1 /*
2 * The contents of this file are subject to the terms of the Common Development and
3 * Distribution License (the License). You may not use this file except in compliance with the
4 * License.
5 *
6 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
7 * specific language governing permission and limitations under the License.
8 *
9 * When distributing Covered Software, include this CDDL Header Notice in each file and include
10 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
11 * Header, with the fields enclosed by brackets [] replaced by your own identifying
12 * information: "Portions copyright [year] [name of copyright owner]".
13 *
14 * Copyright 2013-2016 ForgeRock AS.
15 */
16
17 package org.forgerock.json.jose.jwe;
18
19 import java.util.Locale;
20
21 import org.forgerock.json.jose.exceptions.JweException;
22
23 /**
24 * An Enum of the possible encryption methods that can be used when encrypting a JWT.
25 * <p>
26 * @see <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-11#section-4.2">
27 * JWE Encryption Methods</a>
28 *
29 * @since 2.0.0
30 */
31 public enum EncryptionMethod {
32
33 /**
34 * AES encryption in CBC mode with PKCS5 Padding and a 128 bit length, AES encryption for CEK, HMAC using SHA-256
35 * hash algorithm for authentication tag.
36 */
37 A128CBC_HS256("AES_128_CBC_HMAC_SHA_256", "AES/CBC/PKCS5Padding", "HMACSHA256", "AES", 16, 256),
38 /**
39 * AES encryption in CBC mode with PKCS5 Padding and a 192 bit length, AES encryption for CEK, HMAC using SHA-384
40 * hash algorithm for the authentication tag.
41 */
42 A192CBC_HS384("AES_192_CBC_HMAC_SHA_384", "AES/CBC/PKCS5Padding", "HMACSHA384", "AES", 24, 384),
43 /**
44 * AES encryption in CBC mode with PKCS5 Padding and a 256 bit length, AES encryption for CEK, HMAC using SHA-256
45 * hash algorithm for authentication tag.
46 */
47 A256CBC_HS512("AES_256_CBC_HMAC_SHA_512", "AES/CBC/PKCS5Padding", "HMACSHA512", "AES", 32, 512),
48 /**
49 * AES encryption in Galois Counter Mode (GCM) with a 128 bit key length.
50 */
51 A128GCM("AES_128_GCM", "AES/GCM/NoPadding", null, "AES", 16, 128),
52 /**
53 * AES encryption in Galois Counter Mode (GCM) with a 192 bit key length.
54 */
55 A192GCM("AES_192_GCM", "AES/GCM/NoPadding", null, "AES", 24, 192),
56 /**
57 * AES encryption in Galois Counter Mode (GCM) with a 256 bit key length.
58 */
59 A256GCM("AES_256_GCM", "AES/GCM/NoPadding", null, "AES", 32, 256);
60
61 private final String name;
62 private final String transformation;
63 private final String macAlgorithm;
64 private final String encryptionAlgorithm;
65 private final int keyOffset;
66 private final int keySize;
67
68 /**
69 * Constructs a new EncryptionMethod with the given cryptographic parameters.
70 *
71 * @param name The full name of the encryption algorithm.
72 * @param transformation The Java Cryptographic algorithm name for the algorithm that will be used to encrypt the
73 * plaintext.
74 * @param macAlgorithm The Java Cryptographic algorithm name for the algorithm that will generate the MAC key.
75 * @param encryptionAlgorithm The Java Cryptographic algorithm name for the algorithm that will create the Content
76 * Encryption Key (CEK).
77 * @param keyOffset The number of octets in each of the CEK and MAC key.
78 * @param keySize The bit length of the Content Encryption Key (CEK).
79 */
80 EncryptionMethod(String name, String transformation, String macAlgorithm, String encryptionAlgorithm,
81 int keyOffset, int keySize) {
82 this.name = name;
83 this.transformation = transformation;
84 this.macAlgorithm = macAlgorithm;
85 this.encryptionAlgorithm = encryptionAlgorithm;
86 this.keyOffset = keyOffset;
87 this.keySize = keySize;
88 }
89
90 /**
91 * Gets the full name of the encryption method.
92 *
93 * @return The name of the encryption method.
94 */
95 public String getName() {
96 return name;
97 }
98
99 /**
100 * Gets the Java Cryptographic algorithm name for the algorithm that will eb used to encrypt the plaintext.
101 *
102 * @return The transformation algorithm.
103 */
104 public String getTransformation() {
105 return transformation;
106 }
107
108 /**
109 * Gets the Java Cryptographic algorithm name for the algorithm that will generate the MAC key.
110 *
111 * @return The mac algorithm.
112 */
113 public String getMacAlgorithm() {
114 return macAlgorithm;
115 }
116
117 /**
118 * Gets the Java Cryptographic algorithm name for the algorithm that will create the Content Encryption Key (CEK).
119 *
120 * @return The encryption algorithm.
121 */
122 public String getEncryptionAlgorithm() {
123 return encryptionAlgorithm;
124 }
125
126 /**
127 * Gets the number of octets in each of the CEK and MAC key.
128 *
129 * @return The Key Offset.
130 */
131 public int getKeyOffset() {
132 return keyOffset;
133 }
134
135 /**
136 * Gets the bit length of the Content Encryption Key (CEK).
137 *
138 * @return The key size.
139 */
140 public int getKeySize() {
141 return keySize;
142 }
143
144 /**
145 * Parses the given algorithm string to find the matching EncryptionMethod enum constant.
146 *
147 * @param method The encryption method.
148 * @return The EncryptionMethod enum.
149 */
150 public static EncryptionMethod parseMethod(String method) {
151 try {
152 return EncryptionMethod.valueOf(method.toUpperCase(Locale.ROOT).replaceAll("-", "_"));
153 } catch (IllegalArgumentException e) {
154 for (EncryptionMethod encryptionMethod : EncryptionMethod.values()) {
155 if (encryptionMethod.getName().equalsIgnoreCase(method)) {
156 return encryptionMethod;
157 }
158 }
159 }
160
161 throw new JweException("Unknown Encryption Method, " + method);
162 }
163
164 /**
165 * Turns the EncryptionMethod constant into a JSON value string.
166 *
167 * @return {@inheritDoc}
168 */
169 @Override
170 public String toString() {
171 return super.toString().replaceAll("_", "-");
172 }
173 }