Package com.nimbusds.jose

Class JWEHeader

  • All Implemented Interfaces:
    Serializable
    @Immutable
public final class JWEHeader
extends Header
    JSON Web Encryption (JWE) header. This class is immutable.

    Supports the following registered header parameters:

    • alg
    • enc
    • epk
    • zip
    • jku
    • jwk
    • x5u
    • x5t
    • x5t#S256
    • x5c
    • kid
    • typ
    • cty
    • crit
    • apu
    • apv
    • p2s
    • p2c
    • iv
    • skid
    • authTag

    The header may also include custom parameters; these will be serialised and parsed along the registered ones.

    Example header: 

     { 
   "alg" : "RSA1_5",
   "enc" : "A128CBC-HS256"
 }
    Version:
    2022-03-07
    Author:
    Vladimir Dzhuvinov
    See Also:
    Serialized Form

    • Constructor Detail

      • JWEHeader

        public JWEHeader​(EncryptionMethod enc)
        Creates a new minimal JSON Web Encryption (JWE) header.
        Parameters:
        enc - The encryption method parameter. Must not be null.

      • JWEHeader

        public JWEHeader​(JWEAlgorithm alg,
                 EncryptionMethod enc)
        Creates a new minimal JSON Web Encryption (JWE) header.

        Note: Use PlainHeader to create a header with algorithm none.

        Parameters:
        alg - The JWE algorithm parameter. Must not be "none" or null.
        enc - The encryption method parameter. Must not be null.

      • JWEHeader

        public JWEHeader​(Algorithm alg,
                 EncryptionMethod enc,
                 JOSEObjectType typ,
                 String cty,
                 Set<String> crit,
                 URI jku,
                 JWK jwk,
                 URI x5u,
                 Base64URL x5t,
                 Base64URL x5t256,
                 List<Base64> x5c,
                 String kid,
                 JWK epk,
                 CompressionAlgorithm zip,
                 Base64URL apu,
                 Base64URL apv,
                 Base64URL p2s,
                 int p2c,
                 Base64URL iv,
                 Base64URL tag,
                 String skid,
                 Map<String,​Object> customParams,
                 Base64URL parsedBase64URL)
        Creates a new JSON Web Encryption (JWE) header.

        Note: Use PlainHeader to create a header with algorithm none.

        Parameters:
        alg - The JWE algorithm (alg) parameter. null if not specified.
        enc - The encryption method parameter. Must not be null.
        typ - The type (typ) parameter, null if not specified.
        cty - The content type (cty) parameter, null if not specified.
        crit - The names of the critical header (crit) parameters, empty set or null if none.
        jku - The JSON Web Key (JWK) Set URL (jku) parameter, null if not specified.
        jwk - The X.509 certificate URL (jwk) parameter, null if not specified.
        x5u - The X.509 certificate URL parameter (x5u), null if not specified.
        x5t - The X.509 certificate SHA-1 thumbprint (x5t) parameter, null if not specified.
        x5t256 - The X.509 certificate SHA-256 thumbprint (x5t#S256) parameter, null if not specified.
        x5c - The X.509 certificate chain (x5c) parameter, null if not specified.
        kid - The key ID (kid) parameter, null if not specified.
        epk - The Ephemeral Public Key (epk) parameter, null if not specified.
        zip - The compression algorithm (zip) parameter, null if not specified.
        apu - The agreement PartyUInfo (apu) parameter, null if not specified.
        apv - The agreement PartyVInfo (apv) parameter, null if not specified.
        p2s - The PBES2 salt (p2s) parameter, null if not specified.
        p2c - The PBES2 count (p2c) parameter, zero if not specified. Must not be negative.
        iv - The initialisation vector (iv) parameter, null if not specified.
        tag - The authentication tag (tag) parameter, null if not specified.
        skid - The sender key ID (skid) parameter, null if not specified.
        customParams - The custom parameters, empty map or null if none.
        parsedBase64URL - The parsed Base64URL, null if the header is created from scratch.

      • JWEHeader

        public JWEHeader​(JWEHeader jweHeader)
        Deep copy constructor.
        Parameters:
        jweHeader - The JWE header to copy. Must not be null.

    • Method Detail

      • getRegisteredParameterNames

        public static Set<StringgetRegisteredParameterNames()
        Gets the registered parameter names for JWE headers.
        Returns:
        The registered parameter names, as an unmodifiable set.

      • getEphemeralPublicKey

        public JWK getEphemeralPublicKey()
        Gets the Ephemeral Public Key (epk) parameter.
        Returns:
        The Ephemeral Public Key parameter, null if not specified.

      • getAgreementPartyUInfo

        public Base64URL getAgreementPartyUInfo()
        Gets the agreement PartyUInfo (apu) parameter.
        Returns:
        The agreement PartyUInfo parameter, null if not specified.

      • getAgreementPartyVInfo

        public Base64URL getAgreementPartyVInfo()
        Gets the agreement PartyVInfo (apv) parameter.
        Returns:
        The agreement PartyVInfo parameter, null if not specified.

      • getPBES2Salt

        public Base64URL getPBES2Salt()
        Gets the PBES2 salt (p2s) parameter.
        Returns:
        The PBES2 salt parameter, null if not specified.

      • getPBES2Count

        public int getPBES2Count()
        Gets the PBES2 count (p2c) parameter.
        Returns:
        The PBES2 count parameter, zero if not specified.

      • getIV

        public Base64URL getIV()
        Gets the initialisation vector (iv) parameter.
        Returns:
        The initialisation vector, null if not specified.

      • getAuthTag

        public Base64URL getAuthTag()
        Gets the authentication tag (tag) parameter.
        Returns:
        The authentication tag, null if not specified.

      • getSenderKeyID

        public String getSenderKeyID()
        Gets the sender key ID (skid) parameter.
        Returns:
        The sender key ID, null if not specified.

      • getIncludedParams

        public Set<StringgetIncludedParams()
        Description copied from class: Header
        Gets the names of all included parameters (registered and custom) in the header instance.
        Returns:
        The included parameters.

      • toJSONObject

        public Map<String,​ObjecttoJSONObject()
        Description copied from class: Header
        Returns a JSON object representation of the header. All custom parameters are included if they serialise to a JSON entity and their names don't conflict with the registered ones.
        Returns:
        The JSON object representation of the header.

      • parse

        public static JWEHeader parse​(Map<String,​Object> jsonObject)
                       throws ParseException
        Parses a JWE header from the specified JSON object.
        Parameters:
        jsonObject - The JSON object to parse. Must not be null.
        Returns:
        The JWE header.
        Throws:
        ParseException - If the specified JSON object doesn't represent a valid JWE header.

      • parse

        public static JWEHeader parse​(Map<String,​Object> jsonObject,
                              Base64URL parsedBase64URL)
                       throws ParseException
        Parses a JWE header from the specified JSON object.
        Parameters:
        jsonObject - The JSON object to parse. Must not be null.
        parsedBase64URL - The original parsed Base64URL, null if not applicable.
        Returns:
        The JWE header.
        Throws:
        ParseException - If the specified JSON object doesn't represent a valid JWE header.

      • parse

        public static JWEHeader parse​(String jsonString)
                       throws ParseException
        Parses a JWE header from the specified JSON object string.
        Parameters:
        jsonString - The JSON object string to parse. Must not be null.
        Returns:
        The JWE header.
        Throws:
        ParseException - If the specified JSON object string doesn't represent a valid JWE header.

      • parse

        public static JWEHeader parse​(String jsonString,
                              Base64URL parsedBase64URL)
                       throws ParseException
        Parses a JWE header from the specified JSON object string.
        Parameters:
        jsonString - The JSON string to parse. Must not be null.
        parsedBase64URL - The original parsed Base64URL, null if not applicable.
        Returns:
        The JWE header.
        Throws:
        ParseException - If the specified JSON object string doesn't represent a valid JWE header.

      • parse

        public static JWEHeader parse​(Base64URL base64URL)
                       throws ParseException
        Parses a JWE header from the specified Base64URL.
        Parameters:
        base64URL - The Base64URL to parse. Must not be null.
        Returns:
        The JWE header.
        Throws:
        ParseException - If the specified Base64URL doesn't represent a valid JWE header.

      • getJWKURL

        public URI getJWKURL()
        Gets the public JSON Web Key (JWK) Set URL (jku) parameter.
        Returns:
        The public JSON Web Key (JWK) Set URL parameter, null if not specified.

      • getJWK

        public JWK getJWK()
        Gets the public JSON Web Key (JWK) (jwk) parameter.
        Returns:
        The public JSON Web Key (JWK) parameter, null if not specified.

      • getX509CertURL

        public URI getX509CertURL()
        Gets the X.509 certificate URL (x5u) parameter.
        Returns:
        The X.509 certificate URL parameter, null if not specified.

      • getX509CertThumbprint

        @Deprecated
public Base64URL getX509CertThumbprint()
        Deprecated.
        Gets the X.509 certificate SHA-1 thumbprint (x5t) parameter.
        Returns:
        The X.509 certificate SHA-1 thumbprint parameter, null if not specified.

      • getX509CertSHA256Thumbprint

        public Base64URL getX509CertSHA256Thumbprint()
        Gets the X.509 certificate SHA-256 thumbprint (x5t#S256) parameter.
        Returns:
        The X.509 certificate SHA-256 thumbprint parameter, null if not specified.

      • getX509CertChain

        public List<Base64> getX509CertChain()
        Gets the X.509 certificate chain (x5c) parameter corresponding to the key used to sign or encrypt the JWS / JWE object.
        Returns:
        The X.509 certificate chain parameter as a unmodifiable list, null if not specified.

      • getKeyID

        public String getKeyID()
        Gets the key ID (kid) parameter.
        Returns:
        The key ID parameter, null if not specified.