Package com.nimbusds.jose.crypto.impl
Class ContentCryptoProvider
- java.lang.Object
-
- com.nimbusds.jose.crypto.impl.ContentCryptoProvider
-
public class ContentCryptoProvider extends java.lang.ObjectJWE content encryption / decryption provider.- Version:
- 2022-09-20
- Author:
- Vladimir Dzhuvinov
-
-
Field Summary
Fields Modifier and Type Field Description static java.util.Map<java.lang.Integer,java.util.Set<EncryptionMethod>>COMPATIBLE_ENCRYPTION_METHODSThe encryption methods compatible with each key size in bits.static java.util.Set<EncryptionMethod>SUPPORTED_ENCRYPTION_METHODSThe supported encryption methods.
-
Constructor Summary
Constructors Constructor Description ContentCryptoProvider()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static byte[]decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag, javax.crypto.SecretKey cek, JWEJCAContext jcaProvider)Decrypts the specified cipher text.static JWECryptoPartsencrypt(JWEHeader header, byte[] clearText, javax.crypto.SecretKey cek, Base64URL encryptedKey, JWEJCAContext jcaProvider)Encrypts the specified clear text (content).static javax.crypto.SecretKeygenerateCEK(EncryptionMethod enc, java.security.SecureRandom randomGen)Generates a Content Encryption Key (CEK) for the specified JOSE encryption method.
-
-
-
Field Detail
-
SUPPORTED_ENCRYPTION_METHODS
public static final java.util.Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS
The supported encryption methods.
-
COMPATIBLE_ENCRYPTION_METHODS
public static final java.util.Map<java.lang.Integer,java.util.Set<EncryptionMethod>> COMPATIBLE_ENCRYPTION_METHODS
The encryption methods compatible with each key size in bits.
-
-
Method Detail
-
generateCEK
public static javax.crypto.SecretKey generateCEK(EncryptionMethod enc, java.security.SecureRandom randomGen) throws JOSEException
Generates a Content Encryption Key (CEK) for the specified JOSE encryption method.- Parameters:
enc- The encryption method. Must not benull.randomGen- The secure random generator to use. Must not benull.- Returns:
- The generated CEK (with algorithm "AES").
- Throws:
JOSEException- If the encryption method is not supported.
-
encrypt
public static JWECryptoParts encrypt(JWEHeader header, byte[] clearText, javax.crypto.SecretKey cek, Base64URL encryptedKey, JWEJCAContext jcaProvider) throws JOSEException
Encrypts the specified clear text (content).- Parameters:
header- The final JWE header. Must not benull.clearText- The clear text to encrypt and optionally compress. Must not benull.cek- The Content Encryption Key (CEK). Must not benull.encryptedKey- The encrypted CEK,nullif not required.jcaProvider- The JWE JCA provider specification. Must not benull.- Returns:
- The JWE crypto parts.
- Throws:
JOSEException- If encryption failed.
-
decrypt
public static byte[] decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag, javax.crypto.SecretKey cek, JWEJCAContext jcaProvider) throws JOSEException
Decrypts the specified cipher text.- Parameters:
header- The JWE header. Must not benull.encryptedKey- The encrypted key,nullif not specified.iv- The initialisation vector (IV). Must not benull.cipherText- The cipher text. Must not benull.authTag- The authentication tag. Must not benull.cek- The Content Encryption Key (CEK). Must not benull.jcaProvider- The JWE JCA provider specification. Must not benull.- Returns:
- The clear text.
- Throws:
JOSEException- If decryption failed.
-
-