AESKeyWrapEncryptionHandler (org.openidentityplatform.commons.parent 2.2.3 Documentation)

java.lang.Object
- org.forgerock.json.jose.jwe.handlers.encryption.AESKeyWrapEncryptionHandler

All Implemented Interfaces:

EncryptionHandler
```
public final class AESKeyWrapEncryptionHandler
extends Object
implements EncryptionHandler
```
Provides JWE key encapsulation using the AES KeyWrap algorithm.

Constructor Summary

Constructors
Constructor and Description

AESKeyWrapEncryptionHandler(EncryptionMethod method)
Constructs an AES KeyWrap encryption handler for the given underlying content encryption method.

Constructors
Constructor and Description
`AESKeyWrapEncryptionHandler(EncryptionMethod method)` Constructs an AES KeyWrap encryption handler for the given underlying content encryption method.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`byte[]`	`decryptCiphertext(Key contentEncryptionKey, byte[] initialisationVector, byte[] ciphertext, byte[] authenticationTag, byte[] additionalAuthenticatedData)` Decrypts the ciphertext with the Content Encryption Key, using the initialisation vector and additional authenticated data, following the steps defined by the EncryptionHandler JweAlgorithm.
`Key`	`decryptContentEncryptionKey(Key key, byte[] encryptedContentEncryptionKey)` Decrypts the Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.
`JweEncryption`	`encryptPlaintext(Key contentEncryptionKey, byte[] initialisationVector, byte[] plaintext, byte[] additionalAuthenticatedData)` Encrypts the plaintext with the Content Encryption Key, using the initialisation vector and additional authenticated data, following the steps defined by the EncryptionHandler JweAlgorithm.
`byte[]`	`generateInitialisationVector()` Generates a random JWE Initialisation Vector of the correct size for the encryption algorithm, if the EncryptionHandler JweAlgorithm does not required an initialisation vector then the initialisation vector will be an empty octet sequence.
`byte[]`	`generateJWEEncryptedKey(Key key, Key contentEncryptionKey)` Generates the Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.
`Key`	`getContentEncryptionKey()` Creates a Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - AESKeyWrapEncryptionHandler
```
public AESKeyWrapEncryptionHandler(EncryptionMethod method)
```
    Constructs an AES KeyWrap encryption handler for the given underlying content encryption method.
    
    Parameters:
    
    method - the content encryption method.
- Method Detail
  - getContentEncryptionKey
```
public Key getContentEncryptionKey()
```
    Description copied from interface: EncryptionHandler
    
    Creates a Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.
    See points 1, 2, 3 in Section 5.1 of the JWE Specification.
    
    Specified by:
    
    getContentEncryptionKey in interface EncryptionHandler
    
    Returns:
    
    The Content Encryption Key or null if the shared key should be used directly.
  - generateJWEEncryptedKey
```
public byte[] generateJWEEncryptedKey(Key key,
                                      Key contentEncryptionKey)
```
    Description copied from interface: EncryptionHandler
    
    Generates the Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.
    See points 4, 5, 6 in Section 5.1 of the JWE Specification.
    
    Specified by:
    
    generateJWEEncryptedKey in interface EncryptionHandler
    
    Parameters:
    
    key - The key to use to encrypt the Content Encryption Key, if the EncryptionHandler JweAlgorithm requires.
    
    contentEncryptionKey - The Content Encryption Key (CEK).
    
    Returns:
    
    A byte array of the JWE Encrypted Key.
  - generateInitialisationVector
```
public byte[] generateInitialisationVector()
```
    Description copied from interface: EncryptionHandler
    
    Generates a random JWE Initialisation Vector of the correct size for the encryption algorithm, if the EncryptionHandler JweAlgorithm does not required an initialisation vector then the initialisation vector will be an empty octet sequence.
    See points 9 in Section 5.1 of the JWE Specification.
    
    Specified by:
    
    generateInitialisationVector in interface EncryptionHandler
    
    Returns:
    
    The Initialisation Vector.
  - encryptPlaintext
```
public JweEncryption encryptPlaintext(Key contentEncryptionKey,
                                      byte[] initialisationVector,
                                      byte[] plaintext,
                                      byte[] additionalAuthenticatedData)
```
    Description copied from interface: EncryptionHandler
    
    Encrypts the plaintext with the Content Encryption Key, using the initialisation vector and additional authenticated data, following the steps defined by the EncryptionHandler JweAlgorithm.
    See points 15, 16 in Section 5.1 of the JWE Specification.
    
    Specified by:
    
    encryptPlaintext in interface EncryptionHandler
    
    Parameters:
    
    contentEncryptionKey - The Content Encryption Key.
    
    initialisationVector - The Initialisation Vector.
    
    plaintext - The plaintext to encrypt.
    
    additionalAuthenticatedData - An array of bytes representing the additional authenticated data.
    
    Returns:
    
    The JweEncryption object containing the ciphertext and authentication tag.
  - decryptContentEncryptionKey
```
public Key decryptContentEncryptionKey(Key key,
                                       byte[] encryptedContentEncryptionKey)
```
    Description copied from interface: EncryptionHandler
    
    Decrypts the Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.
    See points 9, 10 in Section 5.2 of the JWE Specification.
    
    Specified by:
    
    decryptContentEncryptionKey in interface EncryptionHandler
    
    Parameters:
    
    key - The private key pair to the public key that encrypted the JWT.
    
    encryptedContentEncryptionKey - The encrypted Content Encryption Key.
    
    Returns:
    
    The decrypted Content Encryption Key.
  - decryptCiphertext
```
public byte[] decryptCiphertext(Key contentEncryptionKey,
                                byte[] initialisationVector,
                                byte[] ciphertext,
                                byte[] authenticationTag,
                                byte[] additionalAuthenticatedData)
```
    Description copied from interface: EncryptionHandler
    
    Decrypts the ciphertext with the Content Encryption Key, using the initialisation vector and additional authenticated data, following the steps defined by the EncryptionHandler JweAlgorithm.
    See points 14, 15 in Section 5.2 of the JWE Specification.
    
    Specified by:
    
    decryptCiphertext in interface EncryptionHandler
    
    Parameters:
    
    contentEncryptionKey - The Content Encryption Key.
    
    initialisationVector - The Initialisation Vector.
    
    ciphertext - The ciphertext to decrypt.
    
    authenticationTag - The authentication tag.
    
    additionalAuthenticatedData - An array of bytes representing the additional authenticated data.
    
    Returns:
    
    An array of bytes representing the decrypted ciphertext.

Class AESKeyWrapEncryptionHandler

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

AESKeyWrapEncryptionHandler

Method Detail

getContentEncryptionKey

generateJWEEncryptedKey

generateInitialisationVector

encryptPlaintext

decryptContentEncryptionKey

decryptCiphertext