Resolves #940.

Adding request/result parameters and builders for usage outside of the impl module.

Author: lhazlewood

api/src/main/java/io/jsonwebtoken/Jwts.java

@@ -20,16 +20,27 @@
 import io.jsonwebtoken.lang.Classes;
 import io.jsonwebtoken.lang.Registry;
 import io.jsonwebtoken.security.AeadAlgorithm;
+import io.jsonwebtoken.security.AeadRequest;
+import io.jsonwebtoken.security.AeadResult;
+import io.jsonwebtoken.security.DecryptAeadRequest;
+import io.jsonwebtoken.security.DecryptionKeyRequest;
 import io.jsonwebtoken.security.KeyAlgorithm;
 import io.jsonwebtoken.security.KeyPairBuilderSupplier;
+import io.jsonwebtoken.security.KeyRequest;
 import io.jsonwebtoken.security.MacAlgorithm;
 import io.jsonwebtoken.security.Password;
+import io.jsonwebtoken.security.Request;
 import io.jsonwebtoken.security.SecretKeyAlgorithm;
 import io.jsonwebtoken.security.SecureDigestAlgorithm;
+import io.jsonwebtoken.security.SecureRequest;
 import io.jsonwebtoken.security.SignatureAlgorithm;
+import io.jsonwebtoken.security.VerifyDigestRequest;
+import io.jsonwebtoken.security.VerifySecureDigestRequest;
 import io.jsonwebtoken.security.X509Builder;
 
 import javax.crypto.SecretKey;
+import java.io.InputStream;
+import java.io.OutputStream;
 import java.security.Key;
 import java.security.PrivateKey;
 import java.security.PublicKey;
@@ -82,6 +93,18 @@ public static final class ENC {
         private static final String IMPL_CLASSNAME = "io.jsonwebtoken.impl.security.StandardEncryptionAlgorithms";
         private static final Registry<String, AeadAlgorithm> REGISTRY = Classes.newInstance(IMPL_CLASSNAME);
 
+        // @since 0.13.0
+        private static final Supplier<AeadRequest.Builder> REQUEST_BUILDER_SUPPLIER =
+                Classes.newInstance("io.jsonwebtoken.impl.security.DefaultAeadRequest$Builder$Supplier");
+
+        // @since 0.13.0
+        private static final Supplier<DecryptAeadRequest.Builder> DECRYPT_REQUEST_BUILDER_SUPPLIER =
+                Classes.newInstance("io.jsonwebtoken.impl.security.DefaultDecryptAeadRequest$Builder$Supplier");
+
+        // @since 0.13.0
+        private static final Supplier<AeadResult.Builder> RESULT_BUILDER_SUPPLIER =
+                Classes.newInstance("io.jsonwebtoken.impl.security.DefaultAeadResult$Builder$Supplier");
+
         /**
          * Returns all standard JWA <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-5">Cryptographic
          * Algorithms for Content Encryption</a> defined in the
@@ -139,6 +162,42 @@ private ENC() {
          * algorithm requires a 256-bit (32 byte) key.
          */
         public static final AeadAlgorithm A256GCM = get().forKey("A256GCM");
+
+        /**
+         * Returns a new builder to create {@link AeadRequest}s used for AEAD encryption via
+         * {@link AeadAlgorithm#encrypt(AeadRequest, AeadResult)}
+         *
+         * @return a new builder to create {@link AeadRequest}s used for AEAD encryption via
+         * {@link AeadAlgorithm#encrypt(AeadRequest, AeadResult)}
+         * @since 0.13.0
+         */
+        public static AeadRequest.Builder request() {
+            return REQUEST_BUILDER_SUPPLIER.get();
+        }
+
+        /**
+         * Returns a new builder to create {@link DecryptAeadRequest}s used for AEAD decryption via
+         * {@link AeadAlgorithm#decrypt(DecryptAeadRequest, OutputStream)}
+         *
+         * @return a new builder to create {@link DecryptAeadRequest}s used for AEAD decryption via
+         * {@link AeadAlgorithm#decrypt(DecryptAeadRequest, OutputStream)}
+         * @since 0.13.0
+         */
+        public static DecryptAeadRequest.Builder decryptRequest() {
+            return DECRYPT_REQUEST_BUILDER_SUPPLIER.get();
+        }
+
+        /**
+         * Returns a new builder to create {@link AeadResult}s used to store AEAD encryption results when calling
+         * {@link AeadAlgorithm#encrypt(AeadRequest, AeadResult)}
+         *
+         * @return a new builder to create {@link AeadResult}s used to store AEAD encryption results when calling
+         * {@link AeadAlgorithm#encrypt(AeadRequest, AeadResult)}
+         * @since 0.13.0
+         */
+        public static AeadResult.Builder result() {
+            return RESULT_BUILDER_SUPPLIER.get();
+        }
     }
 
     /**
@@ -162,6 +221,14 @@ public static final class SIG {
         private static final String IMPL_CLASSNAME = "io.jsonwebtoken.impl.security.StandardSecureDigestAlgorithms";
         private static final Registry<String, SecureDigestAlgorithm<?, ?>> REGISTRY = Classes.newInstance(IMPL_CLASSNAME);
 
+        // @since 0.13.0
+        private static final Supplier<SecureRequest.Builder<InputStream, ?>> REQUEST_BUILDER_SUPPLIER =
+                Classes.newInstance("io.jsonwebtoken.impl.security.DefaultSecureRequest$Builder$Supplier");
+
+        // @since 0.13.0
+        private static final Supplier<VerifySecureDigestRequest.Builder<?>> VERIFY_REQUEST_BUILDER_SUPPLIER =
+                Classes.newInstance("io.jsonwebtoken.impl.security.DefaultVerifySecureDigestRequest$Builder$Supplier");
+
         //prevent instantiation
         private SIG() {
         }
@@ -302,6 +369,34 @@ private SIG() {
          * classpath.</b></p>
          */
         public static final SignatureAlgorithm EdDSA = Jwts.get(REGISTRY, "EdDSA");
+
+        /**
+         * Returns a new builder to create {@link SecureRequest}s used to compute a mac or signature via
+         * {@link SecureDigestAlgorithm#digest(Request)}.
+         *
+         * @param <K> the type of key used by the algorithm to compute the mac or signature.
+         * @return a new builder to create {@link SecureRequest}s used to compute a mac or signature via
+         * {@link SecureDigestAlgorithm#digest(Request)}.
+         * @since 0.13.0
+         */
+        @SuppressWarnings("unchecked")
+        public static <K extends Key> SecureRequest.Builder<InputStream, K> request() {
+            return (SecureRequest.Builder<InputStream, K>) REQUEST_BUILDER_SUPPLIER.get();
+        }
+
+        /**
+         * Returns a new builder to create {@link VerifySecureDigestRequest}s used to verify a mac or signature via
+         * {@link SecureDigestAlgorithm#verify(VerifyDigestRequest)}.
+         *
+         * @param <K> the type of key used by the algorithm to verify the mac or signature.
+         * @return a new builder to create {@link VerifySecureDigestRequest}s used to verify a mac or signature via
+         * {@link SecureDigestAlgorithm#verify(VerifyDigestRequest)}.
+         * @since 0.13.0
+         */
+        @SuppressWarnings("unchecked")
+        public static <K extends Key> VerifySecureDigestRequest.Builder<K> verifyRequest() {
+            return (VerifySecureDigestRequest.Builder<K>) VERIFY_REQUEST_BUILDER_SUPPLIER.get();
+        }
     }
 
     /**
@@ -323,6 +418,14 @@ public static final class KEY {
         private static final String IMPL_CLASSNAME = "io.jsonwebtoken.impl.security.StandardKeyAlgorithms";
         private static final Registry<String, KeyAlgorithm<?, ?>> REGISTRY = Classes.newInstance(IMPL_CLASSNAME);
 
+        // @since 0.13.0
+        private static final Supplier<KeyRequest.Builder<?>> REQUEST_BUILDER_SUPPLIER =
+                Classes.newInstance("io.jsonwebtoken.impl.security.DefaultKeyRequest$Builder$Supplier");
+
+        // @since 0.13.0
+        private static final Supplier<DecryptionKeyRequest.Builder<?>> VERIFY_REQUEST_BUILDER_SUPPLIER =
+                Classes.newInstance("io.jsonwebtoken.impl.security.DefaultDecryptionKeyRequest$Builder$Supplier");
+
         /**
          * Returns all standard JWA standard <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-4">Cryptographic
          * Algorithms for Key Management</a>..
@@ -926,6 +1029,34 @@ public static final class KEY {
          */
         public static final KeyAlgorithm<PublicKey, PrivateKey> ECDH_ES_A256KW = Jwts.get(REGISTRY, "ECDH-ES+A256KW");
 
+        /**
+         * Returns a new builder to create {@link KeyRequest}s used to get a JWE encryption key via
+         * {@link KeyAlgorithm#getEncryptionKey(KeyRequest)}.
+         *
+         * @param <K> the type of key used by the {@link KeyAlgorithm} to get a JWE encryption key.
+         * @return a new builder to create {@link KeyRequest}s used to get a JWE encryption key via
+         * {@link KeyAlgorithm#getEncryptionKey(KeyRequest)}.
+         * @since 0.13.0
+         */
+        @SuppressWarnings("unchecked")
+        public static <K extends Key> KeyRequest.Builder<K> request() {
+            return (KeyRequest.Builder<K>) REQUEST_BUILDER_SUPPLIER.get();
+        }
+
+        /**
+         * Returns a new builder to create {@link DecryptionKeyRequest}s used to get a JWE decryption key via
+         * {@link KeyAlgorithm#getDecryptionKey(DecryptionKeyRequest)}.
+         *
+         * @param <K> the type of key used by the {@link KeyAlgorithm} to get a JWE decryption key.
+         * @return a new builder to create {@link DecryptionKeyRequest}s used to get a JWE decryption key via
+         * {@link KeyAlgorithm#getDecryptionKey(DecryptionKeyRequest)}.
+         * @since 0.13.0
+         */
+        @SuppressWarnings("unchecked")
+        public static <K extends Key> DecryptionKeyRequest.Builder<K> decRequest() {
+            return (DecryptionKeyRequest.Builder<K>) VERIFY_REQUEST_BUILDER_SUPPLIER.get();
+        }
+
         //prevent instantiation
         private KEY() {
         }

api/src/main/java/io/jsonwebtoken/security/AeadRequest.java

@@ -17,6 +17,7 @@
 
 import javax.crypto.SecretKey;
 import java.io.InputStream;
+import java.io.OutputStream;
 
 /**
  * A request to an {@link AeadAlgorithm} to perform authenticated encryption with a supplied symmetric
@@ -27,4 +28,33 @@
  * @since 0.12.0
  */
 public interface AeadRequest extends SecureRequest<InputStream, SecretKey>, AssociatedDataSupplier {
+
+    /**
+     * Named parameters (setters) used to configure an {@link AeadRequest AeadRequest} instance.
+     *
+     * @param <M> the instance type returned for method chaining.
+     * @since 0.13.0
+     */
+    interface Params<M extends Params<M>> extends SecureRequest.Params<InputStream, SecretKey, M> {
+
+        /**
+         * Sets any &quot;associated data&quot; that must be integrity protected (but not encrypted) when performing
+         * <a href="https://en.wikipedia.org/wiki/Authenticated_encryption">AEAD encryption or decryption</a>.
+         *
+         * @param aad the {@code InputStream} containing any associated data that must be integrity protected or
+         *            verified during AEAD encryption or decryption.
+         * @return the instance for method chaining.
+         * @see AeadAlgorithm#encrypt(AeadRequest, AeadResult)
+         * @see AeadAlgorithm#decrypt(DecryptAeadRequest, OutputStream)
+         */
+        M associatedData(InputStream aad);
+    }
+
+    /**
+     * A builder for creating new immutable {@link AeadRequest} instances.
+     *
+     * @since 0.13.0
+     */
+    interface Builder extends Params<Builder>, io.jsonwebtoken.lang.Builder<AeadRequest> {
+    }
 }

api/src/main/java/io/jsonwebtoken/security/AeadResult.java

@@ -24,7 +24,7 @@
  *
  * @since 0.12.0
  */
-public interface AeadResult {
+public interface AeadResult extends DigestSupplier, IvSupplier {
 
     /**
      * Returns the {@code OutputStream} the AeadAlgorithm will use to write the resulting ciphertext during
@@ -50,4 +50,23 @@ public interface AeadResult {
      * @return the AeadResult for method chaining.
      */
     AeadResult setIv(byte[] iv);
+
+    /**
+     * A builder for creating new {@link AeadResult} instances.
+     *
+     * @since 0.13.0
+     */
+    interface Builder extends io.jsonwebtoken.lang.Builder<AeadResult> {
+
+        /**
+         * Sets the {@code OutputStream} the AeadAlgorithm will use to write the resulting ciphertext during
+         * encryption or plaintext during decryption.
+         *
+         * @param out the {@code OutputStream} the AeadAlgorithm will use to write the resulting ciphertext during
+         *            encryption or plaintext during decryption.
+         * @return the builder for instance chaining.
+         */
+        Builder out(OutputStream out);
+    }
+
 }

api/src/main/java/io/jsonwebtoken/security/DecryptAeadRequest.java

@@ -18,11 +18,43 @@
 import javax.crypto.SecretKey;
 
 /**
- * A request to an {@link AeadAlgorithm} to decrypt ciphertext and perform integrity-protection with a supplied
+ * A request to an {@link AeadAlgorithm} to decrypt ciphertext with integrity verification with a supplied
  * decryption {@link SecretKey}. Extends both {@link IvSupplier} and {@link DigestSupplier} to
  * ensure the respective required IV and AAD tag returned from an {@link AeadResult} are available for decryption.
  *
  * @since 0.12.0
  */
 public interface DecryptAeadRequest extends AeadRequest, IvSupplier, DigestSupplier {
+
+    /**
+     * Named parameters (setters) used to configure an {@link AeadRequest AeadRequest} instance.
+     *
+     * @since 0.13.0
+     */
+    interface Params<M extends Params<M>> extends AeadRequest.Params<M> {
+
+        /**
+         * Sets the required initialization vector used during AEAD decryption.
+         *
+         * @param iv the required initialization vector used during AEAD decryption.
+         */
+        M iv(byte[] iv);
+
+        /**
+         * Sets the required AEAD Authentication Tag used to verify message authenticity during AEAD decryption.
+         *
+         * @param digest the required AEAD Authentication Tag used to verify message authenticity during AEAD decryption.
+         * @return the instance for method chaining.
+         */
+        M digest(byte[] digest);
+    }
+
+    /**
+     * A builder for creating new immutable {@link DecryptAeadRequest} instances.
+     *
+     * @since 0.13.0
+     */
+    interface Builder extends io.jsonwebtoken.lang.Builder<DecryptAeadRequest>, Params<Builder> {
+    }
+
 }

api/src/main/java/io/jsonwebtoken/security/DecryptionKeyRequest.java

@@ -35,8 +35,30 @@
  * {@code JWE Encrypted Key} (such as an initialization vector, authentication tag, ephemeral key, etc) is expected
  * to be available in the JWE protected header, accessible via {@link #getHeader()}.</p>
  *
- * @param <K> the type of {@link Key} used during the request to obtain the resulting decryption key.
+ * @param <K> the type of key used by the {@link KeyAlgorithm} to obtain the JWE Content Encryption Key (CEK).
+ * @see KeyAlgorithm#getDecryptionKey(DecryptionKeyRequest)
  * @since 0.12.0
  */
 public interface DecryptionKeyRequest<K extends Key> extends SecureRequest<byte[], K>, KeyRequest<byte[]> {
+
+    /**
+     * Named parameters (setters) used to configure a {@link DecryptionKeyRequest DecryptionKeyRequest}
+     * instance.
+     *
+     * @param <K> the type of key used by the {@link KeyAlgorithm} to obtain the JWE Content Encryption Key (CEK).
+     * @param <M> the instance type returned for method chaining.
+     * @since 0.13.0
+     */
+    interface Params<K extends Key, M extends Params<K, M>> extends KeyRequest.Params<byte[], M>,
+            SecureRequest.Params<byte[], K, M> {
+    }
+
+    /**
+     * A builder for creating new immutable {@link DecryptionKeyRequest} instances.
+     *
+     * @param <K> the type of key used by the {@link KeyAlgorithm} to obtain the JWE Content Encryption Key (CEK).
+     * @since 0.13.0
+     */
+    interface Builder<K extends Key> extends Params<K, Builder<K>>, io.jsonwebtoken.lang.Builder<DecryptionKeyRequest<K>> {
+    }
 }

api/src/main/java/io/jsonwebtoken/security/Jwks.java

@@ -22,6 +22,8 @@
 
 import java.util.function.Supplier;
 
+import java.io.InputStream;
+
 /**
  * Utility methods for creating
  * <a href="https://www.rfc-editor.org/rfc/rfc7517.html">JWKs (JSON Web Keys)</a> with a type-safe builder.
@@ -289,6 +291,14 @@ public static final class HASH {
         private static final String IMPL_CLASSNAME = "io.jsonwebtoken.impl.security.StandardHashAlgorithms";
         private static final Registry<String, HashAlgorithm> REGISTRY = Classes.newInstance(IMPL_CLASSNAME);
 
+        // @since 0.13.0
+        private static final Supplier<Request.Builder<InputStream>> REQUEST_BUILDER_SUPPLIER =
+                Classes.newInstance("io.jsonwebtoken.impl.security.DefaultRequest$Builder$Supplier");
+
+        // @since 0.13.0
+        private static final Supplier<VerifyDigestRequest.Builder> VERIFY_REQUEST_BUILDER_SUPPLIER =
+                Classes.newInstance("io.jsonwebtoken.impl.security.DefaultVerifyDigestRequest$Builder$Supplier");
+
         /**
          * Returns a registry of various (<em>but not all</em>)
          * <a href="https://www.iana.org/assignments/named-information/named-information.xhtml#hash-alg">IANA Hash
@@ -358,6 +368,30 @@ public static Registry<String, HashAlgorithm> get() {
          */
         public static final HashAlgorithm SHA3_512 = get().forKey("sha3-512");
 
+        /**
+         * Returns a new {@link Request.Builder} for creating {@link Request}s to compute a digest via
+         * {@link HashAlgorithm#digest(Request)}.
+         *
+         * @return a new {@link Request.Builder} for creating {@link Request}s to compute a digest via
+         * {@link HashAlgorithm#digest(Request)}.
+         * @since 0.13.0
+         */
+        public static Request.Builder<InputStream> request() {
+            return REQUEST_BUILDER_SUPPLIER.get();
+        }
+
+        /**
+         * Returns a new {@link VerifyDigestRequest.Builder} for creating {@link VerifyDigestRequest}s to verify a
+         * digest via {@link HashAlgorithm#verify(VerifyDigestRequest)}.
+         *
+         * @return a new {@link VerifyDigestRequest.Builder} for creating {@link VerifyDigestRequest}s to verify a
+         * digest via {@link HashAlgorithm#verify(VerifyDigestRequest)}.
+         * @since 0.13.0
+         */
+        public static VerifyDigestRequest.Builder verifyRequest() {
+            return VERIFY_REQUEST_BUILDER_SUPPLIER.get();
+        }
+
         //prevent instantiation
         private HASH() {
         }