org.keycloak.jose.jwe.enc

Class AesCbcHmacShaEncryptionProvider

java.lang.Object

org.keycloak.jose.jwe.enc.AesCbcHmacShaEncryptionProvider

All Implemented Interfaces:

JWEEncryptionProvider

Direct Known Subclasses:

AesCbcHmacShaEncryptionProvider.Aes128CbcHmacSha256Provider, AesCbcHmacShaEncryptionProvider.Aes192CbcHmacSha384Provider, AesCbcHmacShaEncryptionProvider.Aes256CbcHmacSha512Provider

public abstract class AesCbcHmacShaEncryptionProvider
extends Object
implements JWEEncryptionProvider

Author:

Marek Posolda

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AesCbcHmacShaEncryptionProvider.Aes128CbcHmacSha256Provider
static class	AesCbcHmacShaEncryptionProvider.Aes192CbcHmacSha384Provider
static class	AesCbcHmacShaEncryptionProvider.Aes256CbcHmacSha512Provider

Constructor Summary

Constructors

Constructor and Description
AesCbcHmacShaEncryptionProvider()

Method Summary

Modifier and Type	Method and Description
void	deserializeCEK(JWEKeyStorage keyStorage) This method is supposed to deserialize keys.
void	encodeJwe(JWE jwe) This method usually has 3 outputs: - generated initialization vector - encrypted content - authenticationTag for MAC validation It is supposed to call JWE.setEncryptedContentInfo(byte[], byte[], byte[]) after it's finished
protected abstract int	getAuthenticationTagLength()
protected abstract int	getExpectedAesKeyLength()
protected abstract String	getHmacShaAlgorithm()
byte[]	serializeCEK(JWEKeyStorage keyStorage) This method requires that decoded CEK keys are present in the keyStorage.decodedCEK map before it's called
void	verifyAndDecodeJwe(JWE jwe) This method is supposed to verify checksums and decrypt content.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.jose.jwe.enc.JWEEncryptionProvider

getExpectedCEKLength

Constructor Detail

AesCbcHmacShaEncryptionProvider

public AesCbcHmacShaEncryptionProvider()

Method Detail

encodeJwe

public void encodeJwe(JWE jwe)
               throws IOException,
                      GeneralSecurityException

Description copied from interface: JWEEncryptionProvider

This method usually has 3 outputs: - generated initialization vector - encrypted content - authenticationTag for MAC validation It is supposed to call JWE.setEncryptedContentInfo(byte[], byte[], byte[]) after it's finished

Specified by:

encodeJwe in interface JWEEncryptionProvider

Throws:

IOException

GeneralSecurityException

verifyAndDecodeJwe

public void verifyAndDecodeJwe(JWE jwe)
                        throws IOException,
                               GeneralSecurityException

Description copied from interface: JWEEncryptionProvider

This method is supposed to verify checksums and decrypt content. Then it needs to call JWE.content(byte[]) after it's finished

Specified by:

verifyAndDecodeJwe in interface JWEEncryptionProvider

Throws:

IOException

GeneralSecurityException

getExpectedAesKeyLength

protected abstract int getExpectedAesKeyLength()

getHmacShaAlgorithm

protected abstract String getHmacShaAlgorithm()

getAuthenticationTagLength

protected abstract int getAuthenticationTagLength()

deserializeCEK

public void deserializeCEK(JWEKeyStorage keyStorage)

Description copied from interface: JWEEncryptionProvider

This method is supposed to deserialize keys. It requires that JWEKeyStorage.getCekBytes() is set. After keys are deserialized, this method needs to call JWEKeyStorage.setCEKKey(Key, JWEKeyStorage.KeyUse) according to all uses, which this encryption algorithm requires.

Specified by:

deserializeCEK in interface JWEEncryptionProvider

serializeCEK

public byte[] serializeCEK(JWEKeyStorage keyStorage)

Description copied from interface: JWEEncryptionProvider

This method requires that decoded CEK keys are present in the keyStorage.decodedCEK map before it's called

Specified by:

serializeCEK in interface JWEEncryptionProvider

Returns: