Package com.nimbusds.jose.proc
Interface JWEKeySelector<C extends SecurityContext>
-
- All Known Implementing Classes:
JWEDecryptionKeySelector
public interface JWEKeySelector<C extends SecurityContext>
Interface for selecting key candidates for decrypting a JSON Web Encryption (JWE) object. Applications should utilise this interface or a similar framework to determine whether a received JWE object (or encrypted JWT) is eligible fordecryption
and further processing.The interface supports keys selection based on:
- Recognised header parameters referencing the key (e.g.
kid
,x5t
). - Additional
SecurityContext
, if required and set by the application (e.g. endpoint where the JWE object was received).
See JSON Web Signature (JWE), Appendix D. Notes on Key Selection for suggestions.
Possible key types:
SecretKey
for AES keys.RSAPrivateKey
private RSA keys.ECPrivateKey
private EC keys.
- Version:
- 2016-06-21
- Author:
- Vladimir Dzhuvinov
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description List<? extends Key>
selectJWEKeys(JWEHeader header, C context)
Selects key candidates for decrypting a JWE object.
-
-
-
Method Detail
-
selectJWEKeys
List<? extends Key> selectJWEKeys(JWEHeader header, C context) throws KeySourceException
Selects key candidates for decrypting a JWE object.- Parameters:
header
- The header of the JWE object. Must not benull
.context
- Optional context of the JWE object,null
if not required.- Returns:
- The key candidates in trial order, empty list if none.
- Throws:
KeySourceException
- If a key source exception is encountered, e.g. on remote JWK retrieval.
-
-