@ThreadSafe public class RSADecrypter extends Object implements JWEDecrypter
JWE objects
. This class
is thread-safe.
Supports the following JWE algorithms:
Supports the following encryption methods:
EncryptionMethod.A128CBC_HS256
EncryptionMethod.A192CBC_HS384
EncryptionMethod.A256CBC_HS512
EncryptionMethod.A128GCM
EncryptionMethod.A192GCM
EncryptionMethod.A256GCM
EncryptionMethod.A128CBC_HS256_DEPRECATED
EncryptionMethod.A256CBC_HS512_DEPRECATED
Accepts all registered JWE header parameters
. Use setAcceptedAlgorithms(java.util.Set<com.nimbusds.jose.JWEAlgorithm>)
and
setAcceptedEncryptionMethods(java.util.Set<com.nimbusds.jose.EncryptionMethod>)
to restrict the acceptable JWE
algorithms and encryption methods.
Modifier and Type | Field and Description |
---|---|
protected Provider |
contentEncryptionProvider
The JCA provider for the content encryption,
null if not
specified (implies default one). |
protected Provider |
keyEncryptionProvider
The JCA provider for the key encryption,
null if not
specified (implies default one). |
protected Provider |
macProvider
The JCA provider for the MAC computation,
null if not
specified (implies default one). |
static Set<JWEAlgorithm> |
SUPPORTED_ALGORITHMS
The supported JWE algorithms.
|
static Set<EncryptionMethod> |
SUPPORTED_ENCRYPTION_METHODS
The supported encryption methods.
|
Constructor and Description |
---|
RSADecrypter(RSAPrivateKey privateKey)
Creates a new RSA decrypter.
|
Modifier and Type | Method and Description |
---|---|
byte[] |
decrypt(JWEHeader header,
Base64URL encryptedKey,
Base64URL iv,
Base64URL cipherText,
Base64URL authTag)
Decrypts the specified cipher text of a
JWE Object . |
Set<JWEAlgorithm> |
getAcceptedAlgorithms()
Gets the names of the accepted JWE algorithms.
|
Set<EncryptionMethod> |
getAcceptedEncryptionMethods()
Gets the names of the accepted encryption methods.
|
Set<String> |
getIgnoredCriticalHeaderParameters()
Gets the names of the critical JWE header parameters to ignore.
|
RSAPrivateKey |
getPrivateKey()
Gets the private RSA key.
|
protected SecureRandom |
getSecureRandom()
Returns the secure random generator for this JWE provider.
|
void |
setAcceptedAlgorithms(Set<JWEAlgorithm> acceptedAlgs)
Sets the names of the accepted JWE algorithms.
|
void |
setAcceptedEncryptionMethods(Set<EncryptionMethod> acceptedEncs)
Sets the names of the accepted encryption methods.
|
void |
setContentEncryptionProvider(Provider provider)
Sets a specific JCA provider for the content encryption.
|
void |
setIgnoredCriticalHeaderParameters(Set<String> headers)
Sets the names of the critical JWE header parameters to ignore.
|
void |
setKeyEncryptionProvider(Provider provider)
Sets a specific JCA provider for the key encryption.
|
void |
setMACProvider(Provider provider)
Sets a specific JCA provider for MAC computation (where required by
the JWE encryption method).
|
void |
setProvider(Provider provider)
Sets a specific JCA provider, to be used for all operations.
|
void |
setSecureRandom(SecureRandom randomGen)
Sets a specific secure random generator for the initialisation
vector and other purposes requiring a random number.
|
Set<JWEAlgorithm> |
supportedAlgorithms()
Returns the names of the supported JWE algorithms.
|
Set<EncryptionMethod> |
supportedEncryptionMethods()
Returns the names of the supported encryption methods.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
setContentEncryptionProvider, setKeyEncryptionProvider, setMACProvider, setSecureRandom, supportedAlgorithms, supportedEncryptionMethods
setProvider
public static final Set<JWEAlgorithm> SUPPORTED_ALGORITHMS
public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS
protected Provider keyEncryptionProvider
null
if not
specified (implies default one).protected Provider contentEncryptionProvider
null
if not
specified (implies default one).protected Provider macProvider
null
if not
specified (implies default one).public RSADecrypter(RSAPrivateKey privateKey)
privateKey
- The private RSA key. Must not be null
.public RSAPrivateKey getPrivateKey()
public Set<JWEAlgorithm> getAcceptedAlgorithms()
JWEDecrypter
alg
JWE header parameter.getAcceptedAlgorithms
in interface JWEDecrypter
JWEDecrypter.setAcceptedAlgorithms(java.util.Set<com.nimbusds.jose.JWEAlgorithm>)
public void setAcceptedAlgorithms(Set<JWEAlgorithm> acceptedAlgs)
JWEDecrypter
alg
JWE header parameter.
For JWE decrypters that support multiple JWE algorithms this method can be used to indicate that only a subset should be accepted for processing.
setAcceptedAlgorithms
in interface JWEDecrypter
acceptedAlgs
- The accepted JWE algorithms. Must be a subset of
the supported algorithms and not null
.public Set<EncryptionMethod> getAcceptedEncryptionMethods()
JWEDecrypter
enc
JWE header parameter.getAcceptedEncryptionMethods
in interface JWEDecrypter
JWEDecrypter.setAcceptedEncryptionMethods(java.util.Set<com.nimbusds.jose.EncryptionMethod>)
public void setAcceptedEncryptionMethods(Set<EncryptionMethod> acceptedEncs)
JWEDecrypter
enc
JWE header parameter.
For JWE decrypters that support multiple encryption methods this method can be used to indicate that only a subset should be accepted for processing.
setAcceptedEncryptionMethods
in interface JWEDecrypter
acceptedEncs
- The accepted encryption methods. Must be a
subset of the supported encryption methods and
not null
.public Set<String> getIgnoredCriticalHeaderParameters()
JWEDecrypter
crit
header parameter. The JWE
decrypter should not ignore critical headers by default.getIgnoredCriticalHeaderParameters
in interface JWEDecrypter
null
if none.public void setIgnoredCriticalHeaderParameters(Set<String> headers)
JWEDecrypter
crit
header parameter. The JWE
decrypter should not ignore critical headers by default. Use this
setter to delegate processing of selected critical headers to the
application.setIgnoredCriticalHeaderParameters
in interface JWEDecrypter
headers
- The names of the critical JWS header parameters to
ignore, empty or null
if none.public byte[] decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) throws JOSEException
JWEDecrypter
JWE Object
.decrypt
in interface JWEDecrypter
header
- The JSON Web Encryption (JWE) header. Must
specify an accepted JWE algorithm, must contain
only accepted header parameters, and must not
be null
.encryptedKey
- The encrypted key, null
if not required
by the JWE algorithm.iv
- The initialisation vector, null
if not
required by the JWE algorithm.cipherText
- The cipher text to decrypt. Must not be
null
.authTag
- The authentication tag, null
if not
required.JOSEException
- If the JWE algorithm is not accepted, if a
header parameter is not accepted, or if
decryption failed for some other reason.public Set<JWEAlgorithm> supportedAlgorithms()
JWEAlgorithmProvider
alg
JWE header parameter.supportedAlgorithms
in interface JWEAlgorithmProvider
public Set<EncryptionMethod> supportedEncryptionMethods()
JWEAlgorithmProvider
enc
JWE header parameter.supportedEncryptionMethods
in interface JWEAlgorithmProvider
public void setProvider(Provider provider)
AlgorithmProvider
setProvider
in interface AlgorithmProvider
provider
- The JCA provider, or null
to use the default
one.public void setKeyEncryptionProvider(Provider provider)
JWEAlgorithmProvider
setKeyEncryptionProvider
in interface JWEAlgorithmProvider
provider
- The JCA provider, or null
to use the default
one.public void setContentEncryptionProvider(Provider provider)
JWEAlgorithmProvider
setContentEncryptionProvider
in interface JWEAlgorithmProvider
provider
- The JCA provider, or null
to use the default
one.public void setMACProvider(Provider provider)
JWEAlgorithmProvider
setMACProvider
in interface JWEAlgorithmProvider
provider
- The JCA provider, or null
to use the default
one.public void setSecureRandom(SecureRandom randomGen)
JWEAlgorithmProvider
setSecureRandom
in interface JWEAlgorithmProvider
randomGen
- The secure random generator, or null
to use
the default one.protected SecureRandom getSecureRandom()
Copyright © 2015 Connect2id Ltd.. All Rights Reserved.