Package com.nimbusds.jose.crypto.impl
Class MultiCryptoProvider
- java.lang.Object
-
- com.nimbusds.jose.crypto.impl.MultiCryptoProvider
-
- All Implemented Interfaces:
JCAAware<JWEJCAContext>
,JOSEProvider
,JWEProvider
- Direct Known Subclasses:
MultiDecrypter
,MultiEncrypter
public abstract class MultiCryptoProvider extends Object
The base abstract class for multi-recipient encrypters and decrypters ofJWE objects
with a shared symmetric key.Supports the following key management algorithms:
JWEAlgorithm.A128KW
JWEAlgorithm.A192KW
JWEAlgorithm.A256KW
JWEAlgorithm.A128GCMKW
JWEAlgorithm.A192GCMKW
JWEAlgorithm.A256GCMKW
JWEAlgorithm.DIR
JWEAlgorithm.ECDH_ES
JWEAlgorithm.ECDH_ES_A128KW
JWEAlgorithm.ECDH_ES_A192KW
JWEAlgorithm.ECDH_ES_A256KW
JWEAlgorithm.RSA_OAEP_256
JWEAlgorithm.RSA_OAEP_384
JWEAlgorithm.RSA_OAEP_512
JWEAlgorithm.RSA_OAEP
(deprecated)JWEAlgorithm.RSA1_5
(deprecated)
Supports the following elliptic curves:
Curve.P_256
Curve.P_384
Curve.P_521
Curve.X25519
(Curve25519)
Supports the following content encryption algorithms:
- Version:
- 2023-03-24
-
-
Field Summary
Fields Modifier and Type Field Description static Map<Integer,Set<JWEAlgorithm>>
COMPATIBLE_ALGORITHMS
The JWE algorithms compatible with each key size in bits.static Set<JWEAlgorithm>
SUPPORTED_ALGORITHMS
The supported JWE algorithms by the direct crypto provider class.static Set<Curve>
SUPPORTED_ELLIPTIC_CURVES
The supported EC JWK curves by the ECDH crypto provider class.static Set<EncryptionMethod>
SUPPORTED_ENCRYPTION_METHODS
The supported encryption methods by the direct crypto provider class.
-
Constructor Summary
Constructors Modifier Constructor Description protected
MultiCryptoProvider(SecretKey cek)
Creates a new multi-recipient encryption / decryption provider.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected SecretKey
getCEK(EncryptionMethod enc)
Returns the content encryption key (CEK) to use.JWEJCAContext
getJCAContext()
Returns the Java Cryptography Architecture (JCA) context.protected boolean
isCEKProvided()
Returnstrue
if a content encryption key (CEK) was provided at construction time.Set<Curve>
supportedEllipticCurves()
Returns the names of the supported elliptic curves.Set<EncryptionMethod>
supportedEncryptionMethods()
Returns the names of the supported encryption methods by the JWE provier.Set<JWEAlgorithm>
supportedJWEAlgorithms()
Returns the names of the supported algorithms by the JWE provider instance.
-
-
-
Field Detail
-
SUPPORTED_ALGORITHMS
public static final Set<JWEAlgorithm> SUPPORTED_ALGORITHMS
The supported JWE algorithms by the direct crypto provider class.
-
SUPPORTED_ENCRYPTION_METHODS
public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS
The supported encryption methods by the direct crypto provider class.
-
COMPATIBLE_ALGORITHMS
public static final Map<Integer,Set<JWEAlgorithm>> COMPATIBLE_ALGORITHMS
The JWE algorithms compatible with each key size in bits.
-
SUPPORTED_ELLIPTIC_CURVES
public static final Set<Curve> SUPPORTED_ELLIPTIC_CURVES
The supported EC JWK curves by the ECDH crypto provider class.
-
-
Constructor Detail
-
MultiCryptoProvider
protected MultiCryptoProvider(SecretKey cek) throws KeyLengthException
Creates a new multi-recipient encryption / decryption provider.- Parameters:
cek
- The Content Encryption Key (CEK). Must be 128 bits (16 bytes), 192 bits (24 bytes), 256 bits (32 bytes), 384 bits (48 bytes) or 512 bits (64 bytes) long. Must not benull
.- Throws:
KeyLengthException
- If the CEK length is not compatible.
-
-
Method Detail
-
supportedEllipticCurves
public Set<Curve> supportedEllipticCurves()
Returns the names of the supported elliptic curves. These correspond to thecrv
EC JWK parameter.- Returns:
- The supported elliptic curves.
-
supportedJWEAlgorithms
public Set<JWEAlgorithm> supportedJWEAlgorithms()
Description copied from interface:JWEProvider
Returns the names of the supported algorithms by the JWE provider instance. These correspond to thealg
JWE header parameter.- Specified by:
supportedJWEAlgorithms
in interfaceJWEProvider
- Returns:
- The supported JWE algorithms, empty set if none.
-
supportedEncryptionMethods
public Set<EncryptionMethod> supportedEncryptionMethods()
Description copied from interface:JWEProvider
Returns the names of the supported encryption methods by the JWE provier. These correspond to theenc
JWE header parameter.- Specified by:
supportedEncryptionMethods
in interfaceJWEProvider
- Returns:
- The supported encryption methods, empty set if none.
-
getJCAContext
public JWEJCAContext getJCAContext()
Description copied from interface:JCAAware
Returns the Java Cryptography Architecture (JCA) context. May be used to set a specific JCA security provider or secure random generator.- Specified by:
getJCAContext
in interfaceJCAAware<JWEJCAContext>
- Returns:
- The JCA context. Not
null
.
-
isCEKProvided
protected boolean isCEKProvided()
Returnstrue
if a content encryption key (CEK) was provided at construction time.- Returns:
true
if a CEK was provided at construction time,false
if CEKs will be internally generated.
-
getCEK
protected SecretKey getCEK(EncryptionMethod enc) throws JOSEException
Returns the content encryption key (CEK) to use. Unless a CEK was provided at construction time this will be a new internally generated CEK.- Parameters:
enc
- The encryption method. Must not benull
.- Returns:
- The content encryption key (CEK).
- Throws:
JOSEException
- If an internal exception is encountered.
-
-