com.nimbusds.jose.proc

Interface JWEKeySelector<C extends SecurityContext>

All Known Implementing Classes:

JWEDecryptionKeySelector

public interface JWEKeySelector<C extends SecurityContext>

Interface for selecting key candidates for decrypting a JSON Web Encryption (JWE) object. Applications should utilise this interface or a similar framework to determine whether a received JWE object (or encrypted JWT) is eligible for decryption and further processing.

The interface supports keys selection based on:

• Recognised header parameters referencing the key (e.g. kid, x5t).
• Additional SecurityContext, if required and set by the application (e.g. endpoint where the JWE object was received).

See JSON Web Signature (JWE), Appendix D. Notes on Key Selection for suggestions.

Possible key types:

• SecretKey for AES keys.
• RSAPrivateKey private RSA keys.
• ECPrivateKey private EC keys.

Version:

2016-06-21

Author:

Vladimir Dzhuvinov

Method Summary

Modifier and Type	Method and Description
List<? extends Key>	selectJWEKeys(JWEHeader header, C context) Selects key candidates for decrypting a JWE object.

Method Detail

selectJWEKeys

List<? extends Key> selectJWEKeys(JWEHeader header,
                                  C context)
                           throws KeySourceException

Selects key candidates for decrypting a JWE object.

Parameters:

header - The header of the JWE object. Must not be null.

context - Optional context of the JWE object, null if not required.

Returns:

The key candidates in trial order, empty list if none.

Throws:

KeySourceException - If a key source exception is encountered, e.g. on remote JWK retrieval.