Class DirectEncryptionHandler
java.lang.Object
org.forgerock.json.jose.jwe.handlers.encryption.DirectEncryptionHandler
- All Implemented Interfaces:
EncryptionHandler
Supports direct encryption using a shared symmetric key.
-
Constructor Summary
ConstructorDescriptionDirectEncryptionHandler
(EncryptionMethod encryptionMethod) Constructs the direct encryption handler for the given content encryption method. -
Method Summary
Modifier and TypeMethodDescriptionbyte[]
decryptCiphertext
(Key contentEncryptionKey, byte[] initialisationVector, byte[] ciphertext, byte[] authenticationTag, byte[] additionalAuthenticatedData) Decrypts the ciphertext with the Content Encryption Key, using the initialisation vector and additional authenticated data, following the steps defined by the EncryptionHandler JweAlgorithm.decryptContentEncryptionKey
(Key key, byte[] encryptedContentEncryptionKey) Decrypts the Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.encryptPlaintext
(Key contentEncryptionKey, byte[] initialisationVector, byte[] plaintext, byte[] additionalAuthenticatedData) Encrypts the plaintext with the Content Encryption Key, using the initialisation vector and additional authenticated data, following the steps defined by the EncryptionHandler JweAlgorithm.byte[]
Generates a random JWE Initialisation Vector of the correct size for the encryption algorithm, if the EncryptionHandler JweAlgorithm does not required an initialisation vector then the initialisation vector will be an empty octet sequence.byte[]
generateJWEEncryptedKey
(Key key, Key contentEncryptionKey) Generates the Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.Creates a Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.forgerock.json.jose.jwe.handlers.encryption.EncryptionHandler
decryptContentEncryptionKey, generateJWEEncryptedKey
-
Constructor Details
-
DirectEncryptionHandler
Constructs the direct encryption handler for the given content encryption method.- Parameters:
encryptionMethod
- the content encryption method.
-
-
Method Details
-
getContentEncryptionKey
Description copied from interface:EncryptionHandler
Creates a Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.See points 1, 2, 3 in Section 5.1 of the JWE Specification.
- Specified by:
getContentEncryptionKey
in interfaceEncryptionHandler
- Returns:
- The Content Encryption Key or null if the shared key should be used directly.
-
generateJWEEncryptedKey
Description copied from interface:EncryptionHandler
Generates the Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.See points 4, 5, 6 in Section 5.1 of the JWE Specification.
- Specified by:
generateJWEEncryptedKey
in interfaceEncryptionHandler
- Parameters:
key
- The key to use to encrypt the Content Encryption Key, if the EncryptionHandler JweAlgorithm requires.contentEncryptionKey
- The Content Encryption Key (CEK).- Returns:
- A byte array of the JWE Encrypted Key.
-
generateInitialisationVector
public byte[] generateInitialisationVector()Description copied from interface:EncryptionHandler
Generates a random JWE Initialisation Vector of the correct size for the encryption algorithm, if the EncryptionHandler JweAlgorithm does not required an initialisation vector then the initialisation vector will be an empty octet sequence.See points 9 in Section 5.1 of the JWE Specification.
- Specified by:
generateInitialisationVector
in interfaceEncryptionHandler
- Returns:
- The Initialisation Vector.
-
encryptPlaintext
public JweEncryption encryptPlaintext(Key contentEncryptionKey, byte[] initialisationVector, byte[] plaintext, byte[] additionalAuthenticatedData) Description copied from interface:EncryptionHandler
Encrypts the plaintext with the Content Encryption Key, using the initialisation vector and additional authenticated data, following the steps defined by the EncryptionHandler JweAlgorithm.See points 15, 16 in Section 5.1 of the JWE Specification.
- Specified by:
encryptPlaintext
in interfaceEncryptionHandler
- Parameters:
contentEncryptionKey
- The Content Encryption Key.initialisationVector
- The Initialisation Vector.plaintext
- The plaintext to encrypt.additionalAuthenticatedData
- An array of bytes representing the additional authenticated data.- Returns:
- The JweEncryption object containing the ciphertext and authentication tag.
-
decryptContentEncryptionKey
Description copied from interface:EncryptionHandler
Decrypts the Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.See points 9, 10 in Section 5.2 of the JWE Specification.
- Specified by:
decryptContentEncryptionKey
in interfaceEncryptionHandler
- Parameters:
key
- The private key pair to the public key that encrypted the JWT.encryptedContentEncryptionKey
- The encrypted Content Encryption Key.- Returns:
- The decrypted Content Encryption Key.
-
decryptCiphertext
public byte[] decryptCiphertext(Key contentEncryptionKey, byte[] initialisationVector, byte[] ciphertext, byte[] authenticationTag, byte[] additionalAuthenticatedData) Description copied from interface:EncryptionHandler
Decrypts the ciphertext with the Content Encryption Key, using the initialisation vector and additional authenticated data, following the steps defined by the EncryptionHandler JweAlgorithm.See points 14, 15 in Section 5.2 of the JWE Specification.
- Specified by:
decryptCiphertext
in interfaceEncryptionHandler
- Parameters:
contentEncryptionKey
- The Content Encryption Key.initialisationVector
- The Initialisation Vector.ciphertext
- The ciphertext to decrypt.authenticationTag
- The authentication tag.additionalAuthenticatedData
- An array of bytes representing the additional authenticated data.- Returns:
- An array of bytes representing the decrypted ciphertext.
-