Package com.nimbusds.jose.crypto.impl

Class AESCryptoProvider

java.lang.Object

com.nimbusds.jose.crypto.impl.AESCryptoProvider

All Implemented Interfaces:

JCAAware<JWEJCAContext>, JOSEProvider, JWEProvider

Direct Known Subclasses:

AESDecrypter, AESEncrypter

public abstract class AESCryptoProvider
extends Object

The base abstract class for AES and AES GCM key wrap encrypters and decrypters of JWE objects.

Supports the following key management algorithms:

• JWEAlgorithm.A128KW
• JWEAlgorithm.A192KW
• JWEAlgorithm.A256KW
• JWEAlgorithm.A128GCMKW
• JWEAlgorithm.A192GCMKW
• JWEAlgorithm.A256GCMKW

Supports the following content encryption algorithms:

• EncryptionMethod.A128CBC_HS256
• EncryptionMethod.A192CBC_HS384
• EncryptionMethod.A256CBC_HS512
• EncryptionMethod.A128GCM
• EncryptionMethod.A192GCM
• EncryptionMethod.A256GCM
• EncryptionMethod.A128CBC_HS256_DEPRECATED
• EncryptionMethod.A256CBC_HS512_DEPRECATED
• EncryptionMethod.XC20P

Version:

2015-06-29

Author:

Melisa Halsband, Vladimir Dzhuvinov

Field Summary

Fields

Modifier and Type	Field	Description
static Map<Integer,Set<JWEAlgorithm>>	COMPATIBLE_ALGORITHMS	The JWE algorithms compatible with each key size in bits.
static Set<JWEAlgorithm>	SUPPORTED_ALGORITHMS	The supported JWE algorithms by the AES crypto provider class.
static Set<EncryptionMethod>	SUPPORTED_ENCRYPTION_METHODS	The supported encryption methods by the AES crypto provider class.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	AESCryptoProvider(SecretKey kek, SecretKey cek)	Creates a new AES encryption / decryption provider.

Method Summary

Modifier and Type	Method	Description
protected SecretKey	getCEK(EncryptionMethod enc)	Returns the content encryption key (CEK) to use.
JWEJCAContext	getJCAContext()	Returns the Java Cryptography Architecture (JCA) context.
SecretKey	getKey()	Gets the Key Encryption Key (KEK).
protected boolean	isCEKProvided()	Returns true if a content encryption key (CEK) was provided at construction time.
Set<EncryptionMethod>	supportedEncryptionMethods()	Returns the names of the supported encryption methods by the JWE provier.
Set<JWEAlgorithm>	supportedJWEAlgorithms()	Returns the names of the supported algorithms by the JWE provider instance.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SUPPORTED_ALGORITHMS

public static final Set<JWEAlgorithm> SUPPORTED_ALGORITHMS

The supported JWE algorithms by the AES crypto provider class.

SUPPORTED_ENCRYPTION_METHODS

public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS

The supported encryption methods by the AES crypto provider class.

COMPATIBLE_ALGORITHMS

public static final Map<Integer,Set<JWEAlgorithm>> COMPATIBLE_ALGORITHMS

The JWE algorithms compatible with each key size in bits.

Constructor Detail

AESCryptoProvider

protected AESCryptoProvider(SecretKey kek,
                            SecretKey cek)
                     throws KeyLengthException

Creates a new AES encryption / decryption provider.

Parameters:

kek - The Key Encryption Key. Must be 128 bits (16 bytes), 192 bits (24 bytes) or 256 bits (32 bytes). Must not be null.

cek - The content encryption key (CEK) to use. If specified its algorithm must be "AES" or "ChaCha20" and its length must match the expected for the JWE encryption method ("enc"). If null a CEK will be generated for each JWE.

Throws:

KeyLengthException - If the KEK length is invalid.

Method Detail

getKey

public SecretKey getKey()

Gets the Key Encryption Key (KEK).

Returns:

The Key Encryption Key.

supportedJWEAlgorithms

public Set<JWEAlgorithm> supportedJWEAlgorithms()

Description copied from interface: JWEProvider

Returns the names of the supported algorithms by the JWE provider instance. These correspond to the alg JWE header parameter.

Specified by:

supportedJWEAlgorithms in interface JWEProvider

Returns:

The supported JWE algorithms, empty set if none.

supportedEncryptionMethods

public Set<EncryptionMethod> supportedEncryptionMethods()

Description copied from interface: JWEProvider

Returns the names of the supported encryption methods by the JWE provier. These correspond to the enc JWE header parameter.

Specified by:

supportedEncryptionMethods in interface JWEProvider

Returns:

The supported encryption methods, empty set if none.

getJCAContext

public JWEJCAContext getJCAContext()

Description copied from interface: JCAAware

Returns the Java Cryptography Architecture (JCA) context. May be used to set a specific JCA security provider or secure random generator.

Specified by:

getJCAContext in interface JCAAware<JWEJCAContext>

Returns:

The JCA context. Not null.

isCEKProvided

protected boolean isCEKProvided()

Returns true if a content encryption key (CEK) was provided at construction time.

Returns:

true if a CEK was provided at construction time, false if CEKs will be internally generated.

getCEK

protected SecretKey getCEK(EncryptionMethod enc)
                    throws JOSEException

Returns the content encryption key (CEK) to use. Unless a CEK was provided at construction time this will be a new internally generated CEK.

Parameters:

enc - The encryption method. Must not be null.

Returns:

The content encryption key (CEK).

Throws:

JOSEException - If an internal exception is encountered.