public abstract class AesCbcHmacShaEncryptionProvider extends Object implements JWEEncryptionProvider
Modifier and Type | Class and Description |
---|---|
static class |
AesCbcHmacShaEncryptionProvider.Aes128CbcHmacSha256Provider |
static class |
AesCbcHmacShaEncryptionProvider.Aes192CbcHmacSha384Provider |
static class |
AesCbcHmacShaEncryptionProvider.Aes256CbcHmacSha512Provider |
Constructor and Description |
---|
AesCbcHmacShaEncryptionProvider() |
Modifier and Type | Method and Description |
---|---|
void |
deserializeCEK(JWEKeyStorage keyStorage)
This method is supposed to deserialize keys.
|
void |
encodeJwe(JWE jwe)
This method usually has 3 outputs:
- generated initialization vector
- encrypted content
- authenticationTag for MAC validation
It is supposed to call
JWE.setEncryptedContentInfo(byte[], byte[], byte[]) after it's finished |
protected abstract int |
getAuthenticationTagLength() |
protected abstract int |
getExpectedAesKeyLength() |
protected abstract String |
getHmacShaAlgorithm() |
byte[] |
serializeCEK(JWEKeyStorage keyStorage)
This method requires that decoded CEK keys are present in the keyStorage.decodedCEK map before it's called
|
void |
verifyAndDecodeJwe(JWE jwe)
This method is supposed to verify checksums and decrypt content.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getExpectedCEKLength
public void encodeJwe(JWE jwe) throws IOException, GeneralSecurityException
JWEEncryptionProvider
JWE.setEncryptedContentInfo(byte[], byte[], byte[])
after it's finishedencodeJwe
in interface JWEEncryptionProvider
IOException
GeneralSecurityException
public void verifyAndDecodeJwe(JWE jwe) throws IOException, GeneralSecurityException
JWEEncryptionProvider
JWE.content(byte[])
after it's finishedverifyAndDecodeJwe
in interface JWEEncryptionProvider
IOException
GeneralSecurityException
protected abstract int getExpectedAesKeyLength()
protected abstract String getHmacShaAlgorithm()
protected abstract int getAuthenticationTagLength()
public void deserializeCEK(JWEKeyStorage keyStorage)
JWEEncryptionProvider
JWEKeyStorage.getCekBytes()
is set. After keys are deserialized,
this method needs to call JWEKeyStorage.setCEKKey(Key, JWEKeyStorage.KeyUse)
according to all uses, which this encryption algorithm requires.deserializeCEK
in interface JWEEncryptionProvider
public byte[] serializeCEK(JWEKeyStorage keyStorage)
JWEEncryptionProvider
serializeCEK
in interface JWEEncryptionProvider
Copyright © 2019 JBoss by Red Hat. All rights reserved.