client-encryption-java/src/main/java/com/mastercard/developer/encryption/JweConfigBuilder.java at 96f1427ee33e53091e05fd8a993a9f8b0f723691 · Mastercard/client-encryption-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
package com.mastercard.developer.encryption;

import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.Collections;

public class JweConfigBuilder extends EncryptionConfigBuilder {

    /**
     * Get an instance of the builder.
     */
    public static JweConfigBuilder aJweEncryptionConfig() {
        return new JweConfigBuilder();
    }

    /**
     * Build a {@link JweConfig}.
     *
     * @throws EncryptionException
     */
    public JweConfig build() throws EncryptionException {
        checkParameterValues();
        computeEncryptionKeyFingerprintWhenNeeded();
        checkJsonPathParameterValues();

        JweConfig config = new JweConfig();
        config.encryptionCertificate = this.encryptionCertificate;
        config.encryptionKey = this.encryptionKey;
        config.encryptionKeyFingerprint = this.encryptionKeyFingerprint;
        config.decryptionKey = this.decryptionKey;
        config.encryptionPaths = this.encryptionPaths.isEmpty() ? Collections.singletonMap("$", "$") : this.encryptionPaths;
        config.decryptionPaths = this.decryptionPaths.isEmpty() ? Collections.singletonMap("$.encryptedData", "$") : this.decryptionPaths;
        config.encryptedValueFieldName = this.encryptedValueFieldName == null ? "encryptedData" : this.encryptedValueFieldName;
        config.scheme = EncryptionConfig.Scheme.JWE;
        config.ivSize = ivSize;
        config.enableCbcHmacVerification = enableCbcHmacVerification;
        return config;
    }

    /**
     * See: {@link EncryptionConfig#encryptionCertificate}.
     */
    public JweConfigBuilder withEncryptionCertificate(Certificate encryptionCertificate) {
        if (this.encryptionKey != null) {
            throw new IllegalArgumentException("You have already supplied an encryption key");
        }
        this.encryptionCertificate = encryptionCertificate;
        return this;
    }

    /**
     * See: {@link EncryptionConfig#encryptionKey}.
     */
    public JweConfigBuilder withEncryptionKey(PublicKey encryptionKey) {
        if (this.encryptionCertificate != null) {
            throw new IllegalArgumentException("You have already supplied an encryption certificate");
        }
        this.encryptionKey = encryptionKey;
        return this;
    }

    /**
     * See: {@link EncryptionConfig#decryptionKey}.
     */
    public JweConfigBuilder withDecryptionKey(PrivateKey decryptionKey) {
        this.decryptionKey = decryptionKey;
        return this;
    }

    /**
     * See: {@link EncryptionConfig#encryptionPaths}.
     */
    public JweConfigBuilder withEncryptionPath(String jsonPathIn, String jsonPathOut) {
        this.encryptionPaths.put(jsonPathIn, jsonPathOut);
        return this;
    }

    /**
     * See: {@link EncryptionConfig#decryptionPaths}.
     */
    public JweConfigBuilder withDecryptionPath(String jsonPathIn, String jsonPathOut) {
        this.decryptionPaths.put(jsonPathIn, jsonPathOut);
        return this;
    }


    public JweConfigBuilder withEncryptedValueFieldName(String encryptedValueFieldName) {
        this.encryptedValueFieldName = encryptedValueFieldName;
        return this;
    }

    public JweConfigBuilder withEncryptionKeyFingerprint(String encryptionKeyFingerprint) {
        this.encryptionKeyFingerprint = encryptionKeyFingerprint;
        return this;
    }

    /**
     * See: {@link EncryptionConfig#ivSize}.
     */
    public JweConfigBuilder withEncryptionIVSize(Integer ivSize) {
        if (ivSize == 12 || ivSize == 16) {
            this.ivSize = ivSize;
            return this;
        }
        throw new IllegalArgumentException("Supported IV Sizes are either 12 or 16!");
    }
    /**
     * See: {@link EncryptionConfig#enableCbcHmacVerification}.
     * Enable or disable HMAC authentication tag verification for AES-CBC mode (A128CBC-HS256).
     * Default is false (disabled) for backward compatibility.
     * Set to true to enable proper HMAC verification according to JWE spec.
     */
    public JweConfigBuilder withEnableCbcHmacVerification(Boolean enableCbcHmacVerification) {
        this.enableCbcHmacVerification = enableCbcHmacVerification;
        return this;
    }


    private void checkParameterValues() {
        if (decryptionKey == null && encryptionCertificate == null && encryptionKey == null) {
            throw new IllegalArgumentException("You must include at least an encryption key/certificate or a decryption key");
        }
    }

}