Class AuthenticatedEncryptionCryptographyHandler
- java.lang.Object
-
- org.forgerock.jaspi.modules.session.jwt.AuthenticatedEncryptionCryptographyHandler
-
- All Implemented Interfaces:
JwtCryptographyHandler
public class AuthenticatedEncryptionCryptographyHandler extends Object implements JwtCryptographyHandler
AJwtCryptographyHandler
that ensures confidentiality and authenticity of data using authenticated encryption algorithms. This handler is generally faster and produces more compact JWTs than eitherKeyStoreJwtCryptographyHandler
orSecretsProviderJwtCryptographyHandler
. The following configuration options are supported:secretsProvider
- a reference to theSecretsProvider
to lookup encryption and decryption keys.encryptionPurpose
- thePurpose
to use for looking up encryption keys. Defaults toPurpose.DATA_ENCRYPTION
.decryptionPurpose
- thePurpose
to use for looking up decryption keys. Defaults toPurpose.DATA_DECRYPTION
.jweAlgorithm
- theJweAlgorithm
to use for encryption. This must be an authenticated encryption algorithm. Defaults toJweAlgorithm.DIRECT
.encryptionMethod
- theEncryptionMethod
to use. Defaults toEncryptionMethod.A256CBC_HS512
.compressionAlgorithm
- theCompressionAlgorithm
to use. Defaults toCompressionAlgorithm.NONE
.
-
-
Constructor Summary
Constructors Constructor Description AuthenticatedEncryptionCryptographyHandler()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description String
buildJwt(JwtBuilderFactory jwtBuilderFactory, JwtClaimsSet claimsSet)
Builds a JWT with the given claims set.Promise<String,NoSuchSecretException>
buildJwtAsync(JwtBuilderFactory jwtBuilderFactory, JwtClaimsSet claimsSet)
Builds a JWT with the given claims set.Jwt
decryptAndVerify(JwtBuilderFactory jwtBuilderFactory, String jwt)
Decrypts and verifies that the JWT is authentic in a single step.void
initialize(Map<String,Object> options)
Initialise the handler.String
toString()
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
-
Methods inherited from interface org.forgerock.jaspi.modules.session.jwt.JwtCryptographyHandler
decrypt, jwe, sign, verify
-
-
-
-
Method Detail
-
initialize
public void initialize(Map<String,Object> options)
Description copied from interface:JwtCryptographyHandler
Initialise the handler.- Specified by:
initialize
in interfaceJwtCryptographyHandler
- Parameters:
options
- The options to be used.
-
buildJwt
public String buildJwt(JwtBuilderFactory jwtBuilderFactory, JwtClaimsSet claimsSet)
Description copied from interface:JwtCryptographyHandler
Builds a JWT with the given claims set. The resulting JWT will be both encrypted and authenticated, either through direct authenticated encryption or a combination of encryption and signing.- Specified by:
buildJwt
in interfaceJwtCryptographyHandler
- Parameters:
jwtBuilderFactory
- the JWT builder factory.claimsSet
- the claims to add to the JWT.- Returns:
- the JWT in Compact Serialization form.
-
buildJwtAsync
public Promise<String,NoSuchSecretException> buildJwtAsync(JwtBuilderFactory jwtBuilderFactory, JwtClaimsSet claimsSet)
Description copied from interface:JwtCryptographyHandler
Builds a JWT with the given claims set. The resulting JWT will be both encrypted and authenticated, either through direct authenticated encryption or a combination of encryption and signing. The resulting JWT will be wrapped in aPromise
.- Specified by:
buildJwtAsync
in interfaceJwtCryptographyHandler
- Parameters:
jwtBuilderFactory
- the JWT builder factory.claimsSet
- the claims to add to the JWT.- Returns:
- the JWT in Compact Serialization form as a
Promise
, or aNoSuchSecretException
exception promise if the secret can not be found.
-
decryptAndVerify
public Jwt decryptAndVerify(JwtBuilderFactory jwtBuilderFactory, String jwt)
Description copied from interface:JwtCryptographyHandler
Decrypts and verifies that the JWT is authentic in a single step.- Specified by:
decryptAndVerify
in interfaceJwtCryptographyHandler
- Parameters:
jwtBuilderFactory
- The JWT builder factory.jwt
- the JWT to decrypt and verify.- Returns:
- the decrypted and verified JWT.
-
-