Package org.keycloak.jose.jwe.enc

Class AesGcmEncryptionProvider

java.lang.Object

org.keycloak.jose.jwe.enc.AesGcmEncryptionProvider

All Implemented Interfaces:

JWEEncryptionProvider

Direct Known Subclasses:

AesGcmJWEEncryptionProvider

public abstract class AesGcmEncryptionProvider
extends Object
implements JWEEncryptionProvider

Constructor Summary

Constructors

Constructor	Description
AesGcmEncryptionProvider()

Method Summary

Modifier and Type	Method	Description
void	deserializeCEK(JWEKeyStorage keyStorage)	This method is supposed to deserialize keys.
void	encodeJwe(JWE jwe)	This method usually has 3 outputs: - generated initialization vector - encrypted content - authenticationTag for MAC validation It is supposed to call JWE.setEncryptedContentInfo(byte[], byte[], byte[]) after it's finished
protected abstract int	getExpectedAesKeyLength()
byte[]	serializeCEK(JWEKeyStorage keyStorage)	This method requires that decoded CEK keys are present in the keyStorage.decodedCEK map before it's called
void	verifyAndDecodeJwe(JWE jwe)	This method is supposed to verify checksums and decrypt content.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.jose.jwe.enc.JWEEncryptionProvider

getExpectedCEKLength

Constructor Details

AesGcmEncryptionProvider

public AesGcmEncryptionProvider()

Method Details

encodeJwe

public void encodeJwe(JWE jwe)
               throws Exception

Description copied from interface: JWEEncryptionProvider

This method usually has 3 outputs: - generated initialization vector - encrypted content - authenticationTag for MAC validation It is supposed to call JWE.setEncryptedContentInfo(byte[], byte[], byte[]) after it's finished

Specified by:

encodeJwe in interface JWEEncryptionProvider

Throws:

IOException

GeneralSecurityException

Exception

verifyAndDecodeJwe

public void verifyAndDecodeJwe(JWE jwe)
                        throws Exception

Description copied from interface: JWEEncryptionProvider

This method is supposed to verify checksums and decrypt content. Then it needs to call JWE.content(byte[]) after it's finished

Specified by:

verifyAndDecodeJwe in interface JWEEncryptionProvider

Throws:

IOException

GeneralSecurityException

Exception

serializeCEK

public byte[] serializeCEK(JWEKeyStorage keyStorage)

Description copied from interface: JWEEncryptionProvider

This method requires that decoded CEK keys are present in the keyStorage.decodedCEK map before it's called

Specified by:

serializeCEK in interface JWEEncryptionProvider

Returns:

deserializeCEK

public void deserializeCEK(JWEKeyStorage keyStorage)

Description copied from interface: JWEEncryptionProvider

This method is supposed to deserialize keys. It requires that JWEKeyStorage.getCekBytes() is set. After keys are deserialized, this method needs to call JWEKeyStorage.setCEKKey(Key, JWEKeyStorage.KeyUse) according to all uses, which this encryption algorithm requires.

Specified by:

deserializeCEK in interface JWEEncryptionProvider

getExpectedAesKeyLength

protected abstract int getExpectedAesKeyLength()