Package co.ankatech.ankasecure.sdk.model

Class DecryptVerifyResult

java.lang.Object
co.ankatech.ankasecure.sdk.model.DecryptVerifyResult
public class DecryptVerifyResult extends Object
Result of a decrypt-then-verify operation.

Contains the plaintext extracted after decrypting a nested JWE(JWS) token and verifying the inner JWS signature. Metadata for both operations is separated to provide transparency about decryption and signature verification.

Important: Check isSignatureValid() to confirm authenticity. Decryption can succeed even if signature verification fails.

Since:
3.0.0

  • Constructor Details

    • DecryptVerifyResult

      public DecryptVerifyResult()
      Default constructor initializing empty warning lists.

  • Method Details

    • getDecryptedData

      public byte[] getDecryptedData()
      Gets the decrypted plaintext bytes.
      Returns:
      decrypted data (may be null if operation failed)

    • setDecryptedData

      public DecryptVerifyResult setDecryptedData(byte[] decryptedData)
      Sets the decrypted plaintext bytes.
      Parameters:
      decryptedData - the plaintext
      Returns:
      this instance for fluent API

    • getDecryptKeyRequested

      public String getDecryptKeyRequested()
      Gets the key identifier requested for decryption.
      Returns:
      requested decrypt key ID

    • setDecryptKeyRequested

      public DecryptVerifyResult setDecryptKeyRequested(String decryptKeyRequested)
      Sets the key identifier requested for decryption.
      Parameters:
      decryptKeyRequested - the key ID
      Returns:
      this instance for fluent API

    • getActualDecryptKeyUsed

      public String getActualDecryptKeyUsed()
      Gets the key identifier actually used for decryption.

      May differ from requested if key rotation occurred.

      Returns:
      actual decrypt key ID used

    • setActualDecryptKeyUsed

      public DecryptVerifyResult setActualDecryptKeyUsed(String actualDecryptKeyUsed)
      Sets the key identifier actually used for decryption.
      Parameters:
      actualDecryptKeyUsed - the key ID
      Returns:
      this instance for fluent API

    • getDecryptAlgorithmUsed

      public String getDecryptAlgorithmUsed()
      Gets the algorithm used for decryption.

      Example: "ML-KEM-1024+A256GCM", "RSA-OAEP-256+A256GCM"

      Returns:
      decryption algorithm

    • setDecryptAlgorithmUsed

      public DecryptVerifyResult setDecryptAlgorithmUsed(String decryptAlgorithmUsed)
      Sets the algorithm used for decryption.
      Parameters:
      decryptAlgorithmUsed - the algorithm
      Returns:
      this instance for fluent API

    • getDecryptWarnings

      public List<String> getDecryptWarnings()
      Gets warnings related to the decryption operation.

      Examples: key expiration, key rotation, deprecated algorithm.

      Returns:
      unmodifiable list of decrypt warnings (never null)

    • setDecryptWarnings

      public DecryptVerifyResult setDecryptWarnings(List<String> decryptWarnings)
      Sets warnings related to the decryption operation.
      Parameters:
      decryptWarnings - the warnings
      Returns:
      this instance for fluent API

    • isSignatureValid

      public boolean isSignatureValid()
      Checks if the signature verification succeeded.

      Critical: Always check this before trusting the plaintext. Decryption can succeed even if signature is invalid.

      Returns:
      true if signature verification passed

    • setSignatureValid

      public DecryptVerifyResult setSignatureValid(boolean signatureValid)
      Sets whether signature verification succeeded.
      Parameters:
      signatureValid - true if signature is valid
      Returns:
      this instance for fluent API

    • getSigningKey

      public String getSigningKey()
      Gets the key identifier used for signing (from JWS header).
      Returns:
      signing key ID

    • setSigningKey

      public DecryptVerifyResult setSigningKey(String signingKey)
      Sets the key identifier used for signing.
      Parameters:
      signingKey - the key ID
      Returns:
      this instance for fluent API

    • getSignAlgorithmUsed

      public String getSignAlgorithmUsed()
      Gets the algorithm used for signing (from JWS header).

      Example: "ML-DSA-87", "ECDSA-P256-SHA256"

      Returns:
      signature algorithm

    • setSignAlgorithmUsed

      public DecryptVerifyResult setSignAlgorithmUsed(String signAlgorithmUsed)
      Sets the algorithm used for signing.
      Parameters:
      signAlgorithmUsed - the algorithm
      Returns:
      this instance for fluent API

    • getSignerInfo

      public String getSignerInfo()
      Gets additional signer information (if present in JWS claims).

      May contain subject, issuer, or other identity claims.

      Returns:
      signer information

    • setSignerInfo

      public DecryptVerifyResult setSignerInfo(String signerInfo)
      Sets additional signer information.
      Parameters:
      signerInfo - the information
      Returns:
      this instance for fluent API

    • getVerifyWarnings

      public List<String> getVerifyWarnings()
      Gets warnings related to the signature verification operation.

      Examples: key expiration, algorithm deprecation, timestamp issues.

      Returns:
      unmodifiable list of verify warnings (never null)

    • setVerifyWarnings

      public DecryptVerifyResult setVerifyWarnings(List<String> verifyWarnings)
      Sets warnings related to the signature verification operation.
      Parameters:
      verifyWarnings - the warnings
      Returns:
      this instance for fluent API

    • hasAnyWarnings

      public boolean hasAnyWarnings()
      Checks if there are any warnings (decrypt or verify).
      Returns:
      true if either decryption or verification produced warnings

    • hasDecryptWarnings

      public boolean hasDecryptWarnings()
      Checks if decryption operation produced warnings.
      Returns:
      true if decrypt warnings list is non-empty

    • hasVerifyWarnings

      public boolean hasVerifyWarnings()
      Checks if verification operation produced warnings.
      Returns:
      true if verify warnings list is non-empty

    • isCompleteSuccess

      public boolean isCompleteSuccess()
      Checks if operation completed successfully with no issues.

      Success means: signature valid AND no warnings.

      Returns:
      true if signature is valid and no warnings exist

    • toString

      public String toString()
      Returns string representation for debugging.
      Overrides:
      toString in class Object
      Returns:
      debug string