com.nimbusds.jose.aws.kms.crypto.impl

Class KmsSymmetricCryptoProvider

java.lang.Object

com.nimbusds.jose.crypto.impl.PublicBaseJWEProvider

com.nimbusds.jose.aws.kms.crypto.impl.KmsSymmetricCryptoProvider

All Implemented Interfaces:

com.nimbusds.jose.jca.JCAAware<com.nimbusds.jose.jca.JWEJCAContext>, com.nimbusds.jose.JOSEProvider, com.nimbusds.jose.JWEProvider

Direct Known Subclasses:

KmsSymmetricDecrypter, KmsSymmetricEncrypter

public abstract class KmsSymmetricCryptoProvider
extends PublicBaseJWEProvider

This class provides cryptography support for SYMMETRIC (AES based) encryption/decryption with keys stored in AWS KMS.

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	ENCRYPTION_CONTEXT_HEADER
static java.util.Map<com.nimbusds.jose.EncryptionMethod,com.amazonaws.services.kms.model.DataKeySpec>	ENCRYPTION_METHOD_TO_DATA_KEY_SPEC_MAP
static java.util.Set<com.nimbusds.jose.JWEAlgorithm>	SUPPORTED_ALGORITHMS The supported JWE algorithms (alg) by the AWS crypto provider class.
static java.util.Set<com.nimbusds.jose.EncryptionMethod>	SUPPORTED_ENCRYPTION_METHODS The supported JWE encryption methods (enc) by the AWS crypto provider class.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	KmsSymmetricCryptoProvider(@NonNull com.amazonaws.services.kms.AWSKMS kms, @NonNull java.lang.String keyId)
protected	KmsSymmetricCryptoProvider(@NonNull com.amazonaws.services.kms.AWSKMS kms, @NonNull java.lang.String keyId, @NonNull java.util.Map<java.lang.String,java.lang.String> encryptionContext)

Method Summary

Modifier and Type	Method and Description
protected java.util.Map<java.lang.String,java.lang.String>	getEncryptionContext() Encryption context for KMS.
com.nimbusds.jose.jca.JWEJCAContext	getJCAContext()
protected @NonNull java.lang.String	getKeyId() KMS key (CMK) ID (it can be a key ID, key ARN, key alias or key alias ARN)
protected @NonNull com.amazonaws.services.kms.AWSKMS	getKms() AWS-KMS client.
java.util.Set<com.nimbusds.jose.EncryptionMethod>	supportedEncryptionMethods()
java.util.Set<com.nimbusds.jose.JWEAlgorithm>	supportedJWEAlgorithms()
protected void	validateJWEHeader(@NonNull com.nimbusds.jose.JWEHeader header)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SUPPORTED_ALGORITHMS

public static final java.util.Set<com.nimbusds.jose.JWEAlgorithm> SUPPORTED_ALGORITHMS

The supported JWE algorithms (alg) by the AWS crypto provider class. Note: We are using KMS prescribed algorithm names here. Ref: https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html#key-spec-symmetric-default

SUPPORTED_ENCRYPTION_METHODS

public static final java.util.Set<com.nimbusds.jose.EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS

The supported JWE encryption methods (enc) by the AWS crypto provider class. Note: We are using JWE prescribed encryption method names here.

ENCRYPTION_METHOD_TO_DATA_KEY_SPEC_MAP

public static final java.util.Map<com.nimbusds.jose.EncryptionMethod,com.amazonaws.services.kms.model.DataKeySpec> ENCRYPTION_METHOD_TO_DATA_KEY_SPEC_MAP

ENCRYPTION_CONTEXT_HEADER

public static final java.lang.String ENCRYPTION_CONTEXT_HEADER

See Also:

Constant Field Values

Constructor Detail

KmsSymmetricCryptoProvider

protected KmsSymmetricCryptoProvider(@NonNull
                                     @NonNull com.amazonaws.services.kms.AWSKMS kms,
                                     @NonNull
                                     @NonNull java.lang.String keyId)

KmsSymmetricCryptoProvider

protected KmsSymmetricCryptoProvider(@NonNull
                                     @NonNull com.amazonaws.services.kms.AWSKMS kms,
                                     @NonNull
                                     @NonNull java.lang.String keyId,
                                     @NonNull
                                     @NonNull java.util.Map<java.lang.String,java.lang.String> encryptionContext)

Method Detail

validateJWEHeader

protected void validateJWEHeader(@NonNull
                                 @NonNull com.nimbusds.jose.JWEHeader header)
                          throws com.nimbusds.jose.JOSEException

Throws:

com.nimbusds.jose.JOSEException

getKms

@NonNull
protected @NonNull com.amazonaws.services.kms.AWSKMS getKms()

AWS-KMS client.

getKeyId

@NonNull
protected @NonNull java.lang.String getKeyId()

KMS key (CMK) ID (it can be a key ID, key ARN, key alias or key alias ARN)

getEncryptionContext

protected java.util.Map<java.lang.String,java.lang.String> getEncryptionContext()

Encryption context for KMS. Refer KMS's encrypt and decrypt APIs for more details. Ref: https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html#KMS-Encrypt-request-EncryptionContext

supportedJWEAlgorithms

public java.util.Set<com.nimbusds.jose.JWEAlgorithm> supportedJWEAlgorithms()

Specified by:

supportedJWEAlgorithms in interface com.nimbusds.jose.JWEProvider

supportedEncryptionMethods

public java.util.Set<com.nimbusds.jose.EncryptionMethod> supportedEncryptionMethods()

Specified by:

supportedEncryptionMethods in interface com.nimbusds.jose.JWEProvider

getJCAContext

public com.nimbusds.jose.jca.JWEJCAContext getJCAContext()

Specified by:

getJCAContext in interface com.nimbusds.jose.jca.JCAAware<com.nimbusds.jose.jca.JWEJCAContext>