EncryptedThenSignedJwt.java

/*
 * The contents of this file are subject to the terms of the Common Development and
 * Distribution License (the License). You may not use this file except in compliance with the
 * License.
 *
 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
 * specific language governing permission and limitations under the License.
 *
 * When distributing Covered Software, include this CDDL Header Notice in each file and include
 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
 * Header, with the fields enclosed by brackets [] replaced by your own identifying
 * information: "Portions copyright [year] [name of copyright owner]".
 *
 * Copyright 2013-2015 ForgeRock AS.
 */

package org.forgerock.json.jose.jws;

import org.forgerock.json.jose.jwe.EncryptedJwt;
import org.forgerock.json.jose.jws.handlers.SigningHandler;
import org.forgerock.json.jose.jwt.Jwt;
import org.forgerock.json.jose.jwt.JwtClaimsSet;

import java.security.Key;

/**
 * An implementation of a JWS with a nested JWE as its payload.
 * <p>
 * @see SignedJwt
 * @see EncryptedJwt
 *
 * @since 2.0.0
 */
public class EncryptedThenSignedJwt extends SignedJwt {

    /**
     * Constructs a fresh, new SignedEncryptedJwt from the given JwsHeader and nested Encrypted JWT.
     * <p>
     * The specified private key will be used in the creation of the JWS signature.
     *
     * @param header The JwsHeader containing the header parameters of the JWS.
     * @param nestedJwe The nested Encrypted JWT that will be the payload of this JWS.
     * @param signingHandler The SigningHandler instance used to sign the JWS.
     */
    public EncryptedThenSignedJwt(JwsHeader header, EncryptedJwt nestedJwe, SigningHandler signingHandler) {
        super(header, nestedJwe, signingHandler);
    }

    /**
     * Constructs a reconstructed SignedEncryptedJwt from its constituent parts, the JwsHeader, nested Encrypted JWT,
     * signing input and signature.
     * <p>
     * For use when a signed nested encrypted JWT has been reconstructed from its base64url encoded string
     * representation and the signature needs verifying.
     *
     * @param header The JwsHeader containing the header parameters of the JWS.
     * @param nestedJwe The nested Encrypted JWT that is the payload of the JWS.
     * @param signingInput The original data that was signed, being the base64url encoding of the JWS header and
     *                     payload concatenated using a "." character.
     * @param signature The resulting signature of signing the signing input.
     */
    public EncryptedThenSignedJwt(JwsHeader header, EncryptedJwt nestedJwe, byte[] signingInput, byte[] signature) {
        super(header, nestedJwe, signingInput, signature);
    }

    /**
     * Gets the claims set object for the nested Encrypted JWT that is the payload of this JWS.
     *
     * @return {@inheritDoc}
     * @see org.forgerock.json.jose.jwt.Jwt#getClaimsSet()
     */
    @Override
    public JwtClaimsSet getClaimsSet() {
        return ((Jwt) getPayload()).getClaimsSet();
    }

    /**
     * Decrypts the JWE so that it Claims Set can be accessed.
     * <p>
     * The same private key must be given here that is the pair to the public key that was used to encrypt the JWT.
     *
     * @param privateKey The private key pair to the public key that encrypted the JWT.
     */
    public void decrypt(Key privateKey) {
        ((EncryptedJwt) getPayload()).decrypt(privateKey);
    }
}