com.nimbusds.jose.crypto.DirectCryptoProvider Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of nimbus-jose-jwt Show documentation
Java library for Javascript Object Signing and Encryption (JOSE) and JSON Web Tokens (JWT)
There is a newer version: 9.48
package com.nimbusds.jose.crypto;


import java.util.*;

import javax.crypto.SecretKey;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.util.ByteUtils;


/**
 * The base abstract class for direct encrypters and decrypters of
 * {@link com.nimbusds.jose.JWEObject JWE objects} with a shared symmetric key.
 *
 * Supports the following key management algorithms:
 *
 * 

 *     {@link com.nimbusds.jose.JWEAlgorithm#DIR}
 * 
 *
 * Supports the following content encryption algorithms:
 *
 * 

 *     {@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256}
 *     
{@link com.nimbusds.jose.EncryptionMethod#A192CBC_HS384}
 *     
{@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512}
 *     
{@link com.nimbusds.jose.EncryptionMethod#A128GCM}
 *     
{@link com.nimbusds.jose.EncryptionMethod#A192GCM}
 *     
{@link com.nimbusds.jose.EncryptionMethod#A256GCM}
 *     
{@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256_DEPRECATED}
 *     
{@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512_DEPRECATED}
 * 
 * 
 * @author Vladimir Dzhuvinov
 * @version 2015-06-29
 */
abstract class DirectCryptoProvider extends BaseJWEProvider {


	/**
	 * The supported JWE algorithms by the direct crypto provider class.
	 */
	public static final Set SUPPORTED_ALGORITHMS;


	/**
	 * The supported encryption methods by the direct crypto provider
	 * class.
	 */
	public static final Set SUPPORTED_ENCRYPTION_METHODS = ContentCryptoProvider.SUPPORTED_ENCRYPTION_METHODS;


	static {
		Set algs = new LinkedHashSet<>();
		algs.add(JWEAlgorithm.DIR);
		SUPPORTED_ALGORITHMS = Collections.unmodifiableSet(algs);
	}


	/**
	 * Returns the compatible encryption methods for the specified Content
	 * Encryption Key (CEK) length.
	 *
	 * @param cekLength The CEK length in bits.
	 *
	 * @return The compatible encryption methods.
	 *
	 * @throws KeyLengthException If the CEK length is not compatible.
	 */
	private static Set getCompatibleEncryptionMethods(final int cekLength)
		throws KeyLengthException {

		Set encs = ContentCryptoProvider.COMPATIBLE_ENCRYPTION_METHODS.get(cekLength);

		if (encs == null) {
			throw new KeyLengthException("The Content Encryption Key length must be 128 bits (16 bytes), 192 bits (24 bytes), 256 bits (32 bytes), 384 bits (48 bytes) or 512 bites (64 bytes)");
		}

		return encs;
	}


	/**
	 * The Content Encryption Key (CEK).
	 */
	private final SecretKey cek;


	/**
	 * Creates a new direct encryption / decryption provider.
	 *
	 * @param cek The Content Encryption Key (CEK). Must be 128 bits (16
	 *            bytes), 192 bits (24 bytes), 256 bits (32 bytes), 384
	 *            bits (48 bytes) or 512 bits (64 bytes) long. Must not be
	 *            {@code null}.
	 *
	 * @throws KeyLengthException If the CEK length is not compatible.
	 */
	protected DirectCryptoProvider(final SecretKey cek)
		throws KeyLengthException {

		super(SUPPORTED_ALGORITHMS, getCompatibleEncryptionMethods(ByteUtils.bitLength(cek.getEncoded())));

		this.cek = cek;
	}


	/**
	 * Gets the Content Encryption Key (CEK).
	 *
	 * @return The key.
	 */
	public SecretKey getKey() {

		return cek;
	}
}