public String encryptWith()

in rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java [80:197]


    public String encryptWith(List<JweEncryptionProvider> encryptors,
                              List<JweHeaders> recipientUnprotected) {
        checkAndGetContentAlgorithm(encryptors);
        if (recipientUnprotected != null
            && recipientUnprotected.size() != encryptors.size()) {
            throw new IllegalArgumentException();
        }
        JweHeaders unionHeaders = new JweHeaders();
        if (protectedHeader != null) {
            unionHeaders.asMap().putAll(protectedHeader.asMap());
        }
        if (unprotectedHeader != null) {
            if (!Collections.disjoint(unionHeaders.asMap().keySet(),
                                     unprotectedHeader.asMap().keySet())) {
                LOG.warning("Protected and unprotected headers have duplicate values");
                throw new JweException(JweException.Error.INVALID_JSON_JWE);
            }
            checkCriticalHeaders(unprotectedHeader);
            unionHeaders.asMap().putAll(unprotectedHeader.asMap());
        }

        List<JweJsonEncryptionEntry> entries = new ArrayList<>(encryptors.size());
        Map<String, Object> jweJsonMap = new LinkedHashMap<>();
        byte[] cipherText = null;
        byte[] authTag = null;
        byte[] iv = null;
        for (int i = 0; i < encryptors.size(); i++) {
            JweEncryptionProvider encryptor = encryptors.get(i);
            JweHeaders perRecipientUnprotected =
                recipientUnprotected == null ? null : recipientUnprotected.get(i);
            final JweHeaders jsonHeaders;
            if (perRecipientUnprotected != null && !perRecipientUnprotected.asMap().isEmpty()) {
                checkCriticalHeaders(perRecipientUnprotected);
                if (!Collections.disjoint(unionHeaders.asMap().keySet(),
                                          perRecipientUnprotected.asMap().keySet())) {
                    LOG.warning("union and recipient unprotected headers have duplicate values");
                    throw new JweException(JweException.Error.INVALID_JSON_JWE);
                }
                jsonHeaders = new JweHeaders(new LinkedHashMap<String, Object>(unionHeaders.asMap()));
                jsonHeaders.asMap().putAll(perRecipientUnprotected.asMap());
            } else {
                jsonHeaders = unionHeaders;
            }
            jsonHeaders.setProtectedHeaders(protectedHeader);

            JweEncryptionInput input = createEncryptionInput(jsonHeaders);
            if (i > 0) {
                input.setContent(null);
                input.setContentEncryptionRequired(false);
            }
            JweEncryptionOutput state = encryptor.getEncryptionOutput(input);

            if (state.getHeaders() != null && state.getHeaders().asMap().size() != jsonHeaders.asMap().size()) {
                // New headers were generated during encryption for recipient
                Map<String, Object> newHeaders = new LinkedHashMap<>();
                state.getHeaders().asMap().forEach((name, value) -> {
                    if (!unionHeaders.containsHeader(name)) {
                        // store recipient header
                        newHeaders.put(name, value);
                    }
                });
                Map<String, Object> perRecipientUnprotectedHeaders = (perRecipientUnprotected != null)
                    ? new LinkedHashMap<>(perRecipientUnprotected.asMap())
                        : new LinkedHashMap<>();
                perRecipientUnprotectedHeaders.putAll(newHeaders);
                perRecipientUnprotected = new JweHeaders(perRecipientUnprotectedHeaders);
            }
            byte[] currentCipherText = state.getEncryptedContent();
            byte[] currentAuthTag = state.getAuthTag();
            byte[] currentIv = state.getIv();
            if (cipherText == null) {
                cipherText = currentCipherText;
            }
            if (authTag == null) {
                authTag = currentAuthTag;
            }
            if (iv == null) {
                iv = currentIv;
            }

            byte[] encryptedCek = state.getEncryptedContentEncryptionKey();
            if (encryptedCek.length == 0
                && encryptor.getKeyAlgorithm() != null
                && !KeyAlgorithm.isDirect(encryptor.getKeyAlgorithm())) {
                LOG.warning("Unexpected key encryption algorithm");
                throw new JweException(JweException.Error.INVALID_JSON_JWE);
            }
            String encodedCek = encryptedCek.length == 0 ? null : Base64UrlUtility.encode(encryptedCek);
            entries.add(new JweJsonEncryptionEntry(perRecipientUnprotected, encodedCek));

        }
        if (protectedHeader != null && !protectedHeader.asMap().isEmpty()) {
            jweJsonMap.put("protected",
                        Base64UrlUtility.encode(writer.toJson(protectedHeader)));
        }
        if (unprotectedHeader != null && !unprotectedHeader.asMap().isEmpty()) {
            jweJsonMap.put("unprotected", unprotectedHeader);
        }
        if (entries.size() == 1 && canBeFlat) {
            JweHeaders unprotectedEntryHeader = entries.get(0).getUnprotectedHeader();
            if (unprotectedEntryHeader != null && !unprotectedEntryHeader.asMap().isEmpty()) {
                jweJsonMap.put("header", unprotectedEntryHeader);
            }
            String encryptedKey = entries.get(0).getEncodedEncryptedKey();
            if (encryptedKey != null) {
                jweJsonMap.put("encrypted_key", encryptedKey);
            }
        } else {
            jweJsonMap.put("recipients", entries);
        }
        if (aad != null) {
            jweJsonMap.put("aad", Base64UrlUtility.encode(aad));
        }
        jweJsonMap.put("iv", Base64UrlUtility.encode(iv));
        jweJsonMap.put("ciphertext", Base64UrlUtility.encode(cipherText));
        jweJsonMap.put("tag", Base64UrlUtility.encode(authTag));
        return writer.toJson(jweJsonMap);
    }