Package com.nimbusds.jose.crypto.impl
Class AESCryptoProvider
- java.lang.Object
-
- com.nimbusds.jose.crypto.impl.AESCryptoProvider
-
- All Implemented Interfaces:
JCAAware<JWEJCAContext>
,JOSEProvider
,JWEProvider
- Direct Known Subclasses:
AESDecrypter
,AESEncrypter
public abstract class AESCryptoProvider extends Object
The base abstract class for AES and AES GCM key wrap encrypters and decrypters ofJWE objects
.Supports the following key management algorithms:
JWEAlgorithm.A128KW
JWEAlgorithm.A192KW
JWEAlgorithm.A256KW
JWEAlgorithm.A128GCMKW
JWEAlgorithm.A192GCMKW
JWEAlgorithm.A256GCMKW
Supports the following content encryption algorithms:
- Version:
- 2015-06-29
- Author:
- Melisa Halsband, Vladimir Dzhuvinov
-
-
Field Summary
Fields Modifier and Type Field Description static Map<Integer,Set<JWEAlgorithm>>
COMPATIBLE_ALGORITHMS
The JWE algorithms compatible with each key size in bits.static Set<JWEAlgorithm>
SUPPORTED_ALGORITHMS
The supported JWE algorithms by the AES crypto provider class.static Set<EncryptionMethod>
SUPPORTED_ENCRYPTION_METHODS
The supported encryption methods by the AES crypto provider class.
-
Constructor Summary
Constructors Modifier Constructor Description protected
AESCryptoProvider(SecretKey kek, SecretKey cek)
Creates a new AES encryption / decryption provider.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected SecretKey
getCEK(EncryptionMethod enc)
Returns the content encryption key (CEK) to use.JWEJCAContext
getJCAContext()
Returns the Java Cryptography Architecture (JCA) context.SecretKey
getKey()
Gets the Key Encryption Key (KEK).protected boolean
isCEKProvided()
Returnstrue
if a content encryption key (CEK) was provided at construction time.Set<EncryptionMethod>
supportedEncryptionMethods()
Returns the names of the supported encryption methods by the JWE provier.Set<JWEAlgorithm>
supportedJWEAlgorithms()
Returns the names of the supported algorithms by the JWE provider instance.
-
-
-
Field Detail
-
SUPPORTED_ALGORITHMS
public static final Set<JWEAlgorithm> SUPPORTED_ALGORITHMS
The supported JWE algorithms by the AES crypto provider class.
-
SUPPORTED_ENCRYPTION_METHODS
public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS
The supported encryption methods by the AES crypto provider class.
-
COMPATIBLE_ALGORITHMS
public static final Map<Integer,Set<JWEAlgorithm>> COMPATIBLE_ALGORITHMS
The JWE algorithms compatible with each key size in bits.
-
-
Constructor Detail
-
AESCryptoProvider
protected AESCryptoProvider(SecretKey kek, SecretKey cek) throws KeyLengthException
Creates a new AES encryption / decryption provider.- Parameters:
kek
- The Key Encryption Key. Must be 128 bits (16 bytes), 192 bits (24 bytes) or 256 bits (32 bytes). Must not benull
.cek
- The content encryption key (CEK) to use. If specified its algorithm must be "AES" or "ChaCha20" and its length must match the expected for the JWE encryption method ("enc"). Ifnull
a CEK will be generated for each JWE.- Throws:
KeyLengthException
- If the KEK length is invalid.
-
-
Method Detail
-
getKey
public SecretKey getKey()
Gets the Key Encryption Key (KEK).- Returns:
- The Key Encryption Key.
-
supportedJWEAlgorithms
public Set<JWEAlgorithm> supportedJWEAlgorithms()
Description copied from interface:JWEProvider
Returns the names of the supported algorithms by the JWE provider instance. These correspond to thealg
JWE header parameter.- Specified by:
supportedJWEAlgorithms
in interfaceJWEProvider
- Returns:
- The supported JWE algorithms, empty set if none.
-
supportedEncryptionMethods
public Set<EncryptionMethod> supportedEncryptionMethods()
Description copied from interface:JWEProvider
Returns the names of the supported encryption methods by the JWE provier. These correspond to theenc
JWE header parameter.- Specified by:
supportedEncryptionMethods
in interfaceJWEProvider
- Returns:
- The supported encryption methods, empty set if none.
-
getJCAContext
public JWEJCAContext getJCAContext()
Description copied from interface:JCAAware
Returns the Java Cryptography Architecture (JCA) context. May be used to set a specific JCA security provider or secure random generator.- Specified by:
getJCAContext
in interfaceJCAAware<JWEJCAContext>
- Returns:
- The JCA context. Not
null
.
-
isCEKProvided
protected boolean isCEKProvided()
Returnstrue
if a content encryption key (CEK) was provided at construction time.- Returns:
true
if a CEK was provided at construction time,false
if CEKs will be internally generated.
-
getCEK
protected SecretKey getCEK(EncryptionMethod enc) throws JOSEException
Returns the content encryption key (CEK) to use. Unless a CEK was provided at construction time this will be a new internally generated CEK.- Parameters:
enc
- The encryption method. Must not benull
.- Returns:
- The content encryption key (CEK).
- Throws:
JOSEException
- If an internal exception is encountered.
-
-