Package org.forgerock.json.jose.jwe

Class EncryptedJwt

    • Constructor Detail

      • EncryptedJwt

        public EncryptedJwt​(JweHeader header,
                    JwtClaimsSet payload,
                    Key publicKey)
        Constructs a fresh, new EncryptedJwt from the given JweHeader and JwtClaimsSet.

        The specified public key will be used to perform the encryption of the JWT.

        Parameters:
        header - The JweHeader containing the header parameters of the JWE.
        payload - The claimset of the JWE.
        publicKey - The public key to use to perform the encryption.

      • EncryptedJwt

        protected EncryptedJwt​(EncryptedJwt encryptedJwt)
        Construct an encrypted JWT from an existent one.
        Parameters:
        encryptedJwt - the encrypted JWT

      • EncryptedJwt

        public EncryptedJwt​(JweHeader header,
                    String encodedHeader,
                    byte[] encryptedContentEncryptionKey,
                    byte[] initialisationVector,
                    byte[] ciphertext,
                    byte[] authenticationTag)
        Constructs a reconstructed EncryptedJwt from its constituent parts, the JweHeader, encrypted Content Encryption Key (CEK), initialisation vector, ciphertext and additional authentication data.

        For use when an encrypted JWT has been reconstructed from its base64url encoded string representation and the JWT needs decrypting.

        Parameters:
        header - The JweHeader containing the header parameters of the JWE.
        encodedHeader - The Base64url encoded JWE header.
        encryptedContentEncryptionKey - The encrypted Content Encryption Key (CEK).
        initialisationVector - The initialisation vector.
        ciphertext - The ciphertext.
        authenticationTag - The authentication tag.

    • Method Detail

      • getHeader

        public JweHeader getHeader()
        Description copied from interface: Jwt
        Gets the header object for the JWT, which contains properties which describe the cryptographic operations applied to the JWT, among other properties.

        When the JWT is digitally signed or MACed, the JWT Header is a JWS Header. When the JWT is encrypted, the JWT Header is a JWE Header.

        Specified by:
        getHeader in interface Jwt
        Returns:
        The JWTs Header.

      • getClaimsSet

        public JwtClaimsSet getClaimsSet()
        Description copied from interface: Jwt
        Gets the claims set object for the Jwt, which contains all of the claims (name value pairs) conveyed by the JWT.
        Specified by:
        getClaimsSet in interface Jwt
        Returns:
        The JWTs Claims Set.

      • copy

        public EncryptedJwt copy()
        Description copied from interface: Jwt
        Create a copy of the current JWT.
        Specified by:
        copy in interface Jwt
        Specified by:
        copy in interface Payload
        Returns:
        a copy of the JWT.

      • decrypt

        @Deprecated
public void decrypt​(Key privateKey)
        Deprecated.
        Prefer decrypt(SecretsProvider, Purpose) instead.
        Decrypts the JWE ciphertext back into a JwtClaimsSet.

        The same private key must be given here that is the pair to the public key that was used to encrypt the JWT.

        Parameters:
        privateKey - The private key pair to the public key that encrypted the JWT.

      • decryptRawPayload

        @Deprecated
public byte[] decryptRawPayload​(Key privateKey)
        Deprecated.
        Prefer decryptRawPayload(SecretsProvider, Purpose) instead.
        Decrypts and returns the raw bytes of the payload, without attempting to decode them in any way. The decrypted payload is not cached.

        The same private key must be given here that is the pair to the public key that was used to encrypt the JWT.

        Parameters:
        privateKey - The private key pair to the public key that encrypted the JWT.
        Returns:
        The raw bytes of the decrypted payload.