Examples of com.nimbusds.jose.JWEAlgorithm

• com.nimbusds.jose.JWEAlgorithm
  JSON Web Encryption (JWE) algorithm name, represents the {@code alg} header parameter in JWE objects. This class is immutable.

  Includes constants for the following standard JWE algorithm names:

  • {@link #RSA1_5}
  • {@link #RSA_OAEP RSA-OAEP}
  • {@link #RSA_OAEP_256 RSA-OAEP-256}
  • {@link #A128KW}
  • {@link #A192KW}
  • {@link #A256KW}
  • {@link #DIR dir}
  • {@link #ECDH_ES ECDH-ES}
  • {@link #ECDH_ES_A128KW ESDH-ES+A128KW}
  • {@link #ECDH_ES_A128KW ESDH-ES+A192KW}
  • {@link #ECDH_ES_A256KW ESDH-ES+A256KW}
  • {@link #PBES2_HS256_A128KW PBES2-HS256+A128KW}
  • {@link #PBES2_HS256_A192KW PBES2-HS256+A192KW}
  • {@link #PBES2_HS256_A256KW PBES2-HS256+A256KW}

  Additional JWE algorithm names can be defined using the constructors. @author Vladimir Dzhuvinov @version $version$ (2013-05-06)

      throw new JOSEException("Unsupported critical header parameter");
    }


    // Derive the content encryption key
    JWEAlgorithm alg = header.getAlgorithm();

    SecretKey cek;

    if (alg.equals(JWEAlgorithm.RSA1_5)) {

      int keyLength = header.getEncryptionMethod().cekBitLength();

      SecureRandom randomGen = getSecureRandom();
      SecretKey randomCEK = AES.generateKey(keyLength, randomGen);

      try {
        cek = RSA1_5.decryptCEK(privateKey, encryptedKey.decode(), keyLength, keyEncryptionProvider);

      } catch (Exception e) {

        // Protect against MMA attack by generating random CEK on failure,
        // see http://www.ietf.org/mail-archive/web/jose/current/msg01832.html
        cek = randomCEK;
      }

    } else if (alg.equals(JWEAlgorithm.RSA_OAEP)) {

      cek = RSA_OAEP.decryptCEK(privateKey, encryptedKey.decode(), keyEncryptionProvider);

    } else if (alg.equals(JWEAlgorithm.RSA_OAEP_256)) {

      cek = RSA_OAEP_256.decryptCEK(privateKey, encryptedKey.decode(), keyEncryptionProvider);

    } else {

  @Override
  public JWECryptoParts encrypt(final ReadOnlyJWEHeader header, final byte[] bytes)
    throws JOSEException {

    final JWEAlgorithm alg = header.getAlgorithm();
    final EncryptionMethod enc = header.getEncryptionMethod();

    // Generate and encrypt the CEK according to the enc method
    final SecureRandom randomGen = getSecureRandom();
    final SecretKey cek = AES.generateKey(enc.cekBitLength(), randomGen);

    Base64URL encryptedKey; // The second JWE part

    if (alg.equals(JWEAlgorithm.RSA1_5)) {

      encryptedKey = Base64URL.encode(RSA1_5.encryptCEK(publicKey, cek, keyEncryptionProvider));

    } else if (alg.equals(JWEAlgorithm.RSA_OAEP)) {

      encryptedKey = Base64URL.encode(RSA_OAEP.encryptCEK(publicKey, cek, keyEncryptionProvider));

    } else if (alg.equals(JWEAlgorithm.RSA_OAEP_256)) {

      encryptedKey = Base64URL.encode(RSA_OAEP_256.encryptCEK(publicKey, cek, keyEncryptionProvider));

    } else {

  @Override
  public JWECryptoParts encrypt(final ReadOnlyJWEHeader readOnlyJWEHeader, final byte[] bytes)
    throws JOSEException {

    JWEAlgorithm alg = readOnlyJWEHeader.getAlgorithm();

    if (! alg.equals(JWEAlgorithm.DIR)) {

      throw new JOSEException("Unsupported JWE algorithm, must be \"dir\"");
    }

    // Check key length matches matches encryption method