001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2013-2015 ForgeRock AS.
015 */
016
017package org.forgerock.json.jose.jwe;
018
019import org.forgerock.json.jose.exceptions.JweException;
020
021/**
022 * An Enum of the possible encryption methods that can be used when encrypting a JWT.
023 * <p>
024 * @see <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-11#section-4.2">
025 *     JWE Encryption Methods</a>
026 *
027 * @since 2.0.0
028 */
029public enum EncryptionMethod {
030
031    /**
032     * AES encryption in CBC mode with PKCS5 Padding and a 128 bit length, AES encryption for CEK, HMAC using SHA-256
033     * hash algorithm for authentication tag.
034     */
035    A128CBC_HS256("AES_128_CBC_HMAC_SHA_256", "AES/CBC/PKCS5Padding", "HMACSHA256", "AES", 16, 256),
036    /**
037     * AES encryption in CBC mode with PKCS5 Padding and a 256 bit length, AES encryption for CEK, HMAC using SHA-256
038     * hash algorithm for authentication tag.
039     */
040    A256CBC_HS512("AES_256_CBC_HMAC_SHA_512", "AES/CBC/PKCS5Padding", "HMACSHA512", "AES", 32, 512);
041
042    private final String name;
043    private final String transformation;
044    private final String macAlgorithm;
045    private final String encryptionAlgorithm;
046    private final int keyOffset;
047    private final int keySize;
048
049    /**
050     * Constructs a new EncryptionMethod with the given cryptographic parameters.
051     *
052     * @param name The full name of the encryption algorithm.
053     * @param transformation The Java Cryptographic algorithm name for the algorithm that will be used to encrypt the
054     *                       plaintext.
055     * @param macAlgorithm The Java Cryptographic algorithm name for the algorithm that will generate the MAC key.
056     * @param encryptionAlgorithm The Java Cryptographic algorithm name for the algorithm that will create the Content
057     *                            Encryption Key (CEK).
058     * @param keyOffset The number of octets in each of the CEK and MAC key.
059     * @param keySize The bit length of the Content Encryption Key (CEK).
060     */
061    private EncryptionMethod(String name, String transformation, String macAlgorithm, String encryptionAlgorithm,
062            int keyOffset, int keySize) {
063        this.name = name;
064        this.transformation = transformation;
065        this.macAlgorithm = macAlgorithm;
066        this.encryptionAlgorithm = encryptionAlgorithm;
067        this.keyOffset = keyOffset;
068        this.keySize = keySize;
069    }
070
071    /**
072     * Gets the full name of the encryption method.
073     *
074     * @return The name of the encryption method.
075     */
076    public String getName() {
077        return name;
078    }
079
080    /**
081     * Gets the Java Cryptographic algorithm name for the algorithm that will eb used to encrypt the plaintext.
082     *
083     * @return The transformation algorithm.
084     */
085    public String getTransformation() {
086        return transformation;
087    }
088
089    /**
090     * Gets the Java Cryptographic algorithm name for the algorithm that will generate the MAC key.
091     *
092     * @return The mac algorithm.
093     */
094    public String getMacAlgorithm() {
095        return macAlgorithm;
096    }
097
098    /**
099     * Gets the Java Cryptographic algorithm name for the algorithm that will create the Content Encryption Key (CEK).
100     *
101     * @return The encryption algorithm.
102     */
103    public String getEncryptionAlgorithm() {
104        return encryptionAlgorithm;
105    }
106
107    /**
108     * Gets the number of octets in each of the CEK and MAC key.
109     *
110     * @return The Key Offset.
111     */
112    public int getKeyOffset() {
113        return keyOffset;
114    }
115
116    /**
117     * Gets the bit length of the Content Encryption Key (CEK).
118     *
119     * @return The key size.
120     */
121    public int getKeySize() {
122        return keySize;
123    }
124
125    /**
126     * Parses the given algorithm string to find the matching EncryptionMethod enum constant.
127     *
128     * @param method The encryption method.
129     * @return The EncryptionMethod enum.
130     */
131    public static EncryptionMethod parseMethod(String method) {
132        try {
133            return EncryptionMethod.valueOf(method.toUpperCase());
134        } catch (IllegalArgumentException e) {
135            for (EncryptionMethod encryptionMethod : EncryptionMethod.values()) {
136                if (encryptionMethod.getName().equalsIgnoreCase(method)) {
137                    return encryptionMethod;
138                }
139            }
140        }
141
142        throw new JweException("Unknown Encryption Method, " + method);
143    }
144
145    /**
146     * Turns the EncryptionMethod constant into a JSON value string.
147     *
148     * @return {@inheritDoc}
149     */
150    @Override
151    public String toString() {
152        return super.toString();
153    }
154}