001/* 002 * nimbus-jose-jwt 003 * 004 * Copyright 2012-2016, Connect2id Ltd. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.jose; 019 020 021import net.jcip.annotations.Immutable; 022 023import com.nimbusds.jose.util.Base64URL; 024 025import java.util.List; 026 027 028/** 029 * The cryptographic parts of a JSON Web Encryption (JWE) object. 030 * 031 * @author Vladimir Dzhuvinov 032 * @version 2021-09-30 033 */ 034@Immutable 035public final class JWECryptoParts { 036 037 038 /** 039 * The modified JWE header (optional). 040 */ 041 private final JWEHeader header; 042 043 044 /** 045 * The encrypted key (optional). 046 */ 047 private final Base64URL encryptedKey; 048 049 050 /** 051 * The initialisation vector (optional). 052 */ 053 private final Base64URL iv; 054 055 056 /** 057 * The cipher text. 058 */ 059 private final Base64URL cipherText; 060 061 062 /** 063 * The authentication tag (optional). 064 */ 065 private final Base64URL authenticationTag; 066 067 068 /** 069 * The recipients (optional) 070 */ 071 private final List<JWERecipient> recipients; 072 073 074 /** 075 * Creates a new cryptographic JWE parts instance. 076 * 077 * @param encryptedKey The encrypted key, {@code null} if not 078 * required by the encryption algorithm. 079 * @param iv The initialisation vector (IV), 080 * {@code null} if not required by the 081 * encryption algorithm. 082 * @param cipherText The cipher text. Must not be {@code null}. 083 * @param authenticationTag The authentication tag, {@code null} if the 084 * JWE algorithm provides built-in integrity 085 * check. 086 */ 087 public JWECryptoParts(final Base64URL encryptedKey, 088 final Base64URL iv, 089 final Base64URL cipherText, 090 final Base64URL authenticationTag) { 091 092 this(null, encryptedKey, iv, cipherText, authenticationTag); 093 } 094 095 096 /** 097 * Creates a new cryptographic JWE parts instance. 098 * 099 * @param header The modified JWE header, {@code null} if 100 * not. 101 * @param encryptedKey The encrypted key, {@code null} if not 102 * required by the encryption algorithm. 103 * @param iv The initialisation vector (IV), 104 * {@code null} if not required by the 105 * encryption algorithm. 106 * @param cipherText The cipher text. Must not be {@code null}. 107 * @param authenticationTag The authentication tag, {@code null} if the 108 * JWE algorithm provides built-in integrity 109 * check. 110 */ 111 public JWECryptoParts(final JWEHeader header, 112 final Base64URL encryptedKey, 113 final Base64URL iv, 114 final Base64URL cipherText, 115 final Base64URL authenticationTag) { 116 117 this.header = header; 118 119 this.encryptedKey = encryptedKey; 120 121 this.iv = iv; 122 123 if (cipherText == null) { 124 125 throw new IllegalArgumentException("The cipher text must not be null"); 126 } 127 128 this.cipherText = cipherText; 129 130 this.authenticationTag = authenticationTag; 131 132 this.recipients = null; 133 } 134 135 136 /** 137 * Creates a new cryptographic JWE parts instance. 138 * 139 * @param header The modified JWE header, {@code null} if 140 * not. 141 * @param recipients The JWE recipients, {@code null} if not 142 * required by the encryption algorithm. 143 * @param iv The initialisation vector (IV), 144 * {@code null} if not required by the 145 * encryption algorithm. 146 * @param cipherText The cipher text. Must not be {@code null}. 147 * @param authenticationTag The authentication tag, {@code null} if the 148 * JWE algorithm provides built-in integrity 149 * check. 150 */ 151 public JWECryptoParts(final JWEHeader header, 152 final List<JWERecipient> recipients, 153 final Base64URL iv, 154 final Base64URL cipherText, 155 final Base64URL authenticationTag) { 156 157 this.header = header; 158 159 this.encryptedKey = null; 160 161 this.iv = iv; 162 163 if (cipherText == null) { 164 165 throw new IllegalArgumentException("The cipher text must not be null"); 166 } 167 168 this.cipherText = cipherText; 169 170 this.authenticationTag = authenticationTag; 171 172 this.recipients = recipients; 173 } 174 175 176 /** 177 * Gets the modified JWE header. 178 * 179 * @return The modified JWE header, {@code null} of not. 180 */ 181 public JWEHeader getHeader() { 182 183 return header; 184 } 185 186 187 /** 188 * Gets the encrypted key. 189 * 190 * @return The encrypted key, {@code null} if not required by 191 * the JWE algorithm or {@code recipients} are specified. 192 */ 193 public Base64URL getEncryptedKey() { 194 195 return encryptedKey; 196 } 197 198 199 /** 200 * Gets the initialisation vector (IV). 201 * 202 * @return The initialisation vector (IV), {@code null} if not required 203 * by the JWE algorithm. 204 */ 205 public Base64URL getInitializationVector() { 206 207 return iv; 208 } 209 210 211 /** 212 * Gets the cipher text. 213 * 214 * @return The cipher text. 215 */ 216 public Base64URL getCipherText() { 217 218 return cipherText; 219 } 220 221 222 /** 223 * Gets the authentication tag. 224 * 225 * @return The authentication tag, {@code null} if the encryption 226 * algorithm provides built-in integrity checking. 227 */ 228 public Base64URL getAuthenticationTag() { 229 230 return authenticationTag; 231 } 232 233 234 /** 235 * Gets the JWE recipients. 236 * 237 * @return The JWE recipients, {@code null} if not required by the JWE 238 * algorithm or an {@code encryptedKey} is specified. 239 */ 240 public List<JWERecipient> getRecipients() { 241 242 return recipients; 243 } 244}