Package org.keycloak.jose.jwe.enc
Class AesCbcHmacShaEncryptionProvider
- java.lang.Object
-
- org.keycloak.jose.jwe.enc.AesCbcHmacShaEncryptionProvider
-
- All Implemented Interfaces:
JWEEncryptionProvider
- Direct Known Subclasses:
AesCbcHmacShaEncryptionProvider.Aes128CbcHmacSha256Provider
,AesCbcHmacShaEncryptionProvider.Aes192CbcHmacSha384Provider
,AesCbcHmacShaEncryptionProvider.Aes256CbcHmacSha512Provider
,AesCbcHmacShaJWEEncryptionProvider
public abstract class AesCbcHmacShaEncryptionProvider extends Object implements JWEEncryptionProvider
- Author:
- Marek Posolda
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
AesCbcHmacShaEncryptionProvider.Aes128CbcHmacSha256Provider
static class
AesCbcHmacShaEncryptionProvider.Aes192CbcHmacSha384Provider
static class
AesCbcHmacShaEncryptionProvider.Aes256CbcHmacSha512Provider
-
Constructor Summary
Constructors Constructor Description AesCbcHmacShaEncryptionProvider()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description void
deserializeCEK(JWEKeyStorage keyStorage)
This method is supposed to deserialize keys.void
encodeJwe(JWE jwe)
This method usually has 3 outputs: - generated initialization vector - encrypted content - authenticationTag for MAC validation It is supposed to callJWE.setEncryptedContentInfo(byte[], byte[], byte[])
after it's finishedprotected abstract int
getAuthenticationTagLength()
protected abstract int
getExpectedAesKeyLength()
protected abstract String
getHmacShaAlgorithm()
byte[]
serializeCEK(JWEKeyStorage keyStorage)
This method requires that decoded CEK keys are present in the keyStorage.decodedCEK map before it's calledvoid
verifyAndDecodeJwe(JWE jwe)
This method is supposed to verify checksums and decrypt content.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.keycloak.jose.jwe.enc.JWEEncryptionProvider
getExpectedCEKLength
-
-
-
-
Method Detail
-
encodeJwe
public void encodeJwe(JWE jwe) throws IOException, GeneralSecurityException
Description copied from interface:JWEEncryptionProvider
This method usually has 3 outputs: - generated initialization vector - encrypted content - authenticationTag for MAC validation It is supposed to callJWE.setEncryptedContentInfo(byte[], byte[], byte[])
after it's finished- Specified by:
encodeJwe
in interfaceJWEEncryptionProvider
- Throws:
IOException
GeneralSecurityException
-
verifyAndDecodeJwe
public void verifyAndDecodeJwe(JWE jwe) throws IOException, GeneralSecurityException
Description copied from interface:JWEEncryptionProvider
This method is supposed to verify checksums and decrypt content. Then it needs to callJWE.content(byte[])
after it's finished- Specified by:
verifyAndDecodeJwe
in interfaceJWEEncryptionProvider
- Throws:
IOException
GeneralSecurityException
-
getExpectedAesKeyLength
protected abstract int getExpectedAesKeyLength()
-
getHmacShaAlgorithm
protected abstract String getHmacShaAlgorithm()
-
getAuthenticationTagLength
protected abstract int getAuthenticationTagLength()
-
deserializeCEK
public void deserializeCEK(JWEKeyStorage keyStorage)
Description copied from interface:JWEEncryptionProvider
This method is supposed to deserialize keys. It requires thatJWEKeyStorage.getCekBytes()
is set. After keys are deserialized, this method needs to callJWEKeyStorage.setCEKKey(Key, JWEKeyStorage.KeyUse)
according to all uses, which this encryption algorithm requires.- Specified by:
deserializeCEK
in interfaceJWEEncryptionProvider
-
serializeCEK
public byte[] serializeCEK(JWEKeyStorage keyStorage)
Description copied from interface:JWEEncryptionProvider
This method requires that decoded CEK keys are present in the keyStorage.decodedCEK map before it's called- Specified by:
serializeCEK
in interfaceJWEEncryptionProvider
- Returns:
-
-