Source code

001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2016 ForgeRock AS.
015 */
016
017package org.forgerock.json.jose.builders;
018
019import static org.forgerock.util.Reject.checkNotNull;
020
021import java.security.Key;
022
023import org.forgerock.json.jose.jwe.SignedThenEncryptedJwt;
024import org.forgerock.json.jose.jwe.JweHeader;
025import org.forgerock.json.jose.jws.SignedJwt;
026import org.forgerock.json.jose.jwt.JwtClaimsSet;
027import org.forgerock.json.jose.jwt.JwtType;
028
029/**
030 * Builder for nested signed-then-encrypted JWT. This is the preferred nesting order for OpenID Connect and other
031 * tokens.
032 *
033 * @see <a href="http://openid.net/specs/openid-connect-core-1_0.html#SigningOrder">OpenID Connect Signing Order</a>
034 * @see SignedJwtBuilderImpl#encrypt(Key)
035 */
036public class SignedThenEncryptedJwtBuilder extends EncryptedJwtBuilder {
037    private SignedJwtBuilderImpl signedJwtBuilder;
038    private final SignedThenEncryptedJwtHeaderBuilder headerBuilder;
039
040    /**
041     * Constructs the builder with the given signed JWT payload and encryption key.
042     * @param signedJwtBuilder the signed jwt builder to wrap with encryption.
043     * @param publicKey the encryption key.
044     */
045    SignedThenEncryptedJwtBuilder(final SignedJwtBuilderImpl signedJwtBuilder, final Key publicKey) {
046        super(publicKey);
047        this.signedJwtBuilder = checkNotNull(signedJwtBuilder);
048        this.headerBuilder = new SignedThenEncryptedJwtHeaderBuilder(this);
049    }
050
051    @Override
052    public SignedThenEncryptedJwt asJwt() {
053        JweHeader header = (JweHeader) headerBuilder.cty(JwtType.JWT.toString()).build();
054        SignedJwt signedJwt = signedJwtBuilder.asJwt();
055
056        return new SignedThenEncryptedJwt(header, signedJwt, publicKey);
057    }
058
059    @Override
060    public SignedThenEncryptedJwtBuilder claims(JwtClaimsSet claims) {
061        signedJwtBuilder = signedJwtBuilder.claims(claims);
062        return this;
063    }
064
065    @Override
066    public JweHeaderBuilder<SignedThenEncryptedJwtBuilder> headers() {
067        return headerBuilder;
068    }
069
070}