001/* 002 * nimbus-jose-jwt 003 * 004 * Copyright 2012-2021, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.jose; 019 020 021import java.text.ParseException; 022import java.util.ArrayList; 023import java.util.HashMap; 024import java.util.List; 025import java.util.Map; 026 027import net.jcip.annotations.Immutable; 028 029import com.nimbusds.jose.util.Base64URL; 030import com.nimbusds.jose.util.JSONObjectUtils; 031 032 033/** 034 * JSON Web Encryption (JWE) recipient specific encrypted key and unprotected 035 * header. 036 * 037 * <p>This class is immutable. 038 * 039 * <p>See https://datatracker.ietf.org/doc/html/rfc7516#section-7.2 040 * 041 * @author Alexander Martynov 042 * @author Vladimir Dzhuvinov 043 * @version 2021-09-30 044 */ 045@Immutable 046public class JWERecipient { 047 048 049 private final Base64URL encryptedKey; 050 051 052 private final UnprotectedHeader header; 053 054 055 /** 056 * Creates a new JWE recipient. 057 * 058 * @param header The unprotected header, {@code null} if not 059 * specified. 060 * @param encryptedKey The encrypted key, {@code null} if not 061 * specified. 062 */ 063 public JWERecipient(final UnprotectedHeader header, final Base64URL encryptedKey) { 064 this.header = header; 065 this.encryptedKey = encryptedKey; 066 } 067 068 069 /** 070 * Returns the unprotected header for this JWE recipient. 071 * 072 * @return The unprotected header, {@code null} if not specified. 073 */ 074 public UnprotectedHeader getHeader() { 075 return header; 076 } 077 078 079 /** 080 * Returns the encrypted key for this JWE recipient. 081 * 082 * @return The encrypted key, {@code null} if not specified. 083 */ 084 public Base64URL getEncryptedKey() { 085 return encryptedKey; 086 } 087 088 089 /** 090 * Returns a JSON object representation. 091 * 092 * @return The JSON object, empty if no header and encrypted key are 093 * specified. 094 */ 095 public Map<String, Object> toJSONObject() { 096 097 Map<String, Object> json = new HashMap<>(); 098 099 if (getHeader() != null) { 100 json.put("header", getHeader().toJSONObject()); 101 } 102 103 if (getEncryptedKey() != null) { 104 json.put("encrypted_key", getEncryptedKey().toString()); 105 } 106 107 return json; 108 } 109 110 111 /** 112 * Parses a JWE recipient from the specified JSON object. 113 * 114 * @param jsonObject The JSON object to parse. Must not be 115 * {@code null}. 116 * 117 * @return The JWE recipient object. 118 * 119 * @throws ParseException If parsing failed. 120 */ 121 public static JWERecipient parse(final Map<String, Object> jsonObject) 122 throws ParseException { 123 124 UnprotectedHeader header = UnprotectedHeader.parse(JSONObjectUtils.getJSONObject(jsonObject, "header")); 125 Base64URL encryptedKey = JSONObjectUtils.getBase64URL(jsonObject, "encrypted_key"); 126 return new JWERecipient(header, encryptedKey); 127 } 128 129 130 /** 131 * Parses a JSON array of JWE recipient JSON objects. 132 * 133 * @param jsonArray The JSON array to parse. Must not be {@code null}. 134 * 135 * @return The JWE recipients. 136 * 137 * @throws ParseException If parsing failed. 138 */ 139 public static List<JWERecipient> parse(final Map<String, Object>[] jsonArray) 140 throws ParseException { 141 142 List<JWERecipient> recipients = new ArrayList<>(); 143 144 if (jsonArray != null) { 145 for (Map<String, Object> json : jsonArray) { 146 recipients.add(parse(json)); 147 } 148 } 149 150 return recipients; 151 } 152}