001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2013-2015 ForgeRock AS. 015 */ 016 017package org.forgerock.json.jose.jwe; 018 019import org.forgerock.json.jose.exceptions.JweException; 020 021/** 022 * An Enum of the possible encryption methods that can be used when encrypting a JWT. 023 * <p> 024 * @see <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-11#section-4.2"> 025 * JWE Encryption Methods</a> 026 * 027 * @since 2.0.0 028 */ 029public enum EncryptionMethod { 030 031 /** 032 * AES encryption in CBC mode with PKCS5 Padding and a 128 bit length, AES encryption for CEK, HMAC using SHA-256 033 * hash algorithm for authentication tag. 034 */ 035 A128CBC_HS256("AES_128_CBC_HMAC_SHA_256", "AES/CBC/PKCS5Padding", "HMACSHA256", "AES", 16, 256), 036 /** 037 * AES encryption in CBC mode with PKCS5 Padding and a 256 bit length, AES encryption for CEK, HMAC using SHA-256 038 * hash algorithm for authentication tag. 039 */ 040 A256CBC_HS512("AES_256_CBC_HMAC_SHA_512", "AES/CBC/PKCS5Padding", "HMACSHA512", "AES", 32, 512); 041 042 private final String name; 043 private final String transformation; 044 private final String macAlgorithm; 045 private final String encryptionAlgorithm; 046 private final int keyOffset; 047 private final int keySize; 048 049 /** 050 * Constructs a new EncryptionMethod with the given cryptographic parameters. 051 * 052 * @param name The full name of the encryption algorithm. 053 * @param transformation The Java Cryptographic algorithm name for the algorithm that will be used to encrypt the 054 * plaintext. 055 * @param macAlgorithm The Java Cryptographic algorithm name for the algorithm that will generate the MAC key. 056 * @param encryptionAlgorithm The Java Cryptographic algorithm name for the algorithm that will create the Content 057 * Encryption Key (CEK). 058 * @param keyOffset The number of octets in each of the CEK and MAC key. 059 * @param keySize The bit length of the Content Encryption Key (CEK). 060 */ 061 private EncryptionMethod(String name, String transformation, String macAlgorithm, String encryptionAlgorithm, 062 int keyOffset, int keySize) { 063 this.name = name; 064 this.transformation = transformation; 065 this.macAlgorithm = macAlgorithm; 066 this.encryptionAlgorithm = encryptionAlgorithm; 067 this.keyOffset = keyOffset; 068 this.keySize = keySize; 069 } 070 071 /** 072 * Gets the full name of the encryption method. 073 * 074 * @return The name of the encryption method. 075 */ 076 public String getName() { 077 return name; 078 } 079 080 /** 081 * Gets the Java Cryptographic algorithm name for the algorithm that will eb used to encrypt the plaintext. 082 * 083 * @return The transformation algorithm. 084 */ 085 public String getTransformation() { 086 return transformation; 087 } 088 089 /** 090 * Gets the Java Cryptographic algorithm name for the algorithm that will generate the MAC key. 091 * 092 * @return The mac algorithm. 093 */ 094 public String getMacAlgorithm() { 095 return macAlgorithm; 096 } 097 098 /** 099 * Gets the Java Cryptographic algorithm name for the algorithm that will create the Content Encryption Key (CEK). 100 * 101 * @return The encryption algorithm. 102 */ 103 public String getEncryptionAlgorithm() { 104 return encryptionAlgorithm; 105 } 106 107 /** 108 * Gets the number of octets in each of the CEK and MAC key. 109 * 110 * @return The Key Offset. 111 */ 112 public int getKeyOffset() { 113 return keyOffset; 114 } 115 116 /** 117 * Gets the bit length of the Content Encryption Key (CEK). 118 * 119 * @return The key size. 120 */ 121 public int getKeySize() { 122 return keySize; 123 } 124 125 /** 126 * Parses the given algorithm string to find the matching EncryptionMethod enum constant. 127 * 128 * @param method The encryption method. 129 * @return The EncryptionMethod enum. 130 */ 131 public static EncryptionMethod parseMethod(String method) { 132 try { 133 return EncryptionMethod.valueOf(method.toUpperCase()); 134 } catch (IllegalArgumentException e) { 135 for (EncryptionMethod encryptionMethod : EncryptionMethod.values()) { 136 if (encryptionMethod.getName().equalsIgnoreCase(method)) { 137 return encryptionMethod; 138 } 139 } 140 } 141 142 throw new JweException("Unknown Encryption Method, " + method); 143 } 144 145 /** 146 * Turns the EncryptionMethod constant into a JSON value string. 147 * 148 * @return {@inheritDoc} 149 */ 150 @Override 151 public String toString() { 152 return super.toString(); 153 } 154}