Class AuthenticatedEncryptionCryptographyHandler
java.lang.Object
org.forgerock.jaspi.modules.session.jwt.AuthenticatedEncryptionCryptographyHandler
- All Implemented Interfaces:
JwtCryptographyHandler
public class AuthenticatedEncryptionCryptographyHandler
extends Object
implements JwtCryptographyHandler
A
JwtCryptographyHandler that ensures confidentiality and authenticity of data using authenticated
encryption algorithms. This handler is generally faster and produces more compact JWTs than either
KeyStoreJwtCryptographyHandler or SecretsProviderJwtCryptographyHandler. The following
configuration options are supported:
secretsProvider- a reference to theSecretsProviderto lookup encryption and decryption keys.encryptionPurpose- thePurposeto use for looking up encryption keys. Defaults toPurpose.DATA_ENCRYPTION.decryptionPurpose- thePurposeto use for looking up decryption keys. Defaults toPurpose.DATA_DECRYPTION.jweAlgorithm- theJweAlgorithmto use for encryption. This must be an authenticated encryption algorithm. Defaults toJweAlgorithm.DIRECT.encryptionMethod- theEncryptionMethodto use. Defaults toEncryptionMethod.A256CBC_HS512.compressionAlgorithm- theCompressionAlgorithmto use. Defaults toCompressionAlgorithm.NONE.
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbuildJwt(JwtBuilderFactory jwtBuilderFactory, JwtClaimsSet claimsSet) Builds a JWT with the given claims set.buildJwtAsync(JwtBuilderFactory jwtBuilderFactory, JwtClaimsSet claimsSet) Builds a JWT with the given claims set.decryptAndVerify(JwtBuilderFactory jwtBuilderFactory, String jwt) Decrypts and verifies that the JWT is authentic in a single step.voidinitialize(Map<String, Object> options) Initialise the handler.toString()Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface org.forgerock.jaspi.modules.session.jwt.JwtCryptographyHandler
decrypt, jwe, sign, verify
-
Constructor Details
-
AuthenticatedEncryptionCryptographyHandler
public AuthenticatedEncryptionCryptographyHandler()
-
-
Method Details
-
initialize
Description copied from interface:JwtCryptographyHandlerInitialise the handler.- Specified by:
initializein interfaceJwtCryptographyHandler- Parameters:
options- The options to be used.
-
buildJwt
Description copied from interface:JwtCryptographyHandlerBuilds a JWT with the given claims set. The resulting JWT will be both encrypted and authenticated, either through direct authenticated encryption or a combination of encryption and signing.- Specified by:
buildJwtin interfaceJwtCryptographyHandler- Parameters:
jwtBuilderFactory- the JWT builder factory.claimsSet- the claims to add to the JWT.- Returns:
- the JWT in Compact Serialization form.
-
buildJwtAsync
public Promise<String,NoSuchSecretException> buildJwtAsync(JwtBuilderFactory jwtBuilderFactory, JwtClaimsSet claimsSet) Description copied from interface:JwtCryptographyHandlerBuilds a JWT with the given claims set. The resulting JWT will be both encrypted and authenticated, either through direct authenticated encryption or a combination of encryption and signing. The resulting JWT will be wrapped in aPromise.- Specified by:
buildJwtAsyncin interfaceJwtCryptographyHandler- Parameters:
jwtBuilderFactory- the JWT builder factory.claimsSet- the claims to add to the JWT.- Returns:
- the JWT in Compact Serialization form as a
Promise, or aNoSuchSecretExceptionexception promise if the secret can not be found.
-
decryptAndVerify
Description copied from interface:JwtCryptographyHandlerDecrypts and verifies that the JWT is authentic in a single step.- Specified by:
decryptAndVerifyin interfaceJwtCryptographyHandler- Parameters:
jwtBuilderFactory- The JWT builder factory.jwt- the JWT to decrypt and verify.- Returns:
- the decrypted and verified JWT.
-
toString
-