Package org.forgerock.json.jose.jwe

Class SignedThenEncryptedJwt

java.lang.Object

org.forgerock.json.jose.jwe.EncryptedJwt

org.forgerock.json.jose.jwe.SignedThenEncryptedJwt

All Implemented Interfaces:

Jwt, Payload

public class SignedThenEncryptedJwt
extends EncryptedJwt

A nested signed-then-encrypted JWT.

Constructor Summary

Constructors

Constructor	Description
SignedThenEncryptedJwt(JweHeader header, String encodedHeader, byte[] encryptedContentEncryptionKey, byte[] initialisationVector, byte[] ciphertext, byte[] authenticationTag)	Reconstructs a signed-then-encrypted JWT from components parts of the encrypted JWT string.
SignedThenEncryptedJwt(JweHeader header, SignedJwt payload, Key publicKey)	Constructs a fresh signed-then-encrypted JWT with the given signed JWT payload, JWE headers and encryption key.

Method Summary

Modifier and Type	Method	Description
boolean	decryptAndVerify(Key decryptionKey, SigningHandler signingHandler)	Decrypts the outer JWT and then verifies the signature on the inner JWT.
JwtClaimsSet	getClaimsSet()	Gets the claims set object for the Jwt, which contains all of the claims (name value pairs) conveyed by the JWT.
boolean	verify(SigningHandler signingHandler)	Verifies that the signature is valid on the nested signed JWT.

Methods inherited from class org.forgerock.json.jose.jwe.EncryptedJwt

build, decrypt, getHeader

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SignedThenEncryptedJwt

public SignedThenEncryptedJwt(JweHeader header,
 SignedJwt payload,
 Key publicKey)

Constructs a fresh signed-then-encrypted JWT with the given signed JWT payload, JWE headers and encryption key.

Parameters:

header - the JWE headers.

payload - the signed JWT payload.

publicKey - the encryption key.

SignedThenEncryptedJwt

public SignedThenEncryptedJwt(JweHeader header,
 String encodedHeader,
 byte[] encryptedContentEncryptionKey,
 byte[] initialisationVector,
 byte[] ciphertext,
 byte[] authenticationTag)

Reconstructs a signed-then-encrypted JWT from components parts of the encrypted JWT string.

Parameters:

header - the decoded headers.

encodedHeader - the encoded headers.

encryptedContentEncryptionKey - the encrypted content encryption key (CEK), or null if not used.

initialisationVector - the initialisation vector (IV).

ciphertext - the encrypted ciphertext payload.

authenticationTag - the authentication MAC tag.

Method Details

verify

public boolean verify(SigningHandler signingHandler)

Verifies that the signature is valid on the nested signed JWT.

Parameters:

signingHandler - the handler to use for verifying the signature.

Returns:

true if the signature is valid, otherwise false.

Throws:

JwsVerifyingException - if the outer JWT has not already been decrypted.

decryptAndVerify

public boolean decryptAndVerify(Key decryptionKey,
 SigningHandler signingHandler)

Decrypts the outer JWT and then verifies the signature on the inner JWT.

Parameters:

decryptionKey - the decryption key for the outer JWE.

signingHandler - the signing handler for verifying the nested JWS.

Returns:

true if the nested signature is valid, otherwise false.

Throws:

JweDecryptionException - if the JWE cannot be decrypted.

getClaimsSet

public JwtClaimsSet getClaimsSet()

Description copied from interface: Jwt

Gets the claims set object for the Jwt, which contains all of the claims (name value pairs) conveyed by the JWT.

Specified by:

getClaimsSet in interface Jwt

Overrides:

getClaimsSet in class EncryptedJwt

Returns:

The JWTs Claims Set.