View Javadoc
1   /*
2    * The contents of this file are subject to the terms of the Common Development and
3    * Distribution License (the License). You may not use this file except in compliance with the
4    * License.
5    *
6    * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
7    * specific language governing permission and limitations under the License.
8    *
9    * When distributing Covered Software, include this CDDL Header Notice in each file and include
10   * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
11   * Header, with the fields enclosed by brackets [] replaced by your own identifying
12   * information: "Portions copyright [year] [name of copyright owner]".
13   *
14   * Copyright 2016 ForgeRock AS.
15   */
16  
17  package org.forgerock.json.jose.jwe.handlers.encryption;
18  
19  import java.security.Key;
20  
21  import org.forgerock.json.jose.exceptions.JweDecryptionException;
22  import org.forgerock.json.jose.jwe.EncryptionMethod;
23  import org.forgerock.json.jose.jwe.JweEncryption;
24  import org.forgerock.util.annotations.VisibleForTesting;
25  
26  /**
27   * Supports direct encryption using a shared symmetric key.
28   */
29  public final class DirectEncryptionHandler implements EncryptionHandler {
30      private final ContentEncryptionHandler contentEncryptionHandler;
31  
32      /**
33       * Constructs the direct encryption handler for the given content encryption method.
34       *
35       * @param encryptionMethod the content encryption method.
36       */
37      public DirectEncryptionHandler(final EncryptionMethod encryptionMethod) {
38          this(ContentEncryptionHandler.getInstance(encryptionMethod));
39      }
40  
41      @VisibleForTesting
42      DirectEncryptionHandler(ContentEncryptionHandler contentEncryptionHandler) {
43          this.contentEncryptionHandler = contentEncryptionHandler;
44      }
45  
46      @Override
47      public Key getContentEncryptionKey() {
48          return null;
49      }
50  
51      @Override
52      public byte[] generateJWEEncryptedKey(final Key key, final Key contentEncryptionKey) {
53          // As per https://tools.ietf.org/html/rfc7518#section-4.5 an empty octet sequence is used as the JWE
54          // Encrypted Key value when using direct encryption.
55          return new byte[0];
56      }
57  
58      @Override
59      public byte[] generateInitialisationVector() {
60          return contentEncryptionHandler.generateInitialisationVector();
61      }
62  
63      @Override
64      public JweEncryption encryptPlaintext(final Key contentEncryptionKey, final byte[] initialisationVector,
65              final byte[] plaintext, final byte[] additionalAuthenticatedData) {
66          return contentEncryptionHandler.encrypt(contentEncryptionKey, initialisationVector, plaintext,
67                  additionalAuthenticatedData);
68      }
69  
70      @Override
71      public Key decryptContentEncryptionKey(final Key key, final byte[] encryptedContentEncryptionKey) {
72          if (encryptedContentEncryptionKey != null && encryptedContentEncryptionKey.length != 0) {
73              throw new JweDecryptionException();
74          }
75          return key;
76      }
77  
78      @Override
79      public byte[] decryptCiphertext(final Key contentEncryptionKey, final byte[] initialisationVector,
80              final byte[] ciphertext,
81              final byte[] authenticationTag, final byte[] additionalAuthenticatedData) {
82          return contentEncryptionHandler.decrypt(contentEncryptionKey, initialisationVector,
83                  new JweEncryption(ciphertext, authenticationTag), additionalAuthenticatedData);
84      }
85  }