Package org.forgerock.json.jose.jwe
Class EncryptedJwt
- java.lang.Object
-
- org.forgerock.json.jose.jwe.EncryptedJwt
-
- Direct Known Subclasses:
SignedThenEncryptedJwt
public class EncryptedJwt extends Object implements Jwt, Payload
A JWE implementation of theJwtinterface.JSON Web Encryption (JWE) is a representing encrypted content using JSON based data structures.
- Since:
- 2.0.0
- See Also:
- JSON Web Encryption Specification
-
-
Constructor Summary
Constructors Modifier Constructor Description protectedEncryptedJwt(EncryptedJwt encryptedJwt)Construct an encrypted JWT from an existent one.EncryptedJwt(JweHeader header, String encodedHeader, byte[] encryptedContentEncryptionKey, byte[] initialisationVector, byte[] ciphertext, byte[] authenticationTag)Constructs a reconstructed EncryptedJwt from its constituent parts, the JweHeader, encrypted Content Encryption Key (CEK), initialisation vector, ciphertext and additional authentication data.EncryptedJwt(JweHeader header, JwtClaimsSet payload, Key publicKey)Constructs a fresh, new EncryptedJwt from the given JweHeader and JwtClaimsSet.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description Stringbuild()Builds the JWT into aStringby following the steps specified in the relevant specification according to whether the JWT is being signed and/or encrypted.EncryptedJwtcopy()Create a copy of the current JWT.voiddecrypt(Key privateKey)Deprecated.Preferdecrypt(SecretsProvider, Purpose)instead.Promise<? extends EncryptedJwt,JweDecryptionCheckedException>decrypt(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose)Attempts to decrypt the JWT using any available keys for the givenPurposefrom the givenSecretsProvider.byte[]decryptRawPayload(Key privateKey)Deprecated.PreferdecryptRawPayload(SecretsProvider, Purpose)instead.Promise<byte[],JweDecryptionCheckedException>decryptRawPayload(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose)Attempts to decrypt the raw payload of the JWT using any keys from the givenSecretsProviderthat satisfy the suppliedPurpose.JwtClaimsSetgetClaimsSet()Gets the claims set object for the Jwt, which contains all of the claims (name value pairs) conveyed by the JWT.JweHeadergetHeader()Gets the header object for the JWT, which contains properties which describe the cryptographic operations applied to the JWT, among other properties.
-
-
-
Constructor Detail
-
EncryptedJwt
public EncryptedJwt(JweHeader header, JwtClaimsSet payload, Key publicKey)
Constructs a fresh, new EncryptedJwt from the given JweHeader and JwtClaimsSet.The specified public key will be used to perform the encryption of the JWT.
- Parameters:
header- The JweHeader containing the header parameters of the JWE.payload- The claimset of the JWE.publicKey- The public key to use to perform the encryption.
-
EncryptedJwt
protected EncryptedJwt(EncryptedJwt encryptedJwt)
Construct an encrypted JWT from an existent one.- Parameters:
encryptedJwt- the encrypted JWT
-
EncryptedJwt
public EncryptedJwt(JweHeader header, String encodedHeader, byte[] encryptedContentEncryptionKey, byte[] initialisationVector, byte[] ciphertext, byte[] authenticationTag)
Constructs a reconstructed EncryptedJwt from its constituent parts, the JweHeader, encrypted Content Encryption Key (CEK), initialisation vector, ciphertext and additional authentication data.For use when an encrypted JWT has been reconstructed from its base64url encoded string representation and the JWT needs decrypting.
- Parameters:
header- The JweHeader containing the header parameters of the JWE.encodedHeader- The Base64url encoded JWE header.encryptedContentEncryptionKey- The encrypted Content Encryption Key (CEK).initialisationVector- The initialisation vector.ciphertext- The ciphertext.authenticationTag- The authentication tag.
-
-
Method Detail
-
getHeader
public JweHeader getHeader()
Description copied from interface:JwtGets the header object for the JWT, which contains properties which describe the cryptographic operations applied to the JWT, among other properties.When the JWT is digitally signed or MACed, the JWT Header is a JWS Header. When the JWT is encrypted, the JWT Header is a JWE Header.
-
getClaimsSet
public JwtClaimsSet getClaimsSet()
Description copied from interface:JwtGets the claims set object for the Jwt, which contains all of the claims (name value pairs) conveyed by the JWT.- Specified by:
getClaimsSetin interfaceJwt- Returns:
- The JWTs Claims Set.
-
build
public String build()
Description copied from interface:JwtBuilds the JWT into aStringby following the steps specified in the relevant specification according to whether the JWT is being signed and/or encrypted.- Specified by:
buildin interfaceJwt- Specified by:
buildin interfacePayload- Returns:
- The base64url encoded UTF-8 parts of the JWT.
- See Also:
- JSON Web Token Specification, JSON Web Signature Specification, JSON Web Encryption Specification
-
copy
public EncryptedJwt copy()
Description copied from interface:JwtCreate a copy of the current JWT.
-
decrypt
@Deprecated public void decrypt(Key privateKey)
Deprecated.Preferdecrypt(SecretsProvider, Purpose)instead.Decrypts the JWE ciphertext back into a JwtClaimsSet.The same private key must be given here that is the pair to the public key that was used to encrypt the JWT.
- Parameters:
privateKey- The private key pair to the public key that encrypted the JWT.
-
decrypt
public Promise<? extends EncryptedJwt,JweDecryptionCheckedException> decrypt(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose)
Attempts to decrypt the JWT using any available keys for the givenPurposefrom the givenSecretsProvider. Only keys that support the JWT algorithm will be considered. If decryption is successful then this returns aPromisefor the same JWT with the payload decrypted, otherwise it returns a promise that resolves to aJweDecryptionCheckedException.- Parameters:
secretsProvider- the secrets provider from which to retrieve keys.purpose- the purpose for which decryption is being performed. Typically this purpose will be for aDataDecryptionKey,KeyDecryptionKey, orKeyAgreementKey.- Returns:
- a promise to either the decrypted JWT or a failed promise indicating that decryption failed.
-
decryptRawPayload
@Deprecated public byte[] decryptRawPayload(Key privateKey)
Deprecated.PreferdecryptRawPayload(SecretsProvider, Purpose)instead.Decrypts and returns the raw bytes of the payload, without attempting to decode them in any way. The decrypted payload is not cached.The same private key must be given here that is the pair to the public key that was used to encrypt the JWT.
- Parameters:
privateKey- The private key pair to the public key that encrypted the JWT.- Returns:
- The raw bytes of the decrypted payload.
-
decryptRawPayload
public Promise<byte[],JweDecryptionCheckedException> decryptRawPayload(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose)
Attempts to decrypt the raw payload of the JWT using any keys from the givenSecretsProviderthat satisfy the suppliedPurpose. Only keys that support the specified JWE algorithm will be considered by the decryption process. If decryption is successful then a promise for the decrypted payload will be returned, otherwise the promise will resolve to aJweDecryptionCheckedException.- Parameters:
secretsProvider- the secrets provider from which to retrieve keys.purpose- the purpose for which decryption is being performed. Typically this purpose will be for aDataDecryptionKey,KeyDecryptionKey, orKeyAgreementKey.- Returns:
- a promise to either the decrypted JWT raw payload or a failed promise indicating that decryption failed.
-
-