Search in sources :

Example 1 with JWEDecrypter

use of com.nimbusds.jose.JWEDecrypter in project oxAuth by GluuFederation.

the class JweDecrypterImpl method decrypt.

@Override
public Jwe decrypt(String encryptedJwe) throws InvalidJweException {
    try {
        String[] jweParts = encryptedJwe.split("\\.");
        if (jweParts.length != 5) {
            throw new InvalidJwtException("Invalid JWS format.");
        }
        String encodedHeader = jweParts[0];
        String encodedEncryptedKey = jweParts[1];
        String encodedInitializationVector = jweParts[2];
        String encodedCipherText = jweParts[3];
        String encodedIntegrityValue = jweParts[4];
        Jwe jwe = new Jwe();
        jwe.setEncodedHeader(encodedHeader);
        jwe.setEncodedEncryptedKey(encodedEncryptedKey);
        jwe.setEncodedInitializationVector(encodedInitializationVector);
        jwe.setEncodedCiphertext(encodedCipherText);
        jwe.setEncodedIntegrityValue(encodedIntegrityValue);
        jwe.setHeader(new JwtHeader(encodedHeader));
        EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptedJwe);
        setKeyEncryptionAlgorithm(KeyEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)));
        setBlockEncryptionAlgorithm(BlockEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(JwtHeaderName.ENCRYPTION_METHOD)));
        final KeyEncryptionAlgorithm keyEncryptionAlgorithm = getKeyEncryptionAlgorithm();
        Key encriptionKey = null;
        if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5 || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP) {
            encriptionKey = privateKey;
        } else if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
            if (sharedSymmetricKey == null) {
                throw new InvalidJweException("The shared symmetric key is null");
            }
            int keyLength = 16;
            if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
                keyLength = 32;
            }
            if (sharedSymmetricKey.length != keyLength) {
                MessageDigest sha = MessageDigest.getInstance("SHA-256");
                sharedSymmetricKey = sha.digest(sharedSymmetricKey);
                sharedSymmetricKey = Arrays.copyOf(sharedSymmetricKey, keyLength);
            }
            encriptionKey = new SecretKeySpec(sharedSymmetricKey, 0, sharedSymmetricKey.length, "AES");
        } else {
            throw new InvalidJweException("The key encryption algorithm is not supported");
        }
        JWEDecrypter decrypter = DECRYPTER_FACTORY.createJWEDecrypter(encryptedJwt.getHeader(), encriptionKey);
        decrypter.getJCAContext().setProvider(SecurityProviderUtility.getInstance());
        encryptedJwt.decrypt(decrypter);
        final SignedJWT signedJWT = encryptedJwt.getPayload().toSignedJWT();
        if (signedJWT != null) {
            final Jwt jwt = Jwt.parse(signedJWT.serialize());
            jwe.setSignedJWTPayload(jwt);
            jwe.setClaims(jwt != null ? jwt.getClaims() : null);
        } else {
            final String base64encodedPayload = encryptedJwt.getPayload().toString();
            jwe.setClaims(new JwtClaims(base64encodedPayload));
        }
        return jwe;
    } catch (Exception e) {
        throw new InvalidJweException(e);
    }
}
Also used : InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException) JwtClaims(org.gluu.oxauth.model.jwt.JwtClaims) Jwt(org.gluu.oxauth.model.jwt.Jwt) SignedJWT(com.nimbusds.jwt.SignedJWT) InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException) InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException) JWEDecrypter(com.nimbusds.jose.JWEDecrypter) JwtHeader(org.gluu.oxauth.model.jwt.JwtHeader) SecretKeySpec(javax.crypto.spec.SecretKeySpec) KeyEncryptionAlgorithm(org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm) MessageDigest(java.security.MessageDigest) EncryptedJWT(com.nimbusds.jwt.EncryptedJWT) Key(java.security.Key) PrivateKey(java.security.PrivateKey) RSAPrivateKey(org.gluu.oxauth.model.crypto.signature.RSAPrivateKey) InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException)

Aggregations

JWEDecrypter (com.nimbusds.jose.JWEDecrypter)1 EncryptedJWT (com.nimbusds.jwt.EncryptedJWT)1 SignedJWT (com.nimbusds.jwt.SignedJWT)1 Key (java.security.Key)1 MessageDigest (java.security.MessageDigest)1 PrivateKey (java.security.PrivateKey)1 SecretKeySpec (javax.crypto.spec.SecretKeySpec)1 KeyEncryptionAlgorithm (org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm)1 RSAPrivateKey (org.gluu.oxauth.model.crypto.signature.RSAPrivateKey)1 InvalidJweException (org.gluu.oxauth.model.exception.InvalidJweException)1 InvalidJwtException (org.gluu.oxauth.model.exception.InvalidJwtException)1 Jwt (org.gluu.oxauth.model.jwt.Jwt)1 JwtClaims (org.gluu.oxauth.model.jwt.JwtClaims)1 JwtHeader (org.gluu.oxauth.model.jwt.JwtHeader)1