Source code

001/*
002 * nimbus-jose-jwt
003 *
004 * Copyright 2012-2016, Connect2id Ltd.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.jose;
019
020
021import com.nimbusds.jose.util.Base64URL;
022
023
024/**
025 * JSON Web Encryption (JWE) decrypter.
026 *
027 * @author Vladimir Dzhuvinov
028 * @author Egor Puzanov
029 * @version 2023-03-26
030 */
031public interface JWEDecrypter extends JWEProvider {
032
033
034        /**
035         * Decrypts the specified cipher text of a {@link JWEObject JWE Object}.
036         *
037         * @param header       The JSON Web Encryption (JWE) header. Must
038         *                     specify a supported JWE algorithm and method.
039         *                     Must not be {@code null}.
040         * @param encryptedKey The encrypted key, {@code null} if not required
041         *                     by the JWE algorithm.
042         * @param iv           The initialisation vector, {@code null} if not
043         *                     required by the JWE algorithm.
044         * @param cipherText   The cipher text to decrypt. Must not be
045         *                     {@code null}.
046         * @param authTag      The authentication tag, {@code null} if not
047         *                     required.
048         * @param aad          The additional authenticated data. Must not be
049         *                     {@code null}.
050         *
051         * @return The clear text.
052         *
053         * @throws JOSEException If the JWE algorithm or method is not
054         *                       supported, if a critical header parameter is
055         *                       not supported or marked for deferral to the
056         *                       application, or if decryption failed for some
057         *                       other reason.
058         */
059        byte[] decrypt(final JWEHeader header,
060                       final Base64URL encryptedKey,
061                       final Base64URL iv,
062                       final Base64URL cipherText,
063                       final Base64URL authTag,
064                       final byte[] aad)
065                throws JOSEException;
066}