Migrated all uses of Jwts.ENC to Jwe.alg

Author: lhazlewood

CHANGELOG.md

@@ -226,7 +226,7 @@ All JWA-defined encryption algorithms and key management algorithms are fully im
 available immediately.  For example:
 
 ```java
-AeadAlgorithm enc = Jwts.ENC.A256GCM;
+AeadAlgorithm enc = Jwe.alg.A256GCM;
 SecretKey key = enc.key().build();
 String compact = Jwts.builder().setSubject("Joe").encryptWith(key, enc).compact();
 

README.adoc

@@ -2225,7 +2225,7 @@ The JWT specification defines 6 standard Authenticated Encryption algorithms use
 | AES GCM using 256-bit key
 |===
 
-These are all represented as constants in the `io.jsonwebtoken.Jwts.ENC` registry singleton as
+These are all represented as constants in the `io.jsonwebtoken.Jwe.alg` registry singleton as
 implementations of the `io.jsonwebtoken.security.AeadAlgorithm` interface.
 
 As shown in the table above, each algorithm requires a key of sufficient length.  The JWT specification
@@ -3891,7 +3891,7 @@ Example:
 ----
 // Create a test key suitable for the desired payload encryption algorithm:
 // (A*GCM algorithms are recommended, but require JDK >= 8 or BouncyCastle)
-AeadAlgorithm enc = Jwts.ENC.A256GCM; //or A128GCM, A192GCM, A256CBC-HS512, etc...
+AeadAlgorithm enc = Jwe.alg.A256GCM; //or A128GCM, A192GCM, A256CBC-HS512, etc...
 SecretKey key = enc.key().build();
 
 String message = "Live long and prosper.";
@@ -3927,7 +3927,7 @@ KeyPair pair = Jws.alg.RS512.keyPair().build();
 // Choose the key algorithm used encrypt the payload key:
 KeyAlgorithm<PublicKey, PrivateKey> alg = Jwts.KEY.RSA_OAEP_256; //or RSA_OAEP or RSA1_5
 // Choose the Encryption Algorithm to encrypt the payload:
-AeadAlgorithm enc = Jwts.ENC.A256GCM; //or A192GCM, A128GCM, A256CBC-HS512, etc...
+AeadAlgorithm enc = Jwe.alg.A256GCM; //or A192GCM, A128GCM, A256CBC-HS512, etc...
 
 // Bob creates the compact JWE with Alice's RSA public key so only she may read it:
 String jwe = Jwts.builder().audience().add("Alice").and()
@@ -3964,7 +3964,7 @@ SecretKeyAlgorithm alg = Jwts.KEY.A256GCMKW; //or A192GCMKW, A128GCMKW, A256KW,
 SecretKey key = alg.key().build();
 
 // Chooose the Encryption Algorithm used to encrypt the payload:
-AeadAlgorithm enc = Jwts.ENC.A256GCM; //or A192GCM, A128GCM, A256CBC-HS512, etc...
+AeadAlgorithm enc = Jwe.alg.A256GCM; //or A192GCM, A128GCM, A256CBC-HS512, etc...
 
 // Create the compact JWE:
 String jwe = Jwts.builder().issuer("me").encryptWith(key, alg, enc).compact();
@@ -3999,7 +3999,7 @@ KeyPair pair = Jws.alg.ES512.keyPair().build();
 // Choose the key algorithm used encrypt the payload key:
 KeyAlgorithm<PublicKey, PrivateKey> alg = Jwts.KEY.ECDH_ES_A256KW; //ECDH_ES_A192KW, etc...
 // Choose the Encryption Algorithm to encrypt the payload:
-AeadAlgorithm enc = Jwts.ENC.A256GCM; //or A192GCM, A128GCM, A256CBC-HS512, etc...
+AeadAlgorithm enc = Jwe.alg.A256GCM; //or A192GCM, A128GCM, A256CBC-HS512, etc...
 
 // Bob creates the compact JWE with Alice's EC public key so only she may read it:
 String jwe = Jwts.builder().audience().add("Alice").and()
@@ -4046,7 +4046,7 @@ KeyAlgorithm<Password, Password> alg = Jwts.KEY.PBES2_HS512_A256KW; //or PBES2_H
 //int pbkdf2Iterations = 120000; //for HS512. Needs to be much higher for smaller hash algs.
 
 // Choose the Encryption Algorithm used to encrypt the payload:
-AeadAlgorithm enc = Jwts.ENC.A256GCM; //or A192GCM, A128GCM, A256CBC-HS512, etc...
+AeadAlgorithm enc = Jwe.alg.A256GCM; //or A192GCM, A128GCM, A256CBC-HS512, etc...
 
 // Create the compact JWE:
 String jwe = Jwts.builder().issuer("me")

api/src/main/java/io/jsonwebtoken/Jwe.java

@@ -15,6 +15,10 @@
  */
 package io.jsonwebtoken;
 
+import io.jsonwebtoken.lang.Classes;
+import io.jsonwebtoken.lang.Registry;
+import io.jsonwebtoken.security.AeadAlgorithm;
+
 /**
  * An encrypted JWT, called a "JWE", per the
  * <a href="https://www.rfc-editor.org/rfc/rfc7516.html">JWE (RFC 7516) Specification</a>.
@@ -24,6 +28,86 @@
  */
 public interface Jwe<B> extends ProtectedJwt<JweHeader, B> {
 
+    /**
+     * Constants for all standard JWA
+     * <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-5">Cryptographic Algorithms for Content
+     * Encryption</a> defined in the <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-7.1">JSON
+     * Web Signature and Encryption Algorithms Registry</a>. Each standard algorithm is available as a
+     * ({@code public static final}) constant for direct type-safe reference in application code. For example:
+     * <blockquote><pre>
+     * Jwts.builder()
+     *    // ... etc ...
+     *    .encryptWith(aKey, <b>Jwe.alg.A256GCM</b>) // or A128GCM, A192GCM, etc...
+     *    .build();</pre></blockquote>
+     * <p>They are also available together as a {@link Registry} instance via the {@link #registry()} method.</p>
+     *
+     * @see #registry()
+     * @since JJWT_RELEASE_VERSION
+     */
+    final class alg {
+
+        private static final String IMPL_CLASSNAME = "io.jsonwebtoken.impl.security.StandardEncryptionAlgorithms";
+        private static final Registry<String, AeadAlgorithm> REGISTRY = Classes.newInstance(IMPL_CLASSNAME);
+
+        /**
+         * Returns all standard JWA <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-5">Cryptographic
+         * Algorithms for Content Encryption</a> defined in the
+         * <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-7.1">JSON Web Signature and Encryption
+         * Algorithms Registry</a>.
+         *
+         * @return all standard JWA content encryption algorithms.
+         */
+        public static Registry<String, AeadAlgorithm> registry() {
+            return REGISTRY;
+        }
+
+        // prevent instantiation
+        private alg() {
+        }
+
+        /**
+         * {@code AES_128_CBC_HMAC_SHA_256} authenticated encryption algorithm as defined by
+         * <a href="https://tools.ietf.org/html/rfc7518#section-5.2.3">RFC 7518, Section 5.2.3</a>.  This algorithm
+         * requires a 256-bit (32 byte) key.
+         */
+        public static final AeadAlgorithm A128CBC_HS256 = registry().forKey("A128CBC-HS256");
+
+        /**
+         * {@code AES_192_CBC_HMAC_SHA_384} authenticated encryption algorithm, as defined by
+         * <a href="https://tools.ietf.org/html/rfc7518#section-5.2.4">RFC 7518, Section 5.2.4</a>. This algorithm
+         * requires a 384-bit (48 byte) key.
+         */
+        public static final AeadAlgorithm A192CBC_HS384 = registry().forKey("A192CBC-HS384");
+
+        /**
+         * {@code AES_256_CBC_HMAC_SHA_512} authenticated encryption algorithm, as defined by
+         * <a href="https://tools.ietf.org/html/rfc7518#section-5.2.5">RFC 7518, Section 5.2.5</a>.  This algorithm
+         * requires a 512-bit (64 byte) key.
+         */
+        public static final AeadAlgorithm A256CBC_HS512 = registry().forKey("A256CBC-HS512");
+
+        /**
+         * &quot;AES GCM using 128-bit key&quot; as defined by
+         * <a href="https://tools.ietf.org/html/rfc7518#section-5.3">RFC 7518, Section 5.3</a>.  This
+         * algorithm requires a 128-bit (16 byte) key.
+         */
+        public static final AeadAlgorithm A128GCM = registry().forKey("A128GCM");
+
+        /**
+         * &quot;AES GCM using 192-bit key&quot; as defined by
+         * <a href="https://tools.ietf.org/html/rfc7518#section-5.3">RFC 7518, Section 5.3</a>.  This
+         * algorithm requires a 192-bit (24 byte) key.
+         */
+        public static final AeadAlgorithm A192GCM = registry().forKey("A192GCM");
+
+        /**
+         * &quot;AES GCM using 256-bit key&quot; as defined by
+         * <a href="https://tools.ietf.org/html/rfc7518#section-5.3">RFC 7518, Section 5.3</a>.  This
+         * algorithm requires a 256-bit (32 byte) key.
+         */
+        public static final AeadAlgorithm A256GCM = registry().forKey("A256GCM");
+    }
+
     /**
      * Visitor implementation that ensures the visited JWT is a JSON Web Encryption ('JWE') message with an
      * authenticated and decrypted {@code byte[]} array payload, and rejects all others with an

api/src/main/java/io/jsonwebtoken/JwtBuilder.java

@@ -885,9 +885,9 @@ public interface JwtBuilder extends ClaimsMutator<JwtBuilder> {
      *
      * @param key the symmetric encryption key to use with the {@code enc} algorithm.
      * @param enc the {@link AeadAlgorithm} algorithm used to encrypt the JWE, usually one of the JWA-standard
-     *            algorithms accessible via {@link Jwts.ENC}.
+     *            algorithms accessible via {@link Jwe.alg}.
      * @return the JWE builder for method chaining.
-     * @see Jwts.ENC
+     * @see Jwe.alg
      */
     JwtBuilder encryptWith(SecretKey key, AeadAlgorithm enc);
 
@@ -908,7 +908,7 @@ public interface JwtBuilder extends ClaimsMutator<JwtBuilder> {
      * </ol>
      *
      * <p>Most application developers will reference one of the JWA
-     * {@link Jwts.KEY standard key algorithms} and {@link Jwts.ENC standard encryption algorithms}
+     * {@link Jwts.KEY standard key algorithms} and {@link Jwe.alg standard encryption algorithms}
      * when invoking this method, but custom implementations are also supported.</p>
      *
      * @param <K>    the type of key that must be used with the specified {@code keyAlg} instance.
@@ -917,7 +917,7 @@ public interface JwtBuilder extends ClaimsMutator<JwtBuilder> {
      *               {@code enc} algorithm
      * @param enc    the {@link AeadAlgorithm} algorithm used to encrypt the JWE
      * @return the JWE builder for method chaining.
-     * @see Jwts.ENC
+     * @see Jwe.alg
      * @see Jwts.KEY
      */
     <K extends Key> JwtBuilder encryptWith(K key, KeyAlgorithm<? super K, ?> keyAlg, AeadAlgorithm enc);

api/src/main/java/io/jsonwebtoken/JwtParserBuilder.java

@@ -574,7 +574,7 @@ public interface JwtParserBuilder extends Builder<JwtParser> {
      *
      * <p><b>Standard Algorithms and Overrides</b></p>
      *
-     * <p>All JWA-standard AEAD encryption algorithms in the {@link Jwts.ENC} registry are supported by default and
+     * <p>All JWA-standard AEAD encryption algorithms in the {@link Jwe.alg} registry are supported by default and
      * do not need to be added. The collection may be useful however for removing some algorithms (for example,
      * any algorithms not used by the application, or those not compatible with application security requirements),
      * or for adding custom implementations.</p>
@@ -595,7 +595,7 @@ public interface JwtParserBuilder extends Builder<JwtParser> {
      *
      * @return the {@link NestedCollection} to use to configure the AEAD encryption algorithms available when parsing.
      * @see JwtBuilder#encryptWith(Key, KeyAlgorithm, AeadAlgorithm)
-     * @see Jwts.ENC
+     * @see Jwe.alg
      * @see <a href="https://www.rfc-editor.org/rfc/rfc7516.html#section-4.1.2">&quot;enc&quot; (Encryption Algorithm) Header Parameter</a>
      * @see <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-7.1.1">Encryption Algorithm Name (id) requirements</a>
      * @since 0.12.0

api/src/main/java/io/jsonwebtoken/Jwts.java

@@ -70,28 +70,29 @@ static <T> T get(Registry<String, ?> registry, String id) {
      * <blockquote><pre>
      * Jwts.builder()
      *    // ... etc ...
-     *    .encryptWith(aKey, <b>Jwts.ENC.A256GCM</b>) // or A128GCM, A192GCM, etc...
+     *    .encryptWith(aKey, <b>Jwe.alg.A256GCM</b>) // or A128GCM, A192GCM, etc...
      *    .build();</pre></blockquote>
-     * <p>They are also available together as a {@link Registry} instance via the {@link #get()} method.</p>
+     * <p>They are also available together as a {@link Registry} instance via {@link Jwe.alg#registry()}.</p>
      *
-     * @see #get()
+     * @see Jwe.alg#registry()
      * @since 0.12.0
+     * @deprecated since JJWT_RELEASE_VERSION in favor of {@link Jwe.alg}.
      */
+    @Deprecated
     public static final class ENC {
 
-        private static final String IMPL_CLASSNAME = "io.jsonwebtoken.impl.security.StandardEncryptionAlgorithms";
-        private static final Registry<String, AeadAlgorithm> REGISTRY = Classes.newInstance(IMPL_CLASSNAME);
-
         /**
          * Returns all standard JWA <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-5">Cryptographic
          * Algorithms for Content Encryption</a> defined in the
          * <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-7.1">JSON Web Signature and Encryption
          * Algorithms Registry</a>.
          *
          * @return all standard JWA content encryption algorithms.
+         * @deprecated since JJWT_RELEASE_VERSION in favor of {@link Jwe.alg#registry()}.
          */
+        @Deprecated
         public static Registry<String, AeadAlgorithm> get() {
-            return REGISTRY;
+            return Jwe.alg.registry();
         }
 
         // prevent instantiation
@@ -102,43 +103,56 @@ private ENC() {
          * {@code AES_128_CBC_HMAC_SHA_256} authenticated encryption algorithm as defined by
          * <a href="https://tools.ietf.org/html/rfc7518#section-5.2.3">RFC 7518, Section 5.2.3</a>.  This algorithm
          * requires a 256-bit (32 byte) key.
+         *
+         * @deprecated since JJWT_RELEASE_VERSION in favor of {@link Jwe.alg#A128CBC_HS256}.
          */
-        public static final AeadAlgorithm A128CBC_HS256 = get().forKey("A128CBC-HS256");
+        @Deprecated
+        public static final AeadAlgorithm A128CBC_HS256 = Jwe.alg.A128CBC_HS256;
 
         /**
          * {@code AES_192_CBC_HMAC_SHA_384} authenticated encryption algorithm, as defined by
          * <a href="https://tools.ietf.org/html/rfc7518#section-5.2.4">RFC 7518, Section 5.2.4</a>. This algorithm
          * requires a 384-bit (48 byte) key.
+         * @deprecated since JJWT_RELEASE_VERSION in favor of {@link Jwe.alg#A192CBC_HS384}.
          */
-        public static final AeadAlgorithm A192CBC_HS384 = get().forKey("A192CBC-HS384");
+        @Deprecated
+        public static final AeadAlgorithm A192CBC_HS384 = Jwe.alg.A192CBC_HS384;
 
         /**
          * {@code AES_256_CBC_HMAC_SHA_512} authenticated encryption algorithm, as defined by
          * <a href="https://tools.ietf.org/html/rfc7518#section-5.2.5">RFC 7518, Section 5.2.5</a>.  This algorithm
          * requires a 512-bit (64 byte) key.
+         * @deprecated since JJWT_RELEASE_VERSION in favor of {@link Jwe.alg#A256CBC_HS512}.
          */
-        public static final AeadAlgorithm A256CBC_HS512 = get().forKey("A256CBC-HS512");
+        @Deprecated
+        public static final AeadAlgorithm A256CBC_HS512 = Jwe.alg.A256CBC_HS512;
 
         /**
          * &quot;AES GCM using 128-bit key&quot; as defined by
          * <a href="https://tools.ietf.org/html/rfc7518#section-5.3">RFC 7518, Section 5.3</a>.  This
          * algorithm requires a 128-bit (16 byte) key.
+         * @deprecated since JJWT_RELEASE_VERSION in favor of {@link Jwe.alg#A128GCM}.
          */
-        public static final AeadAlgorithm A128GCM = get().forKey("A128GCM");
+        @Deprecated
+        public static final AeadAlgorithm A128GCM = Jwe.alg.A128GCM;
 
         /**
          * &quot;AES GCM using 192-bit key&quot; as defined by
          * <a href="https://tools.ietf.org/html/rfc7518#section-5.3">RFC 7518, Section 5.3</a>.  This
          * algorithm requires a 192-bit (24 byte) key.
+         * @deprecated since JJWT_RELEASE_VERSION in favor of {@link Jwe.alg#A192GCM}.
          */
-        public static final AeadAlgorithm A192GCM = get().forKey("A192GCM");
+        @Deprecated
+        public static final AeadAlgorithm A192GCM = Jwe.alg.A192GCM;
 
         /**
          * &quot;AES GCM using 256-bit key&quot; as defined by
          * <a href="https://tools.ietf.org/html/rfc7518#section-5.3">RFC 7518, Section 5.3</a>.  This
          * algorithm requires a 256-bit (32 byte) key.
+         * @deprecated since JJWT_RELEASE_VERSION in favor of {@link Jwe.alg#A256GCM}.
          */
-        public static final AeadAlgorithm A256GCM = get().forKey("A256GCM");
+        @Deprecated
+        public static final AeadAlgorithm A256GCM = Jwe.alg.A256GCM;
     }
 
     /**
@@ -296,6 +310,7 @@ private SIG() {
          * {@code ECDSA using P-256 and SHA-256} signature algorithm as defined by
          * <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-3.4">RFC 7518, Section 3.4</a>.  This algorithm
          * requires a 256-bit key.
+         *
          * @deprecated since JJWT_RELEASE_VERSION in favor of {@link Jws.alg#ES256}
          */
         @Deprecated
@@ -305,6 +320,7 @@ private SIG() {
          * {@code ECDSA using P-384 and SHA-384} signature algorithm as defined by
          * <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-3.4">RFC 7518, Section 3.4</a>.  This algorithm
          * requires a 384-bit key.
+         *
          * @deprecated since JJWT_RELEASE_VERSION in favor of {@link Jws.alg#ES384}
          */
         @Deprecated
@@ -314,6 +330,7 @@ private SIG() {
          * {@code ECDSA using P-521 and SHA-512} signature algorithm as defined by
          * <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-3.4">RFC 7518, Section 3.4</a>.  This algorithm
          * requires a 521-bit key.
+         *
          * @deprecated since JJWT_RELEASE_VERSION in favor of {@link Jws.alg#ES512}
          */
         @Deprecated
@@ -337,6 +354,7 @@ private SIG() {
          *
          * <p><b><sup>1</sup>This algorithm requires at least JDK 15 or a compatible JCA Provider (like BouncyCastle) in the runtime
          * classpath.</b></p>
+         *
          * @deprecated since JJWT_RELEASE_VERSION in favor of {@link Jws.alg#EdDSA}
          */
         @Deprecated
@@ -350,7 +368,7 @@ private SIG() {
      * <blockquote><pre>
      * Jwts.builder()
      *    // ... etc ...
-     *    .encryptWith(aKey, <b>Jwts.KEY.ECDH_ES_A256KW</b>, Jwts.ENC.A256GCM)
+     *    .encryptWith(aKey, <b>Jwts.KEY.ECDH_ES_A256KW</b>, Jwe.alg.A256GCM)
      *    .build();</pre></blockquote>
      * <p>They are also available together as a {@link Registry} instance via the {@link #get()} method.</p>
      *

api/src/main/java/io/jsonwebtoken/security/AeadAlgorithm.java

@@ -16,7 +16,6 @@
 package io.jsonwebtoken.security;
 
 import io.jsonwebtoken.Identifiable;
-import io.jsonwebtoken.Jwts;
 
 import javax.crypto.SecretKey;
 import java.io.OutputStream;
@@ -27,7 +26,7 @@
  * Per <a href="https://www.rfc-editor.org/rfc/rfc7516.html#section-4.1.2">JWE RFC 7516, Section 4.1.2</a>, all JWEs
  * <em>MUST</em> use an AEAD algorithm to encrypt or decrypt the JWE payload/content.  Consequently, all
  * <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-5.1">JWA &quot;enc&quot; algorithms</a> are AEAD
- * algorithms, and they are accessible as concrete instances via {@link Jwts.ENC}.
+ * algorithms, and they are accessible as concrete instances via {@link Jwe.alg}.
  *
  * <p><b>&quot;enc&quot; identifier</b></p>
  *
@@ -58,7 +57,7 @@
  * <p>The resulting {@code key} is guaranteed to have the correct algorithm parameters and strength/length necessary for
  * that exact {@code aeadAlgorithm} instance.</p>
  *
- * @see Jwts.ENC
+ * @see Jwe.alg
  * @see Identifiable#getId()
  * @see KeyLengthSupplier
  * @see KeyBuilderSupplier

impl/src/main/java/io/jsonwebtoken/impl/DefaultJwtParserBuilder.java

@@ -18,6 +18,7 @@
 import io.jsonwebtoken.ClaimsBuilder;
 import io.jsonwebtoken.Clock;
 import io.jsonwebtoken.CompressionCodecResolver;
+import io.jsonwebtoken.Jwe;
 import io.jsonwebtoken.Jws;
 import io.jsonwebtoken.JwtParser;
 import io.jsonwebtoken.JwtParserBuilder;
@@ -86,7 +87,7 @@ public class DefaultJwtParserBuilder implements JwtParserBuilder {
     @SuppressWarnings("deprecation") //TODO: remove for 1.0
     private SigningKeyResolver signingKeyResolver = null;
 
-    private Registry<String, AeadAlgorithm> encAlgs = Jwts.ENC.get();
+    private Registry<String, AeadAlgorithm> encAlgs = Jwe.alg.registry();
 
     private Registry<String, KeyAlgorithm<?, ?>> keyAlgs = Jwts.KEY.get();