001/* 002 * nimbus-jose-jwt 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.jose.crypto.impl; 019 020 021import java.nio.ByteBuffer; 022import java.nio.charset.StandardCharsets; 023 024import com.nimbusds.jose.JWEHeader; 025import com.nimbusds.jose.util.Base64URL; 026import com.nimbusds.jose.util.ByteUtils; 027import com.nimbusds.jose.util.IntegerOverflowException; 028 029 030/** 031 * Additional authenticated data (AAD). 032 * 033 * <p>See RFC 7518 (JWA), section 5.1, point 14. 034 * 035 * @author Vladimir Dzhuvinov 036 * @version 2017-06-01 037 */ 038public class AAD { 039 040 041 /** 042 * Computes the Additional Authenticated Data (AAD) for the specified 043 * JWE header. 044 * 045 * @param jweHeader The JWE header. Must not be {@code null}. 046 * 047 * @return The AAD. 048 */ 049 public static byte[] compute(final JWEHeader jweHeader) { 050 051 return compute(jweHeader.toBase64URL()); 052 } 053 054 055 /** 056 * Computes the Additional Authenticated Data (AAD) for the specified 057 * BASE64URL-encoded JWE header. 058 * 059 * @param encodedJWEHeader The BASE64URL-encoded JWE header. Must not 060 * be {@code null}. 061 * 062 * @return The AAD. 063 */ 064 public static byte[] compute(final Base64URL encodedJWEHeader) { 065 066 return encodedJWEHeader.toString().getBytes(StandardCharsets.US_ASCII); 067 } 068 069 070 /** 071 * Computes the bit length of the specified Additional Authenticated 072 * Data (AAD). Used in AES/CBC/PKCS5Padding/HMAC-SHA2 encryption. 073 * 074 * @param aad The Additional Authenticated Data (AAD). Must not be 075 * {@code null}. 076 * 077 * @return The computed AAD bit length, as a 64 bit big-endian 078 * representation (8 byte array). 079 * 080 * @throws IntegerOverflowException On a integer overflow. 081 */ 082 public static byte[] computeLength(final byte[] aad) 083 throws IntegerOverflowException { 084 085 final int bitLength = ByteUtils.safeBitLength(aad); 086 return ByteBuffer.allocate(8).putLong(bitLength).array(); 087 } 088}