from interface: JCAAware
        Returns the Java Cryptography Architecture (JCA) context. May be used to set a specific JCA security provider or secure random generator.
        Specified by:
        getJCAContext in interface JCAAware<JWEJCAContext>
        Returns:
        The JCA context. Not null.
      • isCEKProvided

        protected boolean isCEKProvided()
        Returns true if a content encryption key (CEK) was provided at construction time.
        Returns:
        true if a CEK was provided at construction time, false if CEKs will be internally generated.
      • getCEK

        protected SecretKey getCEK​(EncryptionMethod enc)
                            throws JOSEException
        Returns the content encryption key (CEK) to use. Unless a CEK was provided at construction time this will be a new internally generated CEK.
        Parameters:
        enc - The encryption method. Must not be null.
        Returns:
        The content encryption key (CEK).
        Throws:
        JOSEException - If an internal exception is encountered.