View Javadoc
1   /*
2    * The contents of this file are subject to the terms of the Common Development and
3    * Distribution License (the License). You may not use this file except in compliance with the
4    * License.
5    *
6    * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
7    * specific language governing permission and limitations under the License.
8    *
9    * When distributing Covered Software, include this CDDL Header Notice in each file and include
10   * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
11   * Header, with the fields enclosed by brackets [] replaced by your own identifying
12   * information: "Portions copyright [year] [name of copyright owner]".
13   *
14   * Copyright 2013-2016 ForgeRock AS.
15   */
16  
17  package org.forgerock.json.jose.builders;
18  
19  import org.forgerock.json.jose.jwe.EncryptedJwt;
20  import org.forgerock.json.jose.jws.JwsAlgorithm;
21  import org.forgerock.json.jose.jws.JwsHeader;
22  import org.forgerock.json.jose.jws.EncryptedThenSignedJwt;
23  import org.forgerock.json.jose.jws.SignedJwt;
24  import org.forgerock.json.jose.jws.handlers.SigningHandler;
25  import org.forgerock.json.jose.jwt.JwtType;
26  
27  /**
28   * An implementation of a JwtBuilder that can build a JWT and encrypt it and nest it within another signed JWT,
29   * resulting in an SignedEncryptedJwt object.
30   *
31   * @since 2.0.0
32   */
33  public class EncryptedThenSignedJwtBuilder extends AbstractJwtBuilder implements SignedJwtBuilder {
34  
35      private final EncryptedJwtBuilder encryptedJwtBuilder;
36      private final SigningHandler signingHandler;
37      private final JwsAlgorithm jwsAlgorithm;
38      private final EncryptedThenSignedJwtHeaderBuilder headerBuilder;
39  
40      /**
41       * Constructs a new SignedEncryptedJwtBuilder that will use the given EncryptedJwtBuilder, to build the nested
42       * Encrypted JWT, and the private key and JwsAlgorithm to sign the outer JWT.
43       *
44       * @param encryptedJwtBuilder The EncryptedJwtBuilder instance.
45       * @param signingHandler The SigningHandler instance used to sign the JWS.
46       * @param jwsAlgorithm The JwsAlgorithm to use when signing the JWT.
47       */
48      public EncryptedThenSignedJwtBuilder(EncryptedJwtBuilder encryptedJwtBuilder, SigningHandler signingHandler,
49              JwsAlgorithm jwsAlgorithm) {
50          this.encryptedJwtBuilder = encryptedJwtBuilder;
51          this.signingHandler = signingHandler;
52          this.jwsAlgorithm = jwsAlgorithm;
53          this.headerBuilder = new EncryptedThenSignedJwtHeaderBuilder(this);
54      }
55  
56      @Override
57      public SignedJwt asJwt() {
58          JwsHeader header = headerBuilder.alg(jwsAlgorithm).cty(JwtType.JWT.toString()).build();
59          EncryptedJwt encryptedJwt = encryptedJwtBuilder.asJwt();
60  
61          return new EncryptedThenSignedJwt(header, encryptedJwt, signingHandler);
62      }
63  
64      /**
65       * Builds the JWS into a <code>String</code> by calling the <tt>build</tt> method on the JWS object.
66       * <p>
67       * @see EncryptedThenSignedJwt#build()
68       *
69       * @return The base64url encoded UTF-8 parts of the JWS.
70       */
71      @Override
72      public String build() {
73          return asJwt().build();
74      }
75  
76      @Override
77      public EncryptedThenSignedJwtHeaderBuilder headers() {
78          return headerBuilder;
79      }
80  }