com.nimbusds.jose.crypto

Class ECDH1PUX25519DecrypterMulti

java.lang.Object

com.nimbusds.jose.crypto.impl.ECDH1PUCryptoProvider

com.nimbusds.jose.crypto.ECDH1PUX25519DecrypterMulti

All Implemented Interfaces:

CriticalHeaderParamsAware, JCAAware<JWEJCAContext>, JOSEProvider, JWEDecrypterMulti, JWEProvider

@ThreadSafe
public class ECDH1PUX25519DecrypterMulti
extends ECDH1PUCryptoProvider
implements JWEDecrypterMulti, CriticalHeaderParamsAware

Elliptic Curve Diffie-Hellman Multi-recipient decrypter of JWE objects for curves using EC JWK Expects a private OctetKeyPair key with "crv" X25519.

See RFC 8037 for more information.

Public Key Authenticated Encryption for JOSE ECDH-1PU for more information.

This class is thread-safe.

Supports the following key management algorithms:

• JWEAlgorithm.ECDH_1PU
• JWEAlgorithm.ECDH_1PU_A128KW
• JWEAlgorithm.ECDH_1PU_A192KW
• JWEAlgorithm.ECDH_1PU_A256KW

Supports the following elliptic curves:

• Curve.X25519

Supports the following content encryption algorithms for Direct key agreement mode:

• EncryptionMethod.A128CBC_HS256
• EncryptionMethod.A192CBC_HS384
• EncryptionMethod.A256CBC_HS512
• EncryptionMethod.A128GCM
• EncryptionMethod.A192GCM
• EncryptionMethod.A256GCM
• EncryptionMethod.A128CBC_HS256_DEPRECATED
• EncryptionMethod.A256CBC_HS512_DEPRECATED
• EncryptionMethod.XC20P

Supports the following content encryption algorithms for Key wrapping mode:

• EncryptionMethod.A128CBC_HS256
• EncryptionMethod.A192CBC_HS384
• EncryptionMethod.A256CBC_HS512

Version:

2021-08-18

Author:

Alexander Martynov

Field Summary

Fields

Modifier and Type	Field and Description
static Set<Curve>	SUPPORTED_ELLIPTIC_CURVES The supported EC JWK curves by the ECDH crypto provider class.

Fields inherited from class com.nimbusds.jose.crypto.impl.ECDH1PUCryptoProvider

SUPPORTED_ALGORITHMS, SUPPORTED_ENCRYPTION_METHODS

Constructor Summary

Constructors

Constructor and Description
ECDH1PUX25519DecrypterMulti(OctetKeyPair sender, List<Pair<UnprotectedHeader,OctetKeyPair>> recipients) Creates a curve x25519 Elliptic Curve Diffie-Hellman Multi-recipient decrypter.
ECDH1PUX25519DecrypterMulti(OctetKeyPair sender, List<Pair<UnprotectedHeader,OctetKeyPair>> recipients, Set<String> defCritHeaders) Creates a curve x25519 Elliptic Curve Diffie-Hellman Multi-recipient decrypter.

Method Summary

Modifier and Type	Method and Description
byte[]	decrypt(JWEHeader header, List<JWERecipient> recipients, Base64URL iv, Base64URL cipherText, Base64URL authTag) Decrypts the specified cipher text of a JWE Object.
Set<String>	getDeferredCriticalHeaderParams() Returns the names of the critical (crit) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.
JWEJCAContext	getJCAContext() Returns the Java Cryptography Architecture (JCA) context.
Set<String>	getProcessedCriticalHeaderParams() Returns the names of the critical (crit) header parameters that are understood and processed by the JWS verifier / JWE decrypter.
Set<Curve>	supportedEllipticCurves() Returns the names of the supported elliptic curves.
Set<EncryptionMethod>	supportedEncryptionMethods() Returns the names of the supported encryption methods by the JWE provier.
Set<JWEAlgorithm>	supportedJWEAlgorithms() Returns the names of the supported algorithms by the JWE provider instance.

Methods inherited from class com.nimbusds.jose.crypto.impl.ECDH1PUCryptoProvider

decryptMulti, decryptWithZ, encryptMulti, encryptWithZ, getConcatKDF, getCurve

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.nimbusds.jose.JWEProvider

supportedEncryptionMethods, supportedJWEAlgorithms

Methods inherited from interface com.nimbusds.jose.jca.JCAAware

getJCAContext

Field Detail

SUPPORTED_ELLIPTIC_CURVES

public static final Set<Curve> SUPPORTED_ELLIPTIC_CURVES

The supported EC JWK curves by the ECDH crypto provider class.

Constructor Detail

ECDH1PUX25519DecrypterMulti

public ECDH1PUX25519DecrypterMulti(OctetKeyPair sender,
                                   List<Pair<UnprotectedHeader,OctetKeyPair>> recipients)
                            throws JOSEException

Creates a curve x25519 Elliptic Curve Diffie-Hellman Multi-recipient decrypter.

Parameters:

sender - The sender public JWK key.

recipients - The list of private recipient's keys.

Throws:

JOSEException - If the key subtype is not supported.

ECDH1PUX25519DecrypterMulti

public ECDH1PUX25519DecrypterMulti(OctetKeyPair sender,
                                   List<Pair<UnprotectedHeader,OctetKeyPair>> recipients,
                                   Set<String> defCritHeaders)
                            throws JOSEException

Creates a curve x25519 Elliptic Curve Diffie-Hellman Multi-recipient decrypter.

Parameters:

sender - The sender public JWK key.

recipients - The list of private recipient's keys.

defCritHeaders - The names of the critical header parameters that are deferred to the application for processing, empty set or null if none.

Throws:

JOSEException - If the key subtype is not supported.

Method Detail

supportedEllipticCurves

public Set<Curve> supportedEllipticCurves()

Description copied from class: ECDH1PUCryptoProvider

Returns the names of the supported elliptic curves. These correspond to the crv JWK parameter.

Specified by:

supportedEllipticCurves in class ECDH1PUCryptoProvider

Returns:

The supported elliptic curves.

getProcessedCriticalHeaderParams

public Set<String> getProcessedCriticalHeaderParams()

Description copied from interface: CriticalHeaderParamsAware

Returns the names of the critical (crit) header parameters that are understood and processed by the JWS verifier / JWE decrypter.

Specified by:

getProcessedCriticalHeaderParams in interface CriticalHeaderParamsAware

Returns:

The names of the critical header parameters that are understood and processed, empty set if none.

getDeferredCriticalHeaderParams

public Set<String> getDeferredCriticalHeaderParams()

Description copied from interface: CriticalHeaderParamsAware

Returns the names of the critical (crit) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.

Specified by:

getDeferredCriticalHeaderParams in interface CriticalHeaderParamsAware

Returns:

The names of the critical header parameters that are deferred to the application for processing, empty set if none.

decrypt

public byte[] decrypt(JWEHeader header,
                      List<JWERecipient> recipients,
                      Base64URL iv,
                      Base64URL cipherText,
                      Base64URL authTag)
               throws JOSEException

Description copied from interface: JWEDecrypterMulti

Decrypts the specified cipher text of a JWE Object. May decrypt multi keys.

Specified by:

decrypt in interface JWEDecrypterMulti

Parameters:

header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.

recipients - The recipients, null if not required by the JWE algorithm.

iv - The initialisation vector, null if not required by the JWE algorithm.

cipherText - The cipher text to decrypt. Must not be null.

authTag - The authentication tag, null if not required.

Returns:

The clear text.

Throws:

JOSEException - If the JWE algorithm or method is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if decryption failed for some other reason.

supportedJWEAlgorithms

public Set<JWEAlgorithm> supportedJWEAlgorithms()

Description copied from interface: JWEProvider

Returns the names of the supported algorithms by the JWE provider instance. These correspond to the alg JWE header parameter.

Specified by:

supportedJWEAlgorithms in interface JWEProvider

Returns:

The supported JWE algorithms, empty set if none.

supportedEncryptionMethods

public Set<EncryptionMethod> supportedEncryptionMethods()

Description copied from interface: JWEProvider

Returns the names of the supported encryption methods by the JWE provier. These correspond to the enc JWE header parameter.

Specified by:

supportedEncryptionMethods in interface JWEProvider

Returns:

The supported encryption methods, empty set if none.

getJCAContext

public JWEJCAContext getJCAContext()

Description copied from interface: JCAAware

Returns the Java Cryptography Architecture (JCA) context. May be used to set a specific JCA security provider or secure random generator.

Specified by:

getJCAContext in interface JCAAware<JWEJCAContext>

Returns:

The JCA context. Not null.