You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/02/06 18:26:04 UTC
cxf git commit: [CXF-6085] Avoiding passing JweHeaders directly to
JWE encryptor constructors as the same is possible with interface methods and
thus avoiding possible ambiguities that may arise with JWE JSON union headers
Repository: cxf
Updated Branches:
refs/heads/master 9b93ca4bd -> 2d2affae9
[CXF-6085] Avoiding passing JweHeaders directly to JWE encryptor constructors as the same is possible with interface methods and thus avoiding possible ambiguities that may arise with JWE JSON union headers
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2d2affae
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2d2affae
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2d2affae
Branch: refs/heads/master
Commit: 2d2affae9fa59107b86f41cddb419dd5cf48c862
Parents: 9b93ca4
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Fri Feb 6 17:25:47 2015 +0000
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Fri Feb 6 17:25:47 2015 +0000
----------------------------------------------------------------------
.../jose/jwe/AbstractJweEncryption.java | 52 ++++++++++----------
.../jose/jwe/AesCbcHmacJweEncryption.java | 20 +++-----
.../jose/jwe/DirectKeyJweEncryption.java | 15 +++---
.../jose/jwe/EcdhDirectKeyJweEncryption.java | 3 +-
.../cxf/rs/security/jose/jwe/JweUtils.java | 7 ++-
.../jose/jwe/WrappedKeyJweEncryption.java | 8 +--
.../jose/jwe/JweCompactReaderWriterTest.java | 15 ++----
.../jose/jwe/JwePbeHmacAesWrapTest.java | 9 ++--
8 files changed, 51 insertions(+), 78 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/2d2affae/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
index 37991d9..66d0a51 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
@@ -31,14 +31,11 @@ import org.apache.cxf.rs.security.jose.jwa.Algorithm;
public abstract class AbstractJweEncryption implements JweEncryptionProvider {
protected static final int DEFAULT_AUTH_TAG_LENGTH = 128;
- private JweHeaders headers;
private ContentEncryptionAlgorithm contentEncryptionAlgo;
private KeyEncryptionAlgorithm keyEncryptionAlgo;
private JoseHeadersReaderWriter writer = new JoseHeadersReaderWriter();
- protected AbstractJweEncryption(JweHeaders headers,
- ContentEncryptionAlgorithm contentEncryptionAlgo,
+ protected AbstractJweEncryption(ContentEncryptionAlgorithm contentEncryptionAlgo,
KeyEncryptionAlgorithm keyEncryptionAlgo) {
- this.headers = headers;
this.keyEncryptionAlgo = keyEncryptionAlgo;
this.contentEncryptionAlgo = contentEncryptionAlgo;
}
@@ -49,8 +46,8 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
return getContentEncryptionAlgorithm().getAlgorithmParameterSpec(theIv);
}
- protected byte[] getContentEncryptionKey() {
- byte[] cek = getProvidedContentEncryptionKey();
+ protected byte[] getContentEncryptionKey(JweHeaders headers) {
+ byte[] cek = getProvidedContentEncryptionKey(headers);
if (cek == null) {
String algoJava = getContentEncryptionAlgoJava();
String algoJwt = getContentEncryptionAlgoJwt();
@@ -64,16 +61,16 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
return Algorithm.valueOf(algoJwt.replace('-', '_')).getKeySizeBits();
}
- protected byte[] getProvidedContentEncryptionKey() {
+ protected byte[] getProvidedContentEncryptionKey(JweHeaders headers) {
return getContentEncryptionAlgorithm().getContentEncryptionKey(headers);
}
- protected byte[] getEncryptedContentEncryptionKey(byte[] theCek) {
+ protected byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] theCek) {
return getKeyEncryptionAlgo().getEncryptedContentEncryptionKey(headers, theCek);
}
protected String getContentEncryptionAlgoJwt() {
- return headers.getContentEncryptionAlgorithm();
+ return getContentEncryptionAlgorithm().getAlgorithm();
}
protected String getContentEncryptionAlgoJava() {
return Algorithm.toJavaName(getContentEncryptionAlgoJwt());
@@ -98,9 +95,6 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
cipher,
DEFAULT_AUTH_TAG_LENGTH);
}
- protected JweHeaders getJweHeaders() {
- return headers;
- }
@Override
public String getKeyAlgorithm() {
return getKeyEncryptionAlgo().getAlgorithm();
@@ -137,29 +131,37 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
}
private JweEncryptionInternal getInternalState(JweHeaders jweHeaders, byte[] aad) {
- byte[] theCek = getContentEncryptionKey();
- String contentEncryptionAlgoJavaName = Algorithm.toJavaName(headers.getContentEncryptionAlgorithm());
- KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName);
- keyProps.setCompressionSupported(compressionRequired(headers));
-
- byte[] theIv = getContentEncryptionAlgorithm().getInitVector();
- AlgorithmParameterSpec specParams = getAlgorithmParameterSpec(theIv);
- keyProps.setAlgoSpec(specParams);
- byte[] jweContentEncryptionKey = getEncryptedContentEncryptionKey(theCek);
+ JweHeaders theHeaders = new JweHeaders();
+ if (getKeyAlgorithm() != null) {
+ theHeaders.setKeyEncryptionAlgorithm(getKeyAlgorithm());
+ }
+ theHeaders.setContentEncryptionAlgorithm(getContentAlgorithm());
- JweHeaders theHeaders = headers;
if (jweHeaders != null) {
if (jweHeaders.getKeyEncryptionAlgorithm() != null
- && !getKeyAlgorithm().equals(jweHeaders.getKeyEncryptionAlgorithm())
+ && (getKeyAlgorithm() == null
+ || !getKeyAlgorithm().equals(jweHeaders.getKeyEncryptionAlgorithm()))
|| jweHeaders.getAlgorithm() != null
&& !getContentAlgorithm().equals(jweHeaders.getAlgorithm())) {
throw new SecurityException();
}
- theHeaders = new JweHeaders(theHeaders.asMap());
theHeaders.asMap().putAll(jweHeaders.asMap());
}
+
+
+
+ byte[] theCek = getContentEncryptionKey(theHeaders);
+ String contentEncryptionAlgoJavaName = Algorithm.toJavaName(getContentEncryptionAlgoJwt());
+ KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName);
+ keyProps.setCompressionSupported(compressionRequired(theHeaders));
+
+ byte[] theIv = getContentEncryptionAlgorithm().getInitVector();
+ AlgorithmParameterSpec specParams = getAlgorithmParameterSpec(theIv);
+ keyProps.setAlgoSpec(specParams);
+ byte[] jweContentEncryptionKey =
+ getEncryptedContentEncryptionKey(theHeaders, theCek);
+
JweHeaders protectedHeaders = theHeaders;
-
String protectedHeadersJson = writer.headersToJson(protectedHeaders);
byte[] additionalEncryptionParam = getAAD(protectedHeadersJson, aad);
http://git-wip-us.apache.org/repos/asf/cxf/blob/2d2affae/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
index 488466c..a673540 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
@@ -45,18 +45,12 @@ public class AesCbcHmacJweEncryption extends AbstractJweEncryption {
}
public AesCbcHmacJweEncryption(String cekAlgoJwt,
KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
- this(new JweHeaders(keyEncryptionAlgorithm.getAlgorithm(), cekAlgoJwt), null, null,
- keyEncryptionAlgorithm);
+ this(cekAlgoJwt, null, null, keyEncryptionAlgorithm);
}
- public AesCbcHmacJweEncryption(JweHeaders headers,
- KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
- this(headers, null, null, keyEncryptionAlgorithm);
- }
- public AesCbcHmacJweEncryption(JweHeaders headers, byte[] cek,
+ public AesCbcHmacJweEncryption(String cekAlgoJwt, byte[] cek,
byte[] iv, KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
- super(headers,
- new AesCbcContentEncryptionAlgorithm(cek, iv,
- validateCekAlgorithm(headers.getContentEncryptionAlgorithm())),
+ super(new AesCbcContentEncryptionAlgorithm(cek, iv,
+ validateCekAlgorithm(cekAlgoJwt)),
keyEncryptionAlgorithm);
}
@@ -146,9 +140,9 @@ public class AesCbcHmacJweEncryption extends AbstractJweEncryption {
}
};
}
-
- protected byte[] getEncryptedContentEncryptionKey(byte[] theCek) {
- return getKeyEncryptionAlgo().getEncryptedContentEncryptionKey(getJweHeaders(), theCek);
+ @Override
+ protected byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] theCek) {
+ return getKeyEncryptionAlgo().getEncryptedContentEncryptionKey(headers, theCek);
}
private static class AesCbcContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm {
http://git-wip-us.apache.org/repos/asf/cxf/blob/2d2affae/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java
index ada89a8..0017689 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java
@@ -22,18 +22,15 @@ package org.apache.cxf.rs.security.jose.jwe;
public class DirectKeyJweEncryption extends AbstractJweEncryption {
public DirectKeyJweEncryption(ContentEncryptionAlgorithm ceAlgo) {
- this(new JweHeaders(ceAlgo.getAlgorithm()), ceAlgo);
+ this(ceAlgo, new DirectKeyEncryptionAlgorithm());
}
- public DirectKeyJweEncryption(JweHeaders headers, ContentEncryptionAlgorithm ceAlgo) {
- this(headers, ceAlgo, new DirectKeyEncryptionAlgorithm());
- }
- protected DirectKeyJweEncryption(JweHeaders headers,
- ContentEncryptionAlgorithm ceAlgo,
+ protected DirectKeyJweEncryption(ContentEncryptionAlgorithm ceAlgo,
DirectKeyEncryptionAlgorithm direct) {
- super(headers, ceAlgo, direct);
+ super(ceAlgo, direct);
}
- protected byte[] getProvidedContentEncryptionKey() {
- return validateCek(super.getProvidedContentEncryptionKey());
+ @Override
+ protected byte[] getProvidedContentEncryptionKey(JweHeaders headers) {
+ return validateCek(super.getProvidedContentEncryptionKey(headers));
}
private static byte[] validateCek(byte[] cek) {
if (cek == null) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/2d2affae/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
index 07ce2f4..aa18988 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
@@ -36,8 +36,7 @@ public class EcdhDirectKeyJweEncryption extends DirectKeyJweEncryption {
String apuString,
String apvString,
String ctAlgo) {
- super(new JweHeaders(ctAlgo),
- new EcdhAesGcmContentEncryptionAlgorithm(peerPublicKey,
+ super(new EcdhAesGcmContentEncryptionAlgorithm(peerPublicKey,
curve,
apuString,
apvString,
http://git-wip-us.apache.org/repos/asf/cxf/blob/2d2affae/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index accd8a3..a28c859 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -360,10 +360,9 @@ public final class JweUtils {
JweHeaders headers) {
String contentEncryptionAlgo = headers.getContentEncryptionAlgorithm();
if (Algorithm.isAesCbcHmac(contentEncryptionAlgo)) {
- return new AesCbcHmacJweEncryption(headers, keyEncryptionProvider);
+ return new AesCbcHmacJweEncryption(contentEncryptionAlgo, keyEncryptionProvider);
} else {
- return new WrappedKeyJweEncryption(headers,
- keyEncryptionProvider,
+ return new WrappedKeyJweEncryption(keyEncryptionProvider,
getContentEncryptionAlgorithm(contentEncryptionAlgo));
}
}
@@ -509,7 +508,7 @@ public final class JweUtils {
if (keyEncryptionProvider != null) {
return createJweEncryptionProvider(keyEncryptionProvider, headers);
} else {
- return new DirectKeyJweEncryption(headers, ctEncryptionProvider);
+ return new DirectKeyJweEncryption(ctEncryptionProvider);
}
}
private static JweDecryptionProvider createJweDecryptionProvider(KeyDecryptionAlgorithm keyDecryptionProvider,
http://git-wip-us.apache.org/repos/asf/cxf/blob/2d2affae/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java
index ff34730..04c5a8b 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java
@@ -22,13 +22,7 @@ package org.apache.cxf.rs.security.jose.jwe;
public class WrappedKeyJweEncryption extends AbstractJweEncryption {
public WrappedKeyJweEncryption(KeyEncryptionAlgorithm keyEncryptionAlgorithm,
ContentEncryptionAlgorithm contentEncryptionAlgo) {
- this(new JweHeaders(keyEncryptionAlgorithm.getAlgorithm(), contentEncryptionAlgo.getAlgorithm()),
- keyEncryptionAlgorithm, contentEncryptionAlgo);
- }
- public WrappedKeyJweEncryption(JweHeaders headers,
- KeyEncryptionAlgorithm keyEncryptionAlgorithm,
- ContentEncryptionAlgorithm contentEncryptionAlgo) {
- super(headers, contentEncryptionAlgo, keyEncryptionAlgorithm);
+ super(contentEncryptionAlgo, keyEncryptionAlgorithm);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/2d2affae/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
index 5a18267..029e164 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
@@ -98,15 +98,12 @@ public class JweCompactReaderWriterTest extends Assert {
@Test
public void testEncryptDecryptAesWrapA128CBCHS256() throws Exception {
final String specPlainText = "Live long and prosper.";
- JweHeaders headers = new JweHeaders();
- headers.setAlgorithm(Algorithm.A128KW.getJwtName());
- headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName());
byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3);
AesWrapKeyEncryptionAlgorithm keyEncryption =
new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, Algorithm.A128KW.getJwtName());
- JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers,
+ JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(),
CONTENT_ENCRYPTION_KEY_A3,
INIT_VECTOR_A3,
keyEncryption);
@@ -144,9 +141,6 @@ public class JweCompactReaderWriterTest extends Assert {
@Test
public void testEncryptDecryptRSA15WrapA128CBCHS256() throws Exception {
final String specPlainText = "Live long and prosper.";
- JweHeaders headers = new JweHeaders();
- headers.setAlgorithm(Algorithm.RSA_1_5.getJwtName());
- headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName());
RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED_A1,
RSA_PUBLIC_EXPONENT_ENCODED_A1);
@@ -154,7 +148,7 @@ public class JweCompactReaderWriterTest extends Assert {
KeyEncryptionAlgorithm keyEncryption = new RSAKeyEncryptionAlgorithm(publicKey,
Algorithm.RSA_1_5.getJwtName());
- JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers,
+ JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(),
CONTENT_ENCRYPTION_KEY_A3,
INIT_VECTOR_A3,
keyEncryption);
@@ -177,15 +171,12 @@ public class JweCompactReaderWriterTest extends Assert {
return;
}
final String specPlainText = "Live long and prosper.";
- JweHeaders headers = new JweHeaders();
- headers.setAlgorithm(JoseConstants.A128GCMKW_ALGO);
- headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName());
byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3);
AesGcmWrapKeyEncryptionAlgorithm keyEncryption =
new AesGcmWrapKeyEncryptionAlgorithm(cekEncryptionKey, JoseConstants.A128GCMKW_ALGO);
- JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers,
+ JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(),
CONTENT_ENCRYPTION_KEY_A3,
INIT_VECTOR_A3,
keyEncryption);
http://git-wip-us.apache.org/repos/asf/cxf/blob/2d2affae/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
index e21cde0..4025cda 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
@@ -41,13 +41,11 @@ public class JwePbeHmacAesWrapTest extends Assert {
@Test
public void testEncryptDecryptPbesHmacAesWrapA128CBCHS256() throws Exception {
final String specPlainText = "Live long and prosper.";
- JweHeaders headers = new JweHeaders();
- headers.setAlgorithm(JoseConstants.PBES2_HS256_A128KW_ALGO);
- headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName());
final String password = "Thus from my lips, by yours, my sin is purged.";
KeyEncryptionAlgorithm keyEncryption =
new PbesHmacAesWrapKeyEncryptionAlgorithm(password, JoseConstants.PBES2_HS256_A128KW_ALGO);
- JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers, keyEncryption);
+ JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(),
+ keyEncryption);
String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
PbesHmacAesWrapKeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password);
@@ -65,8 +63,7 @@ public class JwePbeHmacAesWrapTest extends Assert {
final String password = "Thus from my lips, by yours, my sin is purged.";
KeyEncryptionAlgorithm keyEncryption =
new PbesHmacAesWrapKeyEncryptionAlgorithm(password, JoseConstants.PBES2_HS256_A128KW_ALGO);
- JweEncryptionProvider encryption = new WrappedKeyJweEncryption(headers,
- keyEncryption,
+ JweEncryptionProvider encryption = new WrappedKeyJweEncryption(keyEncryption,
new AesGcmContentEncryptionAlgorithm(Algorithm.A128GCM.getJwtName()));
String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
PbesHmacAesWrapKeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password);