com.nimbusds.jose.crypto

Class RSADecrypter

java.lang.Object

com.nimbusds.jose.crypto.RSADecrypter

All Implemented Interfaces:

AlgorithmProvider, JWEAlgorithmProvider, JWEDecrypter

public class RSADecrypter
extends Object
implements JWEDecrypter

RSA decrypter of JWE objects. This class is thread-safe.

Supports the following JWE algorithms:

• JWEAlgorithm.RSA1_5
• JWEAlgorithm.RSA_OAEP
• JWEAlgorithm.RSA_OAEP_256

Supports the following encryption methods:

• EncryptionMethod.A128CBC_HS256
• EncryptionMethod.A192CBC_HS384
• EncryptionMethod.A256CBC_HS512
• EncryptionMethod.A128GCM
• EncryptionMethod.A192GCM
• EncryptionMethod.A256GCM
• EncryptionMethod.A128CBC_HS256_DEPRECATED
• EncryptionMethod.A256CBC_HS512_DEPRECATED

Accepts all registered JWE header parameters. Use setAcceptedAlgorithms(java.util.Set<com.nimbusds.jose.JWEAlgorithm>) and setAcceptedEncryptionMethods(java.util.Set<com.nimbusds.jose.EncryptionMethod>) to restrict the acceptable JWE algorithms and encryption methods.

Version:

$version$ (2014-05-23)

Author:

David Ortiz, Vladimir Dzhuvinov

Field Summary

Fields

Modifier and Type	Field and Description
protected Provider	contentEncryptionProvider The JCA provider for the content encryption, null if not specified (implies default one).
protected Provider	keyEncryptionProvider The JCA provider for the key encryption, null if not specified (implies default one).
protected Provider	macProvider The JCA provider for the MAC computation, null if not specified (implies default one).
static Set<JWEAlgorithm>	SUPPORTED_ALGORITHMS The supported JWE algorithms.
static Set<EncryptionMethod>	SUPPORTED_ENCRYPTION_METHODS The supported encryption methods.

Constructor Summary

Constructors

Constructor and Description
RSADecrypter(RSAPrivateKey privateKey) Creates a new RSA decrypter.

Method Summary

Methods

Modifier and Type	Method and Description
byte[]	decrypt(ReadOnlyJWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) Decrypts the specified cipher text of a JWE Object.
Set<JWEAlgorithm>	getAcceptedAlgorithms() Gets the names of the accepted JWE algorithms.
Set<EncryptionMethod>	getAcceptedEncryptionMethods() Gets the names of the accepted encryption methods.
Set<String>	getIgnoredCriticalHeaderParameters() Gets the names of the critical JWE header parameters to ignore.
RSAPrivateKey	getPrivateKey() Gets the private RSA key.
protected SecureRandom	getSecureRandom() Returns the secure random generator for this JWE provider.
void	setAcceptedAlgorithms(Set<JWEAlgorithm> acceptedAlgs) Sets the names of the accepted JWE algorithms.
void	setAcceptedEncryptionMethods(Set<EncryptionMethod> acceptedEncs) Sets the names of the accepted encryption methods.
void	setContentEncryptionProvider(Provider provider) Sets a specific JCA provider for the content encryption.
void	setIgnoredCriticalHeaderParameters(Set<String> headers) Sets the names of the critical JWE header parameters to ignore.
void	setKeyEncryptionProvider(Provider provider) Sets a specific JCA provider for the key encryption.
void	setMACProvider(Provider provider) Sets a specific JCA provider for MAC computation (where required by the JWE encryption method).
void	setProvider(Provider provider) Sets a specific JCA provider, to be used for all operations.
void	setSecureRandom(SecureRandom randomGen) Sets a specific secure random generator for the initialisation vector and other purposes requiring a random number.
Set<JWEAlgorithm>	supportedAlgorithms() Returns the names of the supported JWE algorithms.
Set<EncryptionMethod>	supportedEncryptionMethods() Returns the names of the supported encryption methods.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.nimbusds.jose.JWEAlgorithmProvider

setContentEncryptionProvider, setKeyEncryptionProvider, setMACProvider, setSecureRandom, supportedAlgorithms, supportedEncryptionMethods

Methods inherited from interface com.nimbusds.jose.AlgorithmProvider

setProvider

Field Detail

SUPPORTED_ALGORITHMS

public static final Set<JWEAlgorithm> SUPPORTED_ALGORITHMS

The supported JWE algorithms.

SUPPORTED_ENCRYPTION_METHODS

public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS

The supported encryption methods.

keyEncryptionProvider

protected Provider keyEncryptionProvider

The JCA provider for the key encryption, null if not specified (implies default one).

contentEncryptionProvider

protected Provider contentEncryptionProvider

The JCA provider for the content encryption, null if not specified (implies default one).

macProvider

protected Provider macProvider

The JCA provider for the MAC computation, null if not specified (implies default one).

Constructor Detail

RSADecrypter

public RSADecrypter(RSAPrivateKey privateKey)

Creates a new RSA decrypter.

Parameters:

privateKey - The private RSA key. Must not be null.

Method Detail

getPrivateKey

public RSAPrivateKey getPrivateKey()

Gets the private RSA key.

Returns:

The private RSA key.

getAcceptedAlgorithms

public Set<JWEAlgorithm> getAcceptedAlgorithms()

Description copied from interface: JWEDecrypter

Gets the names of the accepted JWE algorithms. These correspond to the alg JWE header parameter.

Specified by:

getAcceptedAlgorithms in interface JWEDecrypter

Returns:

The accepted JWE algorithms, as a read-only set, empty set if none.

setAcceptedAlgorithms

public void setAcceptedAlgorithms(Set<JWEAlgorithm> acceptedAlgs)

Description copied from interface: JWEDecrypter

Sets the names of the accepted JWE algorithms. These correspond to the alg JWE header parameter.

Specified by:

setAcceptedAlgorithms in interface JWEDecrypter

Parameters:

acceptedAlgs - The accepted JWE algorithms. Must be a subset of the supported algorithms and not null.

getAcceptedEncryptionMethods

public Set<EncryptionMethod> getAcceptedEncryptionMethods()

Description copied from interface: JWEDecrypter

Gets the names of the accepted encryption methods. These correspond to the enc JWE header parameter.

Specified by:

getAcceptedEncryptionMethods in interface JWEDecrypter

Returns:

The accepted encryption methods, as a read-only set, empty set if none.

setAcceptedEncryptionMethods

public void setAcceptedEncryptionMethods(Set<EncryptionMethod> acceptedEncs)

Description copied from interface: JWEDecrypter

Sets the names of the accepted encryption methods. These correspond to the enc JWE header parameter.

Specified by:

setAcceptedEncryptionMethods in interface JWEDecrypter

Parameters:

acceptedEncs - The accepted encryption methods. Must be a subset of the supported encryption methods and not null.

getIgnoredCriticalHeaderParameters

public Set<String> getIgnoredCriticalHeaderParameters()

Description copied from interface: JWEDecrypter

Gets the names of the critical JWE header parameters to ignore. These are indicated by the crit header parameter. The JWE decrypter should not ignore critical headers by default.

Specified by:

getIgnoredCriticalHeaderParameters in interface JWEDecrypter

Returns:

The names of the critical JWS header parameters to ignore, empty or null if none.

setIgnoredCriticalHeaderParameters

public void setIgnoredCriticalHeaderParameters(Set<String> headers)

Description copied from interface: JWEDecrypter

Sets the names of the critical JWE header parameters to ignore. These are indicated by the crit header parameter. The JWE decrypter should not ignore critical headers by default. Use this setter to delegate processing of selected critical headers to the application.

Specified by:

setIgnoredCriticalHeaderParameters in interface JWEDecrypter

Parameters:

headers - The names of the critical JWS header parameters to ignore, empty or null if none.

decrypt

public byte[] decrypt(ReadOnlyJWEHeader header,
             Base64URL encryptedKey,
             Base64URL iv,
             Base64URL cipherText,
             Base64URL authTag)
               throws JOSEException

Description copied from interface: JWEDecrypter

Decrypts the specified cipher text of a JWE Object.

Specified by:

decrypt in interface JWEDecrypter

Parameters:

header - The JSON Web Encryption (JWE) header. Must specify an accepted JWE algorithm, must contain only accepted header parameters, and must not be null.

encryptedKey - The encrypted key, null if not required by the JWE algorithm.

iv - The initialisation vector, null if not required by the JWE algorithm.

cipherText - The cipher text to decrypt. Must not be null.

authTag - The authentication tag, null if not required.

Returns:

The clear text.

Throws:

JOSEException - If the JWE algorithm is not accepted, if a header parameter is not accepted, or if decryption failed for some other reason.

supportedAlgorithms

public Set<JWEAlgorithm> supportedAlgorithms()

Description copied from interface: JWEAlgorithmProvider

Returns the names of the supported JWE algorithms. These correspond to the alg JWE header parameter.

Specified by:

supportedAlgorithms in interface JWEAlgorithmProvider

Returns:

The supported JWE algorithms, empty set if none.

supportedEncryptionMethods

public Set<EncryptionMethod> supportedEncryptionMethods()

Description copied from interface: JWEAlgorithmProvider

Returns the names of the supported encryption methods. These correspond to the enc JWE header parameter.

Specified by:

supportedEncryptionMethods in interface JWEAlgorithmProvider

Returns:

The supported encryption methods, empty set if none.

setProvider

public void setProvider(Provider provider)

Description copied from interface: AlgorithmProvider

Sets a specific JCA provider, to be used for all operations.

Specified by:

setProvider in interface AlgorithmProvider

Parameters:

provider - The JCA provider, or null to use the default one.

setKeyEncryptionProvider

public void setKeyEncryptionProvider(Provider provider)

Description copied from interface: JWEAlgorithmProvider

Sets a specific JCA provider for the key encryption.

Specified by:

setKeyEncryptionProvider in interface JWEAlgorithmProvider

Parameters:

provider - The JCA provider, or null to use the default one.

setContentEncryptionProvider

public void setContentEncryptionProvider(Provider provider)

Description copied from interface: JWEAlgorithmProvider

Sets a specific JCA provider for the content encryption.

Specified by:

setContentEncryptionProvider in interface JWEAlgorithmProvider

Parameters:

provider - The JCA provider, or null to use the default one.

setMACProvider

public void setMACProvider(Provider provider)

Description copied from interface: JWEAlgorithmProvider

Sets a specific JCA provider for MAC computation (where required by the JWE encryption method).

Specified by:

setMACProvider in interface JWEAlgorithmProvider

Parameters:

provider - The JCA provider, or null to use the default one.

setSecureRandom

public void setSecureRandom(SecureRandom randomGen)

Description copied from interface: JWEAlgorithmProvider

Sets a specific secure random generator for the initialisation vector and other purposes requiring a random number.

Specified by:

setSecureRandom in interface JWEAlgorithmProvider

Parameters:

randomGen - The secure random generator, or null to use the default one.

getSecureRandom

protected SecureRandom getSecureRandom()

Returns the secure random generator for this JWE provider.

Returns:

The secure random generator.