Package com.nimbusds.jose.crypto

Class ECDH1PUX25519Decrypter

    • Constructor Detail

      • ECDH1PUX25519Decrypter

        public ECDH1PUX25519Decrypter​(OctetKeyPair privateKey,
                              OctetKeyPair publicKey)
                       throws JOSEException
        Creates a new Curve25519 Elliptic Curve Diffie-Hellman decrypter.
        Parameters:
        privateKey - The private key. Must not be null.
        publicKey - The private key. Must not be null.
        Throws:
        JOSEException - If the key subtype is not supported.

      • ECDH1PUX25519Decrypter

        public ECDH1PUX25519Decrypter​(OctetKeyPair privateKey,
                              OctetKeyPair publicKey,
                              Set<String> defCritHeaders)
                       throws JOSEException
        Creates a new Curve25519 Elliptic Curve Diffie-Hellman decrypter.
        Parameters:
        privateKey - The private key. Must not be null.
        publicKey - The private key. Must not be null.
        defCritHeaders - The names of the critical header parameters that are deferred to the application for processing, empty set or null if none.
        Throws:
        JOSEException - If the key subtype is not supported.

    • Method Detail

      • decrypt

        @Deprecated
public byte[] decrypt​(JWEHeader header,
                      Base64URL encryptedKey,
                      Base64URL iv,
                      Base64URL cipherText,
                      Base64URL authTag)
               throws JOSEException
        Deprecated.
        Decrypts the specified cipher text of a JWE Object.
        Parameters:
        header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.
        encryptedKey - The encrypted key, null if not required by the JWE algorithm.
        iv - The initialisation vector, null if not required by the JWE algorithm.
        cipherText - The cipher text to decrypt. Must not be null.
        authTag - The authentication tag, null if not required.
        Returns:
        The clear text.
        Throws:
        JOSEException - If the JWE algorithm or method is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if decryption failed for some other reason.

      • decrypt

        public byte[] decrypt​(JWEHeader header,
                      Base64URL encryptedKey,
                      Base64URL iv,
                      Base64URL cipherText,
                      Base64URL authTag,
                      byte[] aad)
               throws JOSEException
        Description copied from interface: JWEDecrypter
        Decrypts the specified cipher text of a JWE Object.
        Specified by:
        decrypt in interface JWEDecrypter
        Parameters:
        header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.
        encryptedKey - The encrypted key, null if not required by the JWE algorithm.
        iv - The initialisation vector, null if not required by the JWE algorithm.
        cipherText - The cipher text to decrypt. Must not be null.
        authTag - The authentication tag, null if not required.
        aad - The additional authenticated data. Must not be null.
        Returns:
        The clear text.
        Throws:
        JOSEException - If the JWE algorithm or method is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if decryption failed for some other reason.

      • supportedJWEAlgorithms

        public Set<JWEAlgorithm> supportedJWEAlgorithms()
        Description copied from interface: JWEProvider
        Returns the names of the supported algorithms by the JWE provider instance. These correspond to the alg JWE header parameter.
        Specified by:
        supportedJWEAlgorithms in interface JWEProvider
        Returns:
        The supported JWE algorithms, empty set if none.

      • supportedEncryptionMethods

        public Set<EncryptionMethod> supportedEncryptionMethods()
        Description copied from interface: JWEProvider
        Returns the names of the supported encryption methods by the JWE provier. These correspond to the enc JWE header parameter.
        Specified by:
        supportedEncryptionMethods in interface JWEProvider
        Returns:
        The supported encryption methods, empty set if none.

      • getJCAContext

        public JWEJCAContext getJCAContext()
        Description copied from interface: JCAAware
        Returns the Java Cryptography Architecture (JCA) context. May be used to set a specific JCA security provider or secure random generator.
        Specified by:
        getJCAContext in interface JCAAware<JWEJCAContext>
        Returns:
        The JCA context. Not null.

      • isCEKProvided

        protected boolean isCEKProvided()
        Returns true if a content encryption key (CEK) was provided at construction time.
        Returns:
        true if a CEK was provided at construction time, false if CEKs will be internally generated.

      • getCEK

        protected SecretKey getCEK​(EncryptionMethod enc)
                    throws JOSEException
        Returns the content encryption key (CEK) to use. Unless a CEK was provided at construction time this will be a new internally generated CEK.
        Parameters:
        enc - The encryption method. Must not be null.
        Returns:
        The content encryption key (CEK).
        Throws:
        JOSEException - If an internal exception is encountered.