Source code

001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2013-2016 ForgeRock AS.
015 */
016
017package org.forgerock.json.jose.builders;
018
019import org.forgerock.json.jose.jwe.EncryptedJwt;
020import org.forgerock.json.jose.jws.JwsAlgorithm;
021import org.forgerock.json.jose.jws.JwsHeader;
022import org.forgerock.json.jose.jws.EncryptedThenSignedJwt;
023import org.forgerock.json.jose.jws.SignedJwt;
024import org.forgerock.json.jose.jws.handlers.SigningHandler;
025import org.forgerock.json.jose.jwt.JwtType;
026
027/**
028 * An implementation of a JwtBuilder that can build a JWT and encrypt it and nest it within another signed JWT,
029 * resulting in an SignedEncryptedJwt object.
030 *
031 * @since 2.0.0
032 */
033public class EncryptedThenSignedJwtBuilder extends AbstractJwtBuilder implements SignedJwtBuilder {
034
035    private final EncryptedJwtBuilder encryptedJwtBuilder;
036    private final SigningHandler signingHandler;
037    private final JwsAlgorithm jwsAlgorithm;
038    private final EncryptedThenSignedJwtHeaderBuilder headerBuilder;
039
040    /**
041     * Constructs a new SignedEncryptedJwtBuilder that will use the given EncryptedJwtBuilder, to build the nested
042     * Encrypted JWT, and the private key and JwsAlgorithm to sign the outer JWT.
043     *
044     * @param encryptedJwtBuilder The EncryptedJwtBuilder instance.
045     * @param signingHandler The SigningHandler instance used to sign the JWS.
046     * @param jwsAlgorithm The JwsAlgorithm to use when signing the JWT.
047     */
048    public EncryptedThenSignedJwtBuilder(EncryptedJwtBuilder encryptedJwtBuilder, SigningHandler signingHandler,
049            JwsAlgorithm jwsAlgorithm) {
050        this.encryptedJwtBuilder = encryptedJwtBuilder;
051        this.signingHandler = signingHandler;
052        this.jwsAlgorithm = jwsAlgorithm;
053        this.headerBuilder = new EncryptedThenSignedJwtHeaderBuilder(this);
054    }
055
056    @Override
057    public SignedJwt asJwt() {
058        JwsHeader header = headerBuilder.alg(jwsAlgorithm).cty(JwtType.JWT.toString()).build();
059        EncryptedJwt encryptedJwt = encryptedJwtBuilder.asJwt();
060
061        return new EncryptedThenSignedJwt(header, encryptedJwt, signingHandler);
062    }
063
064    /**
065     * Builds the JWS into a <code>String</code> by calling the <tt>build</tt> method on the JWS object.
066     * <p>
067     * @see EncryptedThenSignedJwt#build()
068     *
069     * @return The base64url encoded UTF-8 parts of the JWS.
070     */
071    @Override
072    public String build() {
073        return asJwt().build();
074    }
075
076    @Override
077    public EncryptedThenSignedJwtHeaderBuilder headers() {
078        return headerBuilder;
079    }
080}