Package org.forgerock.jaspi.modules.session.jwt

Class AuthenticatedEncryptionCryptographyHandler

java.lang.Object

org.forgerock.jaspi.modules.session.jwt.AuthenticatedEncryptionCryptographyHandler

All Implemented Interfaces:

JwtCryptographyHandler

public class AuthenticatedEncryptionCryptographyHandler
extends Object
implements JwtCryptographyHandler

A JwtCryptographyHandler that ensures confidentiality and authenticity of data using authenticated encryption algorithms. This handler is generally faster and produces more compact JWTs than either KeyStoreJwtCryptographyHandler or SecretsProviderJwtCryptographyHandler. The following configuration options are supported:

• secretsProvider - a reference to the SecretsProvider to lookup encryption and decryption keys.
• encryptionPurpose - the Purpose to use for looking up encryption keys. Defaults to Purpose.DATA_ENCRYPTION.
• decryptionPurpose - the Purpose to use for looking up decryption keys. Defaults to Purpose.DATA_DECRYPTION.
• jweAlgorithm - the JweAlgorithm to use for encryption. This must be an authenticated encryption algorithm. Defaults to JweAlgorithm.DIRECT.
• encryptionMethod - the EncryptionMethod to use. Defaults to EncryptionMethod.A256CBC_HS512.
• compressionAlgorithm - the CompressionAlgorithm to use. Defaults to CompressionAlgorithm.NONE.

Constructor Summary

Constructors

Constructor	Description
AuthenticatedEncryptionCryptographyHandler()

Method Summary

Modifier and Type	Method	Description
String	buildJwt(JwtBuilderFactory jwtBuilderFactory, JwtClaimsSet claimsSet)	Builds a JWT with the given claims set.
Jwt	decryptAndVerify(JwtBuilderFactory jwtBuilderFactory, String jwt)	Decrypts and verifies that the JWT is authentic in a single step.
void	initialize(Map<String,Object> options)	Initialise the handler.
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.forgerock.jaspi.modules.session.jwt.JwtCryptographyHandler

decrypt, jwe, sign, verify

Constructor Detail

AuthenticatedEncryptionCryptographyHandler

public AuthenticatedEncryptionCryptographyHandler()

Method Detail

initialize

public void initialize(Map<String,Object> options)

Description copied from interface: JwtCryptographyHandler

Initialise the handler.

Specified by:

initialize in interface JwtCryptographyHandler

Parameters:

options - The options to be used.

buildJwt

public String buildJwt(JwtBuilderFactory jwtBuilderFactory,
                       JwtClaimsSet claimsSet)

Description copied from interface: JwtCryptographyHandler

Builds a JWT with the given claims set. The resulting JWT will be both encrypted and authenticated, either through direct authenticated encryption or a combination of encryption and signing.

Specified by:

buildJwt in interface JwtCryptographyHandler

Parameters:

jwtBuilderFactory - the JWT builder factory.

claimsSet - the claims to add to the JWT.

Returns:

the JWT in Compact Serialization form.

decryptAndVerify

public Jwt decryptAndVerify(JwtBuilderFactory jwtBuilderFactory,
                            String jwt)

Description copied from interface: JwtCryptographyHandler

Decrypts and verifies that the JWT is authentic in a single step.

Specified by:

decryptAndVerify in interface JwtCryptographyHandler

Parameters:

jwtBuilderFactory - The JWT builder factory.

jwt - the JWT to decrypt and verify.

Returns:

the decrypted and verified JWT.

toString

public String toString()

Overrides:

toString in class Object