Package com.nimbusds.jose.crypto
Class PasswordBasedDecrypter
- java.lang.Object
-
- com.nimbusds.jose.crypto.impl.BaseJWEProvider
-
- com.nimbusds.jose.crypto.impl.PasswordBasedCryptoProvider
-
- com.nimbusds.jose.crypto.PasswordBasedDecrypter
-
- All Implemented Interfaces:
CriticalHeaderParamsAware,JCAAware<JWEJCAContext>,JOSEProvider,JWEDecrypter,JWEProvider
@ThreadSafe public class PasswordBasedDecrypter extends PasswordBasedCryptoProvider implements JWEDecrypter, CriticalHeaderParamsAware
Password-based decrypter ofJWE objects. Expects a password.See RFC 7518 section 4.8 for more information.
This class is thread-safe.
Supports the following key management algorithms:
Supports the following content encryption algorithms:
- Version:
- 2023-12-03
- Author:
- Vladimir Dzhuvinov, Egor Puzanov
-
-
Field Summary
Fields Modifier and Type Field Description static intMAX_ALLOWED_ITERATION_COUNTThe maximum allowed iteration count (1 million).-
Fields inherited from class com.nimbusds.jose.crypto.impl.PasswordBasedCryptoProvider
SUPPORTED_ALGORITHMS, SUPPORTED_ENCRYPTION_METHODS
-
-
Constructor Summary
Constructors Constructor Description PasswordBasedDecrypter(byte[] password)Creates a new password-based decrypter.PasswordBasedDecrypter(String password)Creates a new password-based decrypter.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description byte[]decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag)Deprecated.byte[]decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag, byte[] aad)Decrypts the specified cipher text of aJWE Object.Set<String>getDeferredCriticalHeaderParams()Returns the names of the critical (crit) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.Set<String>getProcessedCriticalHeaderParams()Returns the names of the critical (crit) header parameters that are understood and processed by the JWS verifier / JWE decrypter.-
Methods inherited from class com.nimbusds.jose.crypto.impl.PasswordBasedCryptoProvider
getPassword, getPasswordString
-
Methods inherited from class com.nimbusds.jose.crypto.impl.BaseJWEProvider
getCEK, getJCAContext, isCEKProvided, supportedEncryptionMethods, supportedJWEAlgorithms
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.nimbusds.jose.jca.JCAAware
getJCAContext
-
Methods inherited from interface com.nimbusds.jose.JWEProvider
supportedEncryptionMethods, supportedJWEAlgorithms
-
-
-
-
Field Detail
-
MAX_ALLOWED_ITERATION_COUNT
public static final int MAX_ALLOWED_ITERATION_COUNT
The maximum allowed iteration count (1 million).- See Also:
- Constant Field Values
-
-
Constructor Detail
-
PasswordBasedDecrypter
public PasswordBasedDecrypter(byte[] password)
Creates a new password-based decrypter.- Parameters:
password- The password bytes. Must not be empty ornull.
-
PasswordBasedDecrypter
public PasswordBasedDecrypter(String password)
Creates a new password-based decrypter.- Parameters:
password- The password, as a UTF-8 encoded string. Must not be empty ornull.
-
-
Method Detail
-
getProcessedCriticalHeaderParams
public Set<String> getProcessedCriticalHeaderParams()
Description copied from interface:CriticalHeaderParamsAwareReturns the names of the critical (crit) header parameters that are understood and processed by the JWS verifier / JWE decrypter.- Specified by:
getProcessedCriticalHeaderParamsin interfaceCriticalHeaderParamsAware- Returns:
- The names of the critical header parameters that are understood and processed, empty set if none.
-
getDeferredCriticalHeaderParams
public Set<String> getDeferredCriticalHeaderParams()
Description copied from interface:CriticalHeaderParamsAwareReturns the names of the critical (crit) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.- Specified by:
getDeferredCriticalHeaderParamsin interfaceCriticalHeaderParamsAware- Returns:
- The names of the critical header parameters that are deferred to the application for processing, empty set if none.
-
decrypt
@Deprecated public byte[] decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) throws JOSEException
Deprecated.Decrypts the specified cipher text of aJWE Object.- Parameters:
header- The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not benull.encryptedKey- The encrypted key,nullif not required by the JWE algorithm.iv- The initialisation vector,nullif not required by the JWE algorithm.cipherText- The cipher text to decrypt. Must not benull.authTag- The authentication tag,nullif not required.- Returns:
- The clear text.
- Throws:
JOSEException- If the JWE algorithm or method is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if decryption failed for some other reason.
-
decrypt
public byte[] decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag, byte[] aad) throws JOSEException
Description copied from interface:JWEDecrypterDecrypts the specified cipher text of aJWE Object.- Specified by:
decryptin interfaceJWEDecrypter- Parameters:
header- The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not benull.encryptedKey- The encrypted key,nullif not required by the JWE algorithm.iv- The initialisation vector,nullif not required by the JWE algorithm.cipherText- The cipher text to decrypt. Must not benull.authTag- The authentication tag,nullif not required.aad- The additional authenticated data. Must not benull.- Returns:
- The clear text.
- Throws:
JOSEException- If the JWE algorithm or method is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if decryption failed for some other reason.
-
-