001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2013-2015 ForgeRock AS.
015 */
016
017package org.forgerock.json.jose.builders;
018
019import org.forgerock.json.jose.jwe.EncryptedJwt;
020import org.forgerock.json.jose.jws.JwsAlgorithm;
021import org.forgerock.json.jose.jws.JwsHeader;
022import org.forgerock.json.jose.jws.SignedEncryptedJwt;
023import org.forgerock.json.jose.jws.SignedJwt;
024import org.forgerock.json.jose.jws.handlers.SigningHandler;
025import org.forgerock.json.jose.jwt.JwtType;
026
027/**
028 * An implementation of a JwtBuilder that can build a JWT and encrypt it and nest it within another signed JWT,
029 * resulting in an SignedEncryptedJwt object.
030 *
031 * @since 2.0.0
032 */
033public class SignedEncryptedJwtBuilder implements SignedJwtBuilder {
034
035    private final EncryptedJwtBuilder encryptedJwtBuilder;
036    private final SigningHandler signingHandler;
037    private final JwsAlgorithm jwsAlgorithm;
038
039    /**
040     * Constructs a new SignedEncryptedJwtBuilder that will use the given EncryptedJwtBuilder, to build the nested
041     * Encrypted JWT, and the private key and JwsAlgorithm to sign the outer JWT.
042     *
043     * @param encryptedJwtBuilder The EncryptedJwtBuilder instance.
044     * @param signingHandler The SigningHandler instance used to sign the JWS.
045     * @param jwsAlgorithm The JwsAlgorithm to use when signing the JWT.
046     */
047    public SignedEncryptedJwtBuilder(EncryptedJwtBuilder encryptedJwtBuilder, SigningHandler signingHandler,
048            JwsAlgorithm jwsAlgorithm) {
049        this.encryptedJwtBuilder = encryptedJwtBuilder;
050        this.signingHandler = signingHandler;
051        this.jwsAlgorithm = jwsAlgorithm;
052    }
053
054    /**
055     * {@inheritDoc}
056     */
057    @Override
058    public SignedJwt asJwt() {
059        JwsHeader header = new JwsHeaderBuilder(new SignedJwtBuilderImpl(signingHandler)).alg(jwsAlgorithm).build();
060        header.setType(JwtType.JWE);
061        EncryptedJwt encryptedJwt = encryptedJwtBuilder.asJwt();
062
063        return new SignedEncryptedJwt(header, encryptedJwt, signingHandler);
064    }
065
066    /**
067     * Builds the JWS into a <code>String</code> by calling the <tt>build</tt> method on the JWS object.
068     * <p>
069     * @see org.forgerock.json.jose.jws.SignedEncryptedJwt#build()
070     *
071     * @return The base64url encoded UTF-8 parts of the JWS.
072     */
073    @Override
074    public String build() {
075        return asJwt().build();
076    }
077}