Module io.inverno.mod.security.jose

Package io.inverno.mod.security.jose.internal.jwe

Class GenericJWEBuilder<A>

java.lang.Object

io.inverno.mod.security.jose.internal.AbstractJOSEObjectBuilder<A,JWEHeader,JWE<A>,GenericJWEHeader,GenericJWEBuilder<A>>

io.inverno.mod.security.jose.internal.jwe.GenericJWEBuilder<A>

Type Parameters:

A - the payload type

All Implemented Interfaces:

JOSEObjectBuilder<A,JWEHeader,JWE<A>,GenericJWEHeader,GenericJWEBuilder<A>>, JWEBuilder<A,GenericJWEHeader,GenericJWEBuilder<A>>

Direct Known Subclasses:

RecipientJWEBuilder

public class GenericJWEBuilder<A>
extends AbstractJOSEObjectBuilder<A,JWEHeader,JWE<A>,GenericJWEHeader,GenericJWEBuilder<A>>
implements JWEBuilder<A,GenericJWEHeader,GenericJWEBuilder<A>>

Generic JSON Web Encryption builder implementation.

Since:

1.5

Author:

Jeremy Kuhn

Field Summary

Fields

Modifier and Type	Field	Description
protected Consumer<GenericJWEHeader>	headerConfigurer	The JWE header configurer.

Fields inherited from class io.inverno.mod.security.jose.internal.AbstractJOSEObjectBuilder

dataConversionService, jwkService, keys, mapper, payload, type

Constructor Summary

Constructors

Constructor	Description
GenericJWEBuilder(com.fasterxml.jackson.databind.ObjectMapper mapper, io.inverno.mod.security.jose.internal.converter.DataConversionService dataConversionService, JWKService jwkService, Type type, org.reactivestreams.Publisher<? extends JWK> keys, List<JWEZip> zips)	Creates a generic JWE builder.

Method Summary

Modifier and Type	Method	Description
protected void	amendJWEHeader(GenericJWEHeader header, Map<String,Object> moreHeaderParameters, Set<String> processedParameters)	Amends the JWE header with custom parameters and processed parameters output by key management and encryption algorithms.
reactor.core.publisher.Mono<JWE<A>>	build(String contentType)	Builds the JOSE object using the specified payload media type.
reactor.core.publisher.Mono<JWE<A>>	build(Function<A,reactor.core.publisher.Mono<String>> payloadEncoder)	Builds the JOSE object using the specified payload encoder.
protected GenericJWEHeader	buildJWEHeader()	Builds the JWE header.
protected reactor.core.publisher.Mono<GenericJWEPayload<A>>	buildJWEPayload(Function<A,reactor.core.publisher.Mono<String>> overridingPayloadEncoder, String overridingContentType, GenericJWEHeader jweHeader)	Builds the JWE payload.
protected void	checkHeader(JWEHeader header)	Verifies that the JOSE header is valid.
protected reactor.core.publisher.Flux<? extends JWK>	generateCEK(GenericJWEHeader jweHeader)	Generates Content Encryption Keys used to encrypt the payload.
protected byte[]	getAdditionalAuthenticationData(GenericJWEHeader jweHeader)	Returns additional authentication data.
protected JWEZip	getPayloadZip(GenericJWEHeader jweHeader)	Returns the JWE compression algorithm.
protected Set<String>	getProcessedParameters()	Returns the set of parameters processed by the builder.
GenericJWEBuilder<A>	header(Consumer<GenericJWEHeader> configurer)	Specifies the JOSE header.
GenericJWEBuilder<A>	secureRandom(SecureRandom secureRandom)	Specifies the secure random to use when encrypting the payload.
protected JWACipher.EncryptedData	zipAndEncryptPayload(GenericJWEHeader jweHeader, GenericJWEPayload<A> jwePayload, JWEZip payloadZip, JWK cek)	Compresses and encrypt the JWE payload.

Methods inherited from class io.inverno.mod.security.jose.internal.AbstractJOSEObjectBuilder

checkPayload, getKeys, getPayloadEncoder, payload

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.inverno.mod.security.jose.JOSEObjectBuilder

build, payload

Field Details

headerConfigurer

protected Consumer<GenericJWEHeader> headerConfigurer

The JWE header configurer.

Constructor Details

GenericJWEBuilder

public GenericJWEBuilder(com.fasterxml.jackson.databind.ObjectMapper mapper,
 io.inverno.mod.security.jose.internal.converter.DataConversionService dataConversionService,
 JWKService jwkService,
 Type type,
 org.reactivestreams.Publisher<? extends JWK> keys,
 List<JWEZip> zips)

Creates a generic JWE builder.

Parameters:

mapper - an object mapper

dataConversionService - a data conversion service

jwkService - a JWK service

type - the payload type

keys - the keys to consider to secure the CEK

zips - a list of supported JWE compression algorithms

Method Details

header

public GenericJWEBuilder<A> header(Consumer<GenericJWEHeader> configurer)

Description copied from interface: JOSEObjectBuilder

Specifies the JOSE header.

Specified by:

header in interface JOSEObjectBuilder<A,JWEHeader,JWE<A>,GenericJWEHeader,GenericJWEBuilder<A>>

Parameters:

configurer - a JOSE header configurer

Returns:

this builder

secureRandom

public GenericJWEBuilder<A> secureRandom(SecureRandom secureRandom)

Description copied from interface: JWEBuilder

Specifies the secure random to use when encrypting the payload.

Specified by:

secureRandom in interface JWEBuilder<A,GenericJWEHeader,GenericJWEBuilder<A>>

Parameters:

secureRandom - a secure random

Returns:

this builder

build

public reactor.core.publisher.Mono<JWE<A>> build(String contentType)
                                          throws JWEBuildException,
JOSEObjectBuildException,
JOSEProcessingException

Description copied from interface: JOSEObjectBuilder

Builds the JOSE object using the specified payload media type.

The builder will use the specified media type to determine the converter to use to serialize the payload and ignore the content type specified in the JOSE header. The operation will fail if there is no media type converters defined for that particular media type. Media types converters are provided when building the JOSE module. Please consider build method JOSEObjectBuilder.build(java.util.function.Function) to provide a custom payload encoder.

Specified by:

build in interface JOSEObjectBuilder<A,JWEHeader,JWE<A>,GenericJWEHeader,GenericJWEBuilder<A>>

Parameters:

contentType - the payload media type

Returns:

a single JOSE object publisher

Throws:

JOSEObjectBuildException - if there was an error building the JOSE object

JOSEProcessingException - if there was a JOSE processing error

JWEBuildException

build

public reactor.core.publisher.Mono<JWE<A>> build(Function<A,reactor.core.publisher.Mono<String>> payloadEncoder)
                                          throws JWEBuildException,
JOSEObjectBuildException,
JOSEProcessingException

Description copied from interface: JOSEObjectBuilder

Builds the JOSE object using the specified payload encoder.

The builder will use the specified payload encoder to serialize the payload and ignore the content type specified in the JOSE header.

Specified by:

build in interface JOSEObjectBuilder<A,JWEHeader,JWE<A>,GenericJWEHeader,GenericJWEBuilder<A>>

Parameters:

payloadEncoder - a payload encoder

Returns:

a single JOSE object publisher

Throws:

JOSEObjectBuildException - if there was an error building the JOSE object

JOSEProcessingException - if there was a JOSE processing error

JWEBuildException

getProcessedParameters

protected Set<String> getProcessedParameters()

Description copied from class: AbstractJOSEObjectBuilder

Returns the set of parameters processed by the builder.

These basically corresponds to the registered parameters processed and understood by the JOSE header.

Overrides:

getProcessedParameters in class AbstractJOSEObjectBuilder<A,JWEHeader,JWE<A>,GenericJWEHeader,GenericJWEBuilder<A>>

Returns:

a set of parameters

checkHeader

protected void checkHeader(JWEHeader header)
                    throws JWEBuildException,
JOSEObjectBuildException,
JOSEProcessingException

Description copied from class: AbstractJOSEObjectBuilder

Verifies that the JOSE header is valid.

This basically checks that:

• the algorithm is not blank
• Custom parameters do not include registered parameters (see AbstractJOSEObjectBuilder.getProcessedParameters())
• Critical parameters set does not include undefined parameters

Overrides:

checkHeader in class AbstractJOSEObjectBuilder<A,JWEHeader,JWE<A>,GenericJWEHeader,GenericJWEBuilder<A>>

Parameters:

header - the JOSE header

Throws:

JOSEObjectBuildException - if the header is invalid

JOSEProcessingException - if there was a JOSE processing error

JWEBuildException

buildJWEHeader

protected GenericJWEHeader buildJWEHeader()
                                   throws JWEBuildException,
JOSEObjectBuildException,
JOSEProcessingException

Builds the JWE header.

Returns:

the JWE header

Throws:

JWEBuildException - if there was an error building the JWE header

JOSEObjectBuildException - if there was an error building the JWE header

JOSEProcessingException - if there was a JOSE processing error

buildJWEPayload

protected reactor.core.publisher.Mono<GenericJWEPayload<A>> buildJWEPayload(Function<A,reactor.core.publisher.Mono<String>> overridingPayloadEncoder,
 String overridingContentType,
 GenericJWEHeader jweHeader)
                                                                     throws JWEBuildException,
JOSEObjectBuildException,
JOSEProcessingException

Builds the JWE payload.

Parameters:

overridingPayloadEncoder - an overriding payload encoder

overridingContentType - an overriding payload content type

jweHeader - the JWE header

Returns:

a single JWE payload publisher

Throws:

JWEBuildException - if there was an error building the JWE payload

JOSEObjectBuildException - if there was an error building the JWE payload

JOSEProcessingException - if there was a JOSE processing error

getPayloadZip

protected JWEZip getPayloadZip(GenericJWEHeader jweHeader)
                        throws JWEBuildException

Returns the JWE compression algorithm.

Parameters:

jweHeader - the JWE header

Returns:

a JWE compression algorithm or null if the payload must not be compressed

Throws:

JWEBuildException - if the payload must be compressed and no corresponding JWE compression algorithm could be found

generateCEK

protected reactor.core.publisher.Flux<? extends JWK> generateCEK(GenericJWEHeader jweHeader)
                                                          throws JWKGenerateException

Generates Content Encryption Keys used to encrypt the payload.

This can result in multiple keys depending on the target encryption algorithm and the JWK service setup, the first succeeding key will be retained and the others dropped before they are generated.

Parameters:

jweHeader - the JWE header

Returns:

a JWK publisher

Throws:

JWKGenerateException - if no CEK corresponding to the encryption algorithm could be generated

amendJWEHeader

protected void amendJWEHeader(GenericJWEHeader header,
 Map<String,Object> moreHeaderParameters,
 Set<String> processedParameters)
                       throws JWEBuildException,
JOSEObjectBuildException,
JOSEProcessingException

Amends the JWE header with custom parameters and processed parameters output by key management and encryption algorithms.

Parameters:

header - the JWE header

moreHeaderParameters - custom parameters

processedParameters - processed parameters

Throws:

JWEBuildException - if there was an error amending the JWE header

JOSEObjectBuildException - if there was an error amending the JWE header

JOSEProcessingException - if there was a JOSE processing error

getAdditionalAuthenticationData

protected byte[] getAdditionalAuthenticationData(GenericJWEHeader jweHeader)

Returns additional authentication data.

For a compact JWE it should be ASCII(Encoded Protected Header). For a JSON JWE it should be ASCII(Encoded Protected Header || '.' || BASE64URL(JWE AAD)).

Parameters:

jweHeader - the JWE header

Returns:

the additional authentication data

zipAndEncryptPayload

protected JWACipher.EncryptedData zipAndEncryptPayload(GenericJWEHeader jweHeader,
 GenericJWEPayload<A> jwePayload,
 JWEZip payloadZip,
 JWK cek)
                                                throws JWKProcessingException,
JWEZipException,
JWACipherException

Compresses and encrypt the JWE payload.

Parameters:

jweHeader - the JWE header

jwePayload - the JWE payload

payloadZip - the JWE payload compression algorithm

cek - the Content Encryption Key

Returns:

encrypted data

Throws:

JWKProcessingException - if there was an error obtaining the cipher instance

JWEZipException - if there was an error compressing the payload

JWACipherException - if there was an error encrypting the payload