org.forgerock.json.jose.jwe

Class EncryptedJwt

java.lang.Object

org.forgerock.json.jose.jwe.EncryptedJwt

All Implemented Interfaces:

Jwt, Payload

Direct Known Subclasses:

SignedThenEncryptedJwt

public class EncryptedJwt
extends Object
implements Jwt, Payload

A JWE implementation of the Jwt interface.

JSON Web Encryption (JWE) is a representing encrypted content using JSON based data structures.

Since:

2.0.0

See Also:

JSON Web Encryption Specification

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	EncryptedJwt(EncryptedJwt encryptedJwt) Construct an encrypted JWT from an existent one.
	EncryptedJwt(JweHeader header, JwtClaimsSet payload, Key publicKey) Constructs a fresh, new EncryptedJwt from the given JweHeader and JwtClaimsSet.
	EncryptedJwt(JweHeader header, String encodedHeader, byte[] encryptedContentEncryptionKey, byte[] initialisationVector, byte[] ciphertext, byte[] authenticationTag) Constructs a reconstructed EncryptedJwt from its constituent parts, the JweHeader, encrypted Content Encryption Key (CEK), initialisation vector, ciphertext and additional authentication data.

Method Summary

Modifier and Type	Method and Description
String	build() Builds the JWT into a String by following the steps specified in the relevant specification according to whether the JWT is being signed and/or encrypted.
EncryptedJwt	copy() Create a copy of the current payload.
void	decrypt(Key privateKey) Decrypts the JWE ciphertext back into a JwtClaimsSet.
byte[]	decryptRawPayload(Key privateKey) Decrypts and returns the raw bytes of the payload, without attempting to decode them in any way.
JwtClaimsSet	getClaimsSet() Gets the claims set object for the Jwt, which contains all of the claims (name value pairs) conveyed by the JWT.
JweHeader	getHeader() Gets the header object for the JWT, which contains properties which describe the cryptographic operations applied to the JWT, among other properties.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

EncryptedJwt

public EncryptedJwt(JweHeader header,
                    JwtClaimsSet payload,
                    Key publicKey)

Constructs a fresh, new EncryptedJwt from the given JweHeader and JwtClaimsSet.

The specified public key will be used to perform the encryption of the JWT.

Parameters:

header - The JweHeader containing the header parameters of the JWE.

payload - The claimset of the JWE.

publicKey - The public key to use to perform the encryption.

EncryptedJwt

protected EncryptedJwt(EncryptedJwt encryptedJwt)

Construct an encrypted JWT from an existent one.

Parameters:

encryptedJwt - the encrypted JWT

EncryptedJwt

public EncryptedJwt(JweHeader header,
                    String encodedHeader,
                    byte[] encryptedContentEncryptionKey,
                    byte[] initialisationVector,
                    byte[] ciphertext,
                    byte[] authenticationTag)

Constructs a reconstructed EncryptedJwt from its constituent parts, the JweHeader, encrypted Content Encryption Key (CEK), initialisation vector, ciphertext and additional authentication data.

For use when an encrypted JWT has been reconstructed from its base64url encoded string representation and the JWT needs decrypting.

Parameters:

header - The JweHeader containing the header parameters of the JWE.

encodedHeader - The Base64url encoded JWE header.

encryptedContentEncryptionKey - The encrypted Content Encryption Key (CEK).

initialisationVector - The initialisation vector.

ciphertext - The ciphertext.

authenticationTag - The authentication tag.

Method Detail

getHeader

public JweHeader getHeader()

Description copied from interface: Jwt

Gets the header object for the JWT, which contains properties which describe the cryptographic operations applied to the JWT, among other properties.

When the JWT is digitally signed or MACed, the JWT Header is a JWS Header. When the JWT is encrypted, the JWT Header is a JWE Header.

Specified by:

getHeader in interface Jwt

Returns:

The JWTs Header.

getClaimsSet

public JwtClaimsSet getClaimsSet()

Description copied from interface: Jwt

Gets the claims set object for the Jwt, which contains all of the claims (name value pairs) conveyed by the JWT.

Specified by:

getClaimsSet in interface Jwt

Returns:

The JWTs Claims Set.

build

public String build()

Description copied from interface: Jwt

Builds the JWT into a String by following the steps specified in the relevant specification according to whether the JWT is being signed and/or encrypted.

Specified by:

build in interface Jwt

Specified by:

build in interface Payload

Returns:

The base64url encoded UTF-8 parts of the JWT.

See Also:

JSON Web Token Specification, JSON Web Signature Specification, JSON Web Encryption Specification

copy

public EncryptedJwt copy()

Description copied from interface: Payload

Create a copy of the current payload.

Specified by:

copy in interface Payload

Returns:

a copy of the payload.

decrypt

public void decrypt(Key privateKey)

Decrypts the JWE ciphertext back into a JwtClaimsSet.

The same private key must be given here that is the pair to the public key that was used to encrypt the JWT.

Parameters:

privateKey - The private key pair to the public key that encrypted the JWT.

decryptRawPayload

public byte[] decryptRawPayload(Key privateKey)

Decrypts and returns the raw bytes of the payload, without attempting to decode them in any way. The decrypted payload is not cached.

The same private key must be given here that is the pair to the public key that was used to encrypt the JWT.

Parameters:

privateKey - The private key pair to the public key that encrypted the JWT.

Returns:

The raw bytes of the decrypted payload.