Package org.forgerock.json.jose.jwe

Class SignedThenEncryptedJwt

  • All Implemented Interfaces:
    Jwt, Payload
    public class SignedThenEncryptedJwt
extends EncryptedJwt
    A nested signed-then-encrypted JWT.

    • Constructor Detail

      • SignedThenEncryptedJwt

        public SignedThenEncryptedJwt​(EncryptedJwt encryptedJwt)
        Constructs a fresh signed-then-encrypted JWT from an encrypted JWT. To use if you know that the encrypted JWT is actually containing a JWS.
        Parameters:
        encryptedJwt - the encrypted JWT.

      • SignedThenEncryptedJwt

        public SignedThenEncryptedJwt​(JweHeader header,
                              SignedJwt payload,
                              Key publicKey)
        Constructs a fresh signed-then-encrypted JWT with the given signed JWT payload, JWE headers and encryption key.
        Parameters:
        header - the JWE headers.
        payload - the signed JWT payload.
        publicKey - the encryption key.

      • SignedThenEncryptedJwt

        public SignedThenEncryptedJwt​(JweHeader header,
                              String encodedHeader,
                              byte[] encryptedContentEncryptionKey,
                              byte[] initialisationVector,
                              byte[] ciphertext,
                              byte[] authenticationTag)
        Reconstructs a signed-then-encrypted JWT from components parts of the encrypted JWT string.
        Parameters:
        header - the decoded headers.
        encodedHeader - the encoded headers.
        encryptedContentEncryptionKey - the encrypted content encryption key (CEK), or null if not used.
        initialisationVector - the initialisation vector (IV).
        ciphertext - the encrypted ciphertext payload.
        authenticationTag - the authentication MAC tag.

    • Method Detail

      • verify

        public boolean verify​(SigningHandler signingHandler)
        Verifies that the signature is valid on the nested signed JWT.
        Parameters:
        signingHandler - the handler to use for verifying the signature.
        Returns:
        true if the signature is valid, otherwise false.
        Throws:
        JwsVerifyingException - if the outer JWT has not already been decrypted.

      • decryptAndVerify

        public boolean decryptAndVerify​(Key decryptionKey,
                                SigningHandler signingHandler)
        Decrypts the outer JWT and then verifies the signature on the inner JWT.
        Parameters:
        decryptionKey - the decryption key for the outer JWE.
        signingHandler - the signing handler for verifying the nested JWS.
        Returns:
        true if the nested signature is valid, otherwise false.
        Throws:
        JweDecryptionException - if the JWE cannot be decrypted.

      • getClaimsSet

        public JwtClaimsSet getClaimsSet()
        Description copied from interface: Jwt
        Gets the claims set object for the Jwt, which contains all of the claims (name value pairs) conveyed by the JWT.
        Specified by:
        getClaimsSet in interface Jwt
        Overrides:
        getClaimsSet in class EncryptedJwt
        Returns:
        The JWTs Claims Set.