Package com.nimbusds.jose.crypto
Class PasswordBasedDecrypter
java.lang.Object
com.nimbusds.jose.crypto.impl.BaseJWEProvider
com.nimbusds.jose.crypto.impl.PasswordBasedCryptoProvider
com.nimbusds.jose.crypto.PasswordBasedDecrypter
- All Implemented Interfaces:
CriticalHeaderParamsAware
,JCAAware<JWEJCAContext>
,JOSEProvider
,JWEDecrypter
,JWEProvider
@ThreadSafe
public class PasswordBasedDecrypter
extends PasswordBasedCryptoProvider
implements JWEDecrypter, CriticalHeaderParamsAware
Password-based decrypter of
JWE objects
.
Expects a password.
See RFC 7518 section 4.8 for more information.
This class is thread-safe.
Supports the following key management algorithms:
Supports the following content encryption algorithms:
- Version:
- 2023-12-03
- Author:
- Vladimir Dzhuvinov, Egor Puzanov
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final int
The maximum allowed iteration count (1 million).Fields inherited from class com.nimbusds.jose.crypto.impl.PasswordBasedCryptoProvider
SUPPORTED_ALGORITHMS, SUPPORTED_ENCRYPTION_METHODS
-
Constructor Summary
ConstructorsConstructorDescriptionPasswordBasedDecrypter
(byte[] password) Creates a new password-based decrypter.PasswordBasedDecrypter
(String password) Creates a new password-based decrypter. -
Method Summary
Modifier and TypeMethodDescriptionbyte[]
decrypt
(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) Deprecated.byte[]
decrypt
(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag, byte[] aad) Decrypts the specified cipher text of aJWE Object
.Returns the names of the critical (crit
) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.Returns the names of the critical (crit
) header parameters that are understood and processed by the JWS verifier / JWE decrypter.Methods inherited from class com.nimbusds.jose.crypto.impl.PasswordBasedCryptoProvider
getPassword, getPasswordString
Methods inherited from class com.nimbusds.jose.crypto.impl.BaseJWEProvider
getCEK, getJCAContext, isCEKProvided, supportedEncryptionMethods, supportedJWEAlgorithms
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface com.nimbusds.jose.jca.JCAAware
getJCAContext
Methods inherited from interface com.nimbusds.jose.JWEProvider
supportedEncryptionMethods, supportedJWEAlgorithms
-
Field Details
-
MAX_ALLOWED_ITERATION_COUNT
The maximum allowed iteration count (1 million).- See Also:
-
-
Constructor Details
-
PasswordBasedDecrypter
Creates a new password-based decrypter.- Parameters:
password
- The password bytes. Must not be empty ornull
.
-
PasswordBasedDecrypter
Creates a new password-based decrypter.- Parameters:
password
- The password, as a UTF-8 encoded string. Must not be empty ornull
.
-
-
Method Details
-
getProcessedCriticalHeaderParams
Description copied from interface:CriticalHeaderParamsAware
Returns the names of the critical (crit
) header parameters that are understood and processed by the JWS verifier / JWE decrypter.- Specified by:
getProcessedCriticalHeaderParams
in interfaceCriticalHeaderParamsAware
- Returns:
- The names of the critical header parameters that are understood and processed, empty set if none.
-
getDeferredCriticalHeaderParams
Description copied from interface:CriticalHeaderParamsAware
Returns the names of the critical (crit
) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.- Specified by:
getDeferredCriticalHeaderParams
in interfaceCriticalHeaderParamsAware
- Returns:
- The names of the critical header parameters that are deferred to the application for processing, empty set if none.
-
decrypt
@Deprecated public byte[] decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) throws JOSEException Deprecated.Decrypts the specified cipher text of aJWE Object
.- Parameters:
header
- The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not benull
.encryptedKey
- The encrypted key,null
if not required by the JWE algorithm.iv
- The initialisation vector,null
if not required by the JWE algorithm.cipherText
- The cipher text to decrypt. Must not benull
.authTag
- The authentication tag,null
if not required.- Returns:
- The clear text.
- Throws:
JOSEException
- If the JWE algorithm or method is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if decryption failed for some other reason.
-
decrypt
public byte[] decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag, byte[] aad) throws JOSEException Description copied from interface:JWEDecrypter
Decrypts the specified cipher text of aJWE Object
.- Specified by:
decrypt
in interfaceJWEDecrypter
- Parameters:
header
- The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not benull
.encryptedKey
- The encrypted key,null
if not required by the JWE algorithm.iv
- The initialisation vector,null
if not required by the JWE algorithm.cipherText
- The cipher text to decrypt. Must not benull
.authTag
- The authentication tag,null
if not required.aad
- The additional authenticated data. Must not benull
.- Returns:
- The clear text.
- Throws:
JOSEException
- If the JWE algorithm or method is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if decryption failed for some other reason.
-