001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2013-2015 ForgeRock AS. 015 */ 016 017package org.forgerock.json.jose.builders; 018 019import org.forgerock.json.jose.jwe.EncryptedJwt; 020import org.forgerock.json.jose.jws.JwsAlgorithm; 021import org.forgerock.json.jose.jws.JwsHeader; 022import org.forgerock.json.jose.jws.SignedEncryptedJwt; 023import org.forgerock.json.jose.jws.SignedJwt; 024import org.forgerock.json.jose.jws.handlers.SigningHandler; 025import org.forgerock.json.jose.jwt.JwtType; 026 027/** 028 * An implementation of a JwtBuilder that can build a JWT and encrypt it and nest it within another signed JWT, 029 * resulting in an SignedEncryptedJwt object. 030 * 031 * @since 2.0.0 032 */ 033public class SignedEncryptedJwtBuilder implements SignedJwtBuilder { 034 035 private final EncryptedJwtBuilder encryptedJwtBuilder; 036 private final SigningHandler signingHandler; 037 private final JwsAlgorithm jwsAlgorithm; 038 039 /** 040 * Constructs a new SignedEncryptedJwtBuilder that will use the given EncryptedJwtBuilder, to build the nested 041 * Encrypted JWT, and the private key and JwsAlgorithm to sign the outer JWT. 042 * 043 * @param encryptedJwtBuilder The EncryptedJwtBuilder instance. 044 * @param signingHandler The SigningHandler instance used to sign the JWS. 045 * @param jwsAlgorithm The JwsAlgorithm to use when signing the JWT. 046 */ 047 public SignedEncryptedJwtBuilder(EncryptedJwtBuilder encryptedJwtBuilder, SigningHandler signingHandler, 048 JwsAlgorithm jwsAlgorithm) { 049 this.encryptedJwtBuilder = encryptedJwtBuilder; 050 this.signingHandler = signingHandler; 051 this.jwsAlgorithm = jwsAlgorithm; 052 } 053 054 /** 055 * {@inheritDoc} 056 */ 057 @Override 058 public SignedJwt asJwt() { 059 JwsHeader header = new JwsHeaderBuilder(new SignedJwtBuilderImpl(signingHandler)).alg(jwsAlgorithm).build(); 060 header.setType(JwtType.JWE); 061 EncryptedJwt encryptedJwt = encryptedJwtBuilder.asJwt(); 062 063 return new SignedEncryptedJwt(header, encryptedJwt, signingHandler); 064 } 065 066 /** 067 * Builds the JWS into a <code>String</code> by calling the <tt>build</tt> method on the JWS object. 068 * <p> 069 * @see org.forgerock.json.jose.jws.SignedEncryptedJwt#build() 070 * 071 * @return The base64url encoded UTF-8 parts of the JWS. 072 */ 073 @Override 074 public String build() { 075 return asJwt().build(); 076 } 077}