public class RSADecrypter extends Object implements JWEDecrypter
JWE objects
. This class
is thread-safe.
Supports the following JWE algorithms:
Supports the following encryption methods:
EncryptionMethod.A128CBC_HS256
EncryptionMethod.A192CBC_HS384
EncryptionMethod.A256CBC_HS512
EncryptionMethod.A128GCM
EncryptionMethod.A192GCM
EncryptionMethod.A256GCM
Accepts all registered JWE header parameters
. Modify the header filter
properties to restrict the acceptable JWE algorithms,
encryption methods and header parameters, or to allow custom JWE header
parameters.
Modifier and Type | Field and Description |
---|---|
protected Provider |
contentEncryptionProvider
The JCA provider for the content encryption,
null if not
specified (implies default one). |
protected Provider |
keyEncryptionProvider
The JCA provider for the key encryption,
null if not
specified (implies default one). |
protected Provider |
macProvider
The JCA provider for the MAC computation,
null if not
specified (implies default one). |
static Set<JWEAlgorithm> |
SUPPORTED_ALGORITHMS
The supported JWE algorithms.
|
static Set<EncryptionMethod> |
SUPPORTED_ENCRYPTION_METHODS
The supported encryption methods.
|
Constructor and Description |
---|
RSADecrypter(RSAPrivateKey privateKey)
Creates a new RSA decrypter.
|
Modifier and Type | Method and Description |
---|---|
byte[] |
decrypt(ReadOnlyJWEHeader readOnlyJWEHeader,
Base64URL encryptedKey,
Base64URL iv,
Base64URL cipherText,
Base64URL authTag)
Decrypts the specified cipher text of a
JWE Object . |
JWEHeaderFilter |
getJWEHeaderFilter()
Gets the JWE header filter associated with the decrypter.
|
RSAPrivateKey |
getPrivateKey()
Gets the private RSA key.
|
protected SecureRandom |
getSecureRandom()
Returns the secure random generator for this JWE provider.
|
void |
setContentEncryptionProvider(Provider provider)
Sets a specific JCA provider for the content encryption.
|
void |
setKeyEncryptionProvider(Provider provider)
Sets a specific JCA provider for the key encryption.
|
void |
setMACProvider(Provider provider)
Sets a specific JCA provider for MAC computation (where required by
the JWE encryption method).
|
void |
setProvider(Provider provider)
Sets a specific JCA provider, to be used for all operations.
|
void |
setSecureRandom(SecureRandom randomGen)
Sets a specific secure random generator for the initialisation
vector and other purposes requiring a random number.
|
Set<JWEAlgorithm> |
supportedAlgorithms()
Returns the names of the supported JWE algorithms.
|
Set<EncryptionMethod> |
supportedEncryptionMethods()
Returns the names of the supported encryption methods.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
setContentEncryptionProvider, setKeyEncryptionProvider, setMACProvider, setSecureRandom, supportedAlgorithms, supportedEncryptionMethods
setProvider
public static final Set<JWEAlgorithm> SUPPORTED_ALGORITHMS
public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS
protected Provider keyEncryptionProvider
null
if not
specified (implies default one).protected Provider contentEncryptionProvider
null
if not
specified (implies default one).protected Provider macProvider
null
if not
specified (implies default one).public RSADecrypter(RSAPrivateKey privateKey)
privateKey
- The private RSA key. Must not be null
.public RSAPrivateKey getPrivateKey()
public JWEHeaderFilter getJWEHeaderFilter()
JWEDecrypter
supported JWE
algorithms
and header parameters that the decrypter is configured to
accept.
Attempting to decrypt
a JWE object with an
algorithm or header parameter that is not accepted must result in a
JOSEException
.
getJWEHeaderFilter
in interface JWEDecrypter
public byte[] decrypt(ReadOnlyJWEHeader readOnlyJWEHeader, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) throws JOSEException
JWEDecrypter
JWE Object
.decrypt
in interface JWEDecrypter
readOnlyJWEHeader
- The JSON Web Encryption (JWE) header. Must
specify an accepted JWE algorithm, must contain
only accepted header parameters, and must not
be null
.encryptedKey
- The encrypted key, null
if not required
by the JWE algorithm.iv
- The initialisation vector, null
if not
required by the JWE algorithm.cipherText
- The cipher text to decrypt. Must not be
null
.authTag
- The authentication tag, null
if not
required.JOSEException
- If the JWE algorithm is not accepted, if a
header parameter is not accepted, or if
decryption failed for some other reason.public Set<JWEAlgorithm> supportedAlgorithms()
JWEAlgorithmProvider
alg
JWE header parameter.supportedAlgorithms
in interface JWEAlgorithmProvider
public Set<EncryptionMethod> supportedEncryptionMethods()
JWEAlgorithmProvider
enc
JWE header parameter.supportedEncryptionMethods
in interface JWEAlgorithmProvider
public void setProvider(Provider provider)
AlgorithmProvider
setProvider
in interface AlgorithmProvider
provider
- The JCA provider, or null
to use the default
one.public void setKeyEncryptionProvider(Provider provider)
JWEAlgorithmProvider
setKeyEncryptionProvider
in interface JWEAlgorithmProvider
provider
- The JCA provider, or null
to use the default
one.public void setContentEncryptionProvider(Provider provider)
JWEAlgorithmProvider
setContentEncryptionProvider
in interface JWEAlgorithmProvider
provider
- The JCA provider, or null
to use the default
one.public void setMACProvider(Provider provider)
JWEAlgorithmProvider
setMACProvider
in interface JWEAlgorithmProvider
provider
- The JCA provider, or null
to use the default
one.public void setSecureRandom(SecureRandom randomGen)
JWEAlgorithmProvider
setSecureRandom
in interface JWEAlgorithmProvider
randomGen
- The secure random generator, or null
to use
the default one.protected SecureRandom getSecureRandom()
Copyright © 2014 Connect2id Ltd.. All Rights Reserved.