JWEEncryptionProvider (Keycloak Docs Distribution 26.2.5 API)

All Known Implementing Classes:: AesCbcHmacShaEncryptionProvider, AesCbcHmacShaEncryptionProvider.Aes128CbcHmacSha256Provider, AesCbcHmacShaEncryptionProvider.Aes192CbcHmacSha384Provider, AesCbcHmacShaEncryptionProvider.Aes256CbcHmacSha512Provider, AesCbcHmacShaJWEEncryptionProvider, AesGcmEncryptionProvider, AesGcmJWEEncryptionProvider

public interface JWEEncryptionProvider

Author:: Marek Posolda

Method Summary

Modifier and Type

Method

Description

void

deserializeCEK(JWEKeyStorage keyStorage)

This method is supposed to deserialize keys.

void

encodeJwe(JWE jwe)

This method usually has 3 outputs: - generated initialization vector - encrypted content - authenticationTag for MAC validation It is supposed to call JWE.setEncryptedContentInfo(byte[], byte[], byte[]) after it's finished

int

getExpectedCEKLength()

byte[]

serializeCEK(JWEKeyStorage keyStorage)

This method requires that decoded CEK keys are present in the keyStorage.decodedCEK map before it's called

void

verifyAndDecodeJwe(JWE jwe)

This method is supposed to verify checksums and decrypt content.

Method Details
- encodeJwe
  
  void encodeJwe(JWE jwe) throws Exception
  
  This method usually has 3 outputs: - generated initialization vector - encrypted content - authenticationTag for MAC validation It is supposed to call JWE.setEncryptedContentInfo(byte[], byte[], byte[]) after it's finished
  
  Parameters:
  
  jwe -
  
  Throws:
  
  IOException
  
  GeneralSecurityException
  
  Exception
- verifyAndDecodeJwe
  
  void verifyAndDecodeJwe(JWE jwe) throws Exception
  
  This method is supposed to verify checksums and decrypt content. Then it needs to call JWE.content(byte[]) after it's finished
  
  Parameters:
  
  jwe -
  
  Throws:
  
  IOException
  
  GeneralSecurityException
  
  Exception
- serializeCEK
  
  byte[] serializeCEK(JWEKeyStorage keyStorage)
  
  This method requires that decoded CEK keys are present in the keyStorage.decodedCEK map before it's called
  
  Parameters:
  
  keyStorage -
  
  Returns:
- deserializeCEK
  
  void deserializeCEK(JWEKeyStorage keyStorage)
  
  This method is supposed to deserialize keys. It requires that JWEKeyStorage.getCekBytes() is set. After keys are deserialized, this method needs to call JWEKeyStorage.setCEKKey(Key, JWEKeyStorage.KeyUse) according to all uses, which this encryption algorithm requires.
  
  Parameters:
  
  keyStorage -
- getExpectedCEKLength
  
  int getExpectedCEKLength()