001package com.nimbusds.jose; 002 003 004import net.jcip.annotations.Immutable; 005 006 007/** 008 * JSON Web Encryption (JWE) algorithm name, represents the {@code alg} header 009 * parameter in JWE objects. This class is immutable. 010 * 011 * <p>Includes constants for the following standard JWE algorithm names: 012 * 013 * <ul> 014 * <li>{@link #RSA1_5} 015 * <li>{@link #RSA_OAEP RSA-OAEP} 016 * <li>{@link #A128KW} 017 * <li>{@link #A192KW} 018 * <li>{@link #A256KW} 019 * <li>{@link #DIR dir} 020 * <li>{@link #ECDH_ES ECDH-ES} 021 * <li>{@link #ECDH_ES_A128KW ESDH-ES+A128KW} 022 * <li>{@link #ECDH_ES_A128KW ESDH-ES+A192KW} 023 * <li>{@link #ECDH_ES_A256KW ESDH-ES+A256KW} 024 * <li>{@link #PBES2_HS256_A128KW PBES2-HS256+A128KW} 025 * <li>{@link #PBES2_HS256_A192KW PBES2-HS256+A192KW} 026 * <li>{@link #PBES2_HS256_A256KW PBES2-HS256+A256KW} 027 * </ul> 028 * 029 * <p>Additional JWE algorithm names can be defined using the constructors. 030 * 031 * @author Vladimir Dzhuvinov 032 * @version $version$ (2013-05-06) 033 */ 034@Immutable 035public final class JWEAlgorithm extends Algorithm { 036 037 038 /** 039 * RSAES-PKCS1-V1_5 (RFC 3447) (required). 040 */ 041 public static final JWEAlgorithm RSA1_5 = new JWEAlgorithm("RSA1_5", Requirement.REQUIRED); 042 043 044 /** 045 * RSAES using Optimal Assymetric Encryption Padding (OAEP) (RFC 3447), 046 * with the default parameters specified by RFC 3447 in section A.2.1 047 * (recommended). 048 */ 049 public static final JWEAlgorithm RSA_OAEP = new JWEAlgorithm("RSA-OAEP", Requirement.RECOMMENDED); 050 051 052 /** 053 * Advanced Encryption Standard (AES) Key Wrap Algorithm (RFC 3394) 054 * using 128 bit keys (recommended). 055 */ 056 public static final JWEAlgorithm A128KW = new JWEAlgorithm("A128KW", Requirement.RECOMMENDED); 057 058 059 /** 060 * Advanced Encryption Standard (AES) Key Wrap Algorithm (RFC 3394) 061 * using 192 bit keys (optional). 062 */ 063 public static final JWEAlgorithm A192KW = new JWEAlgorithm("A192KW", Requirement.OPTIONAL); 064 065 066 /** 067 * Advanced Encryption Standard (AES) Key Wrap Algorithm (RFC 3394) 068 * using 256 bit keys (recommended). 069 */ 070 public static final JWEAlgorithm A256KW = new JWEAlgorithm("A256KW", Requirement.RECOMMENDED); 071 072 073 /** 074 * Direct use of a shared symmetric key as the Content Encryption Key 075 * (CEK) for the block encryption step (rather than using the symmetric 076 * key to wrap the CEK) (recommended). 077 */ 078 public static final JWEAlgorithm DIR = new JWEAlgorithm("dir", Requirement.RECOMMENDED); 079 080 081 /** 082 * Elliptic Curve Diffie-Hellman Ephemeral Static (RFC 6090) key 083 * agreement using the Concat KDF, as defined in section 5.8.1 of 084 * NIST.800-56A, with the agreed-upon key being used directly as the 085 * Content Encryption Key (CEK) (rather than being used to wrap the 086 * CEK) (recommended). 087 */ 088 public static final JWEAlgorithm ECDH_ES = new JWEAlgorithm("ECDH-ES", Requirement.RECOMMENDED); 089 090 091 /** 092 * Elliptic Curve Diffie-Hellman Ephemeral Static key agreement per 093 * "ECDH-ES", but where the agreed-upon key is used to wrap the Content 094 * Encryption Key (CEK) with the "A128KW" function (rather than being 095 * used directly as the CEK) (recommended). 096 */ 097 public static final JWEAlgorithm ECDH_ES_A128KW = new JWEAlgorithm("ECDH-ES+A128KW", Requirement.RECOMMENDED); 098 099 100 /** 101 * Elliptic Curve Diffie-Hellman Ephemeral Static key agreement per 102 * "ECDH-ES", but where the agreed-upon key is used to wrap the Content 103 * Encryption Key (CEK) with the "A192KW" function (rather than being 104 * used directly as the CEK) (optional). 105 */ 106 public static final JWEAlgorithm ECDH_ES_A192KW = new JWEAlgorithm("ECDH-ES+A192KW", Requirement.OPTIONAL); 107 108 109 /** 110 * Elliptic Curve Diffie-Hellman Ephemeral Static key agreement per 111 * "ECDH-ES", but where the agreed-upon key is used to wrap the Content 112 * Encryption Key (CEK) with the "A256KW" function (rather than being 113 * used directly as the CEK) (recommended). 114 */ 115 public static final JWEAlgorithm ECDH_ES_A256KW = new JWEAlgorithm("ECDH-ES+A256KW", Requirement.RECOMMENDED); 116 117 118 /** 119 * AES in Galois/Counter Mode (GCM) (NIST.800-38D) 128 bit keys 120 * (optional). 121 */ 122 public static final JWEAlgorithm A128GCMKW = new JWEAlgorithm("A128GCMKW", Requirement.OPTIONAL); 123 124 125 /** 126 * AES in Galois/Counter Mode (GCM) (NIST.800-38D) 192 bit keys 127 * (optional). 128 */ 129 public static final JWEAlgorithm A192GCMKW = new JWEAlgorithm("A192GCMKW", Requirement.OPTIONAL); 130 131 132 /** 133 * AES in Galois/Counter Mode (GCM) (NIST.800-38D) 256 bit keys 134 * (optional). 135 */ 136 public static final JWEAlgorithm A256GCMKW = new JWEAlgorithm("A256GCMKW", Requirement.OPTIONAL); 137 138 139 /** 140 * PBES2 (RFC 2898) with HMAC SHA-256 as the PRF and AES Key Wrap 141 * (RFC 3394) using 128 bit keys for the encryption scheme (optional). 142 */ 143 public static final JWEAlgorithm PBES2_HS256_A128KW = new JWEAlgorithm("PBES2-HS256+A128KW", Requirement.OPTIONAL); 144 145 146 /** 147 * PBES2 (RFC 2898) with HMAC SHA-256 as the PRF and AES Key Wrap 148 * (RFC 3394) using 192 bit keys for the encryption scheme (optional). 149 */ 150 public static final JWEAlgorithm PBES2_HS256_A192KW = new JWEAlgorithm("PBES2-HS256+A192KW", Requirement.OPTIONAL); 151 152 153 /** 154 * PBES2 (RFC 2898) with HMAC SHA-256 as the PRF and AES Key Wrap 155 * (RFC 3394) using 256 bit keys for the encryption scheme (optional). 156 */ 157 public static final JWEAlgorithm PBES2_HS256_A256KW = new JWEAlgorithm("PBES2-HS256+A256KW", Requirement.OPTIONAL); 158 159 160 /** 161 * Creates a new JSON Web Encryption (JWE) algorithm. 162 * 163 * @param name The algorithm name. Must not be {@code null}. 164 * @param req The implementation requirement, {@code null} if not 165 * known. 166 */ 167 public JWEAlgorithm(final String name, final Requirement req) { 168 169 super(name, req); 170 } 171 172 173 /** 174 * Creates a new JSON Web Encryption (JWE) algorithm. 175 * 176 * @param name The algorithm name. Must not be {@code null}. 177 */ 178 public JWEAlgorithm(final String name) { 179 180 super(name, null); 181 } 182 183 184 /** 185 * Parses a JWE algorithm from the specified string. 186 * 187 * @param s The string to parse. Must not be {@code null}. 188 * 189 * @return The JWE algorithm (matching standard algorithm constant, else 190 * a newly created algorithm). 191 */ 192 public static JWEAlgorithm parse(final String s) { 193 194 if (s.equals(RSA1_5.getName())) { 195 return RSA1_5; 196 } else if (s.equals(RSA_OAEP.getName())) { 197 return RSA_OAEP; 198 } else if (s.equals(A128KW.getName())) { 199 return A128KW; 200 } else if (s.equals(A192KW.getName())) { 201 return A192KW; 202 } else if (s.equals(A256KW.getName())) { 203 return A256KW; 204 } else if (s.equals(DIR.getName())) { 205 return DIR; 206 } else if (s.equals(ECDH_ES.getName())) { 207 return ECDH_ES; 208 } else if (s.equals(ECDH_ES_A128KW.getName())) { 209 return ECDH_ES_A128KW; 210 } else if (s.equals(ECDH_ES_A192KW.getName())) { 211 return ECDH_ES_A192KW; 212 } else if (s.equals(ECDH_ES_A256KW.getName())) { 213 return ECDH_ES_A256KW; 214 } else if (s.equals(A128GCMKW.getName())) { 215 return A128GCMKW; 216 } else if (s.equals(A192GCMKW.getName())) { 217 return A192GCMKW; 218 } else if (s.equals(A256GCMKW.getName())) { 219 return A256GCMKW; 220 } else if (s.equals(PBES2_HS256_A128KW.getName())) { 221 return PBES2_HS256_A128KW; 222 } else if (s.equals(PBES2_HS256_A192KW.getName())) { 223 return PBES2_HS256_A192KW; 224 } else if (s.equals(PBES2_HS256_A256KW.getName())) { 225 return PBES2_HS256_A256KW; 226 } else { 227 return new JWEAlgorithm(s); 228 } 229 } 230}