Class ReencryptResult

java.lang.Object
co.ankatech.ankasecure.sdk.model.ReencryptResult
public final class ReencryptResult extends Object
Immutable response model returned by AnkaSecureSdk.reencrypt(String, String).

This class encapsulates a new Compact JWE after re-encrypting an existing payload with a different key. It provides metadata for both the old decryption key and the new encryption key used by the platform.

Payload handling

The SDK persists the Compact JWE into the outputFile specified by the caller, encoded with UTF-8. The string already contains all five Base64URL segments defined by RFC 7516: 
BASE64URL(ProtectedHeader).
 BASE64URL(EncryptedKey).
 BASE64URL(IV).
 BASE64URL(Ciphertext).
 BASE64URL(Tag)
The application can either keep the file intact or process the string with a third-party JWE library.

Key metadata

  • oldKeyRequested: the kid originally supplied for decryption.
  • oldKeyUsed: the effective kid used by the server for decryption after rotation/succession logic.
  • oldKeyAlgorithmUsed: the hybrid algorithm negotiated for decryption.
  • newKeyRequested: the kid originally supplied for encryption.
  • newKeyUsed: the effective kid used by the server for encryption after rotation/succession logic.
  • newKeyAlgorithmUsed: the hybrid algorithm negotiated for encryption.

Thread-safety

Instances are immutable data carriers after construction and may be shared across threads safely, provided no mutator is invoked.

All getters return non-null values except getWarnings(), which may be null if no warnings were issued.

  • Constructor Details

    • ReencryptResult

      public ReencryptResult()

  • Method Details

    • getJweToken

      public String getJweToken()
      Returns the raw Compact JWE exactly as emitted by the server.
      Returns:
      non-null Compact JWE string

    • getOldKeyRequested

      public String getOldKeyRequested()
      Returns the original key identifier requested for decryption.
      Returns:
      non-null old kid

    • getOldKeyUsed

      public String getOldKeyUsed()
      Returns the effective key identifier used for decryption.
      Returns:
      non-null old kid

    • getOldKeyAlgorithmUsed

      public String getOldKeyAlgorithmUsed()
      Returns the hybrid algorithm used for decryption.
      Returns:
      non-null algorithm identifier

    • getNewKeyRequested

      public String getNewKeyRequested()
      Returns the original key identifier requested for encryption.
      Returns:
      non-null new kid

    • getNewKeyUsed

      public String getNewKeyUsed()
      Returns the effective key identifier used for encryption.
      Returns:
      non-null new kid

    • getNewKeyAlgorithmUsed

      public String getNewKeyAlgorithmUsed()
      Returns the hybrid algorithm used for encryption.
      Returns:
      non-null algorithm identifier

    • getWarnings

      public List<String> getWarnings()
      Returns any non-fatal warnings issued by the service.
      Returns:
      list of warnings or null if none

    • isMigrationMode

      public boolean isMigrationMode()
      Returns true if the server used sourceKidOverride.