Search in sources :

Example 1 with JweEncrypterImpl

use of io.jans.as.model.jwe.JweEncrypterImpl in project jans by JanssenProject.

the class JwtAuthorizationRequest method getEncodedJwt.

public String getEncodedJwt(JSONObject jwks) throws Exception {
    String encodedJwt = null;
    if (keyEncryptionAlgorithm != null && blockEncryptionAlgorithm != null) {
        JweEncrypterImpl jweEncrypter;
        if (cryptoProvider != null && jwks != null) {
            PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jwks, null);
            jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, publicKey);
        } else {
            jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, sharedKey.getBytes(StandardCharsets.UTF_8));
        }
        String header = ClientUtil.toPrettyJson(headerToJSONObject());
        String encodedHeader = base64urlencode(header);
        Jwe jwe = new Jwe();
        jwe.setHeader(new JwtHeader(encodedHeader));
        if (nestedPayload == null) {
            String claims = ClientUtil.toPrettyJson(payloadToJSONObject());
            String encodedClaims = base64urlencode(claims);
            jwe.setClaims(new JwtClaims(encodedClaims));
        } else {
            jwe.setSignedJWTPayload(nestedPayload);
        }
        jweEncrypter.encrypt(jwe);
        encodedJwt = jwe.toString();
    } else {
        if (cryptoProvider == null) {
            throw new Exception("The Crypto Provider cannot be null.");
        }
        JSONObject headerJsonObject = headerToJSONObject();
        JSONObject payloadJsonObject = payloadToJSONObject();
        String headerString = ClientUtil.toPrettyJson(headerJsonObject);
        String payloadString = ClientUtil.toPrettyJson(payloadJsonObject);
        String encodedHeader = base64urlencode(headerString);
        String encodedPayload = base64urlencode(payloadString);
        String signingInput = encodedHeader + "." + encodedPayload;
        String encodedSignature = cryptoProvider.sign(signingInput, keyId, sharedKey, signatureAlgorithm);
        encodedJwt = encodedHeader + "." + encodedPayload + "." + encodedSignature;
    }
    return encodedJwt;
}
Also used : JwtHeader(io.jans.as.model.jwt.JwtHeader) JSONObject(org.json.JSONObject) JwtClaims(io.jans.as.model.jwt.JwtClaims) PublicKey(java.security.PublicKey) Jwe(io.jans.as.model.jwe.Jwe) JweEncrypterImpl(io.jans.as.model.jwe.JweEncrypterImpl) JSONException(org.json.JSONException) InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 2 with JweEncrypterImpl

use of io.jans.as.model.jwe.JweEncrypterImpl in project jans by JanssenProject.

the class JwtState method getEncodedJwt.

public String getEncodedJwt(JSONObject jwks) throws Exception {
    String encodedJwt = null;
    if (keyEncryptionAlgorithm != null && blockEncryptionAlgorithm != null) {
        JweEncrypterImpl jweEncrypter;
        if (cryptoProvider != null && jwks != null) {
            PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jwks, null);
            jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, publicKey);
        } else {
            jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, sharedKey.getBytes(StandardCharsets.UTF_8));
        }
        String header = ClientUtil.toPrettyJson(headerToJSONObject());
        String encodedHeader = Base64Util.base64urlencode(header.getBytes(StandardCharsets.UTF_8));
        String claims = ClientUtil.toPrettyJson(payloadToJSONObject());
        String encodedClaims = Base64Util.base64urlencode(claims.getBytes(StandardCharsets.UTF_8));
        Jwe jwe = new Jwe();
        jwe.setHeader(new JwtHeader(encodedHeader));
        jwe.setClaims(new JwtClaims(encodedClaims));
        jweEncrypter.encrypt(jwe);
        encodedJwt = jwe.toString();
    } else {
        JSONObject headerJsonObject = headerToJSONObject();
        JSONObject payloadJsonObject = payloadToJSONObject();
        String headerString = ClientUtil.toPrettyJson(headerJsonObject);
        String payloadString = ClientUtil.toPrettyJson(payloadJsonObject);
        String encodedHeader = Base64Util.base64urlencode(headerString.getBytes(StandardCharsets.UTF_8));
        String encodedPayload = Base64Util.base64urlencode(payloadString.getBytes(StandardCharsets.UTF_8));
        String signingInput = encodedHeader + "." + encodedPayload;
        String encodedSignature = cryptoProvider.sign(signingInput, keyId, sharedKey, signatureAlgorithm);
        encodedJwt = encodedHeader + "." + encodedPayload + "." + encodedSignature;
    }
    return encodedJwt;
}
Also used : JwtHeader(io.jans.as.model.jwt.JwtHeader) JSONObject(org.json.JSONObject) JwtClaims(io.jans.as.model.jwt.JwtClaims) PublicKey(java.security.PublicKey) Jwe(io.jans.as.model.jwe.Jwe) JweEncrypterImpl(io.jans.as.model.jwe.JweEncrypterImpl)

Example 3 with JweEncrypterImpl

use of io.jans.as.model.jwe.JweEncrypterImpl in project jans by JanssenProject.

the class JwrService method encryptJwe.

private Jwe encryptJwe(Jwe jwe, Client client) throws Exception {
    if (appConfiguration.getUseNestedJwtDuringEncryption()) {
        JwtSigner jwtSigner = JwtSigner.newJwtSigner(appConfiguration, webKeysConfiguration, client);
        Jwt jwt = jwtSigner.newJwt();
        jwt.setClaims(jwe.getClaims());
        jwe.setSignedJWTPayload(signJwt(jwt, client));
    }
    KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(ALGORITHM));
    final BlockEncryptionAlgorithm encryptionMethod = jwe.getHeader().getEncryptionMethod();
    if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5) {
        JSONObject jsonWebKeys = JwtUtil.getJSONWebKeys(client.getJwksUri());
        String keyId = new ServerCryptoProvider(cryptoProvider).getKeyId(JSONWebKeySet.fromJSONObject(jsonWebKeys), Algorithm.fromString(keyEncryptionAlgorithm.getName()), Use.ENCRYPTION);
        PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jsonWebKeys, null);
        jwe.getHeader().setKeyId(keyId);
        if (publicKey == null) {
            throw new InvalidJweException("The public key is not valid");
        }
        JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, encryptionMethod, publicKey);
        return jweEncrypter.encrypt(jwe);
    }
    if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
        byte[] sharedSymmetricKey = clientService.decryptSecret(client.getClientSecret()).getBytes(StandardCharsets.UTF_8);
        JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, encryptionMethod, sharedSymmetricKey);
        return jweEncrypter.encrypt(jwe);
    }
    throw new IllegalArgumentException("Unsupported encryption algorithm: " + keyEncryptionAlgorithm);
}
Also used : ServerCryptoProvider(io.jans.as.server.service.ServerCryptoProvider) Jwt(io.jans.as.model.jwt.Jwt) PublicKey(java.security.PublicKey) BlockEncryptionAlgorithm(io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm) JSONObject(org.json.JSONObject) KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm) JweEncrypterImpl(io.jans.as.model.jwe.JweEncrypterImpl) JweEncrypter(io.jans.as.model.jwe.JweEncrypter) InvalidJweException(io.jans.as.model.exception.InvalidJweException)

Example 4 with JweEncrypterImpl

use of io.jans.as.model.jwe.JweEncrypterImpl in project jans by JanssenProject.

the class UserInfoRestWebServiceImpl method getJweResponse.

public String getJweResponse(KeyEncryptionAlgorithm keyEncryptionAlgorithm, BlockEncryptionAlgorithm blockEncryptionAlgorithm, User user, AuthorizationGrant authorizationGrant, Collection<String> scopes) throws Exception {
    log.trace("Building JWE reponse with next scopes {0} for user {1} and user custom attributes {0}", scopes, user.getUserId(), user.getCustomAttributes());
    Jwe jwe = new Jwe();
    // Header
    jwe.getHeader().setType(JwtType.JWT);
    jwe.getHeader().setAlgorithm(keyEncryptionAlgorithm);
    jwe.getHeader().setEncryptionMethod(blockEncryptionAlgorithm);
    // Claims
    jwe.setClaims(createJwtClaims(user, authorizationGrant, scopes));
    // Encryption
    if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5) {
        JSONObject jsonWebKeys = JwtUtil.getJSONWebKeys(authorizationGrant.getClient().getJwksUri());
        String keyId = new ServerCryptoProvider(cryptoProvider).getKeyId(JSONWebKeySet.fromJSONObject(jsonWebKeys), Algorithm.fromString(keyEncryptionAlgorithm.getName()), Use.ENCRYPTION);
        PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jsonWebKeys, null);
        if (publicKey != null) {
            JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, publicKey);
            jwe = jweEncrypter.encrypt(jwe);
        } else {
            throw new InvalidJweException("The public key is not valid");
        }
    } else if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
        try {
            byte[] sharedSymmetricKey = clientService.decryptSecret(authorizationGrant.getClient().getClientSecret()).getBytes(StandardCharsets.UTF_8);
            JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, sharedSymmetricKey);
            jwe = jweEncrypter.encrypt(jwe);
        } catch (Exception e) {
            throw new InvalidJweException(e);
        }
    }
    return jwe.toString();
}
Also used : JSONObject(org.json.JSONObject) ServerCryptoProvider(io.jans.as.server.service.ServerCryptoProvider) PublicKey(java.security.PublicKey) Jwe(io.jans.as.model.jwe.Jwe) JweEncrypterImpl(io.jans.as.model.jwe.JweEncrypterImpl) JweEncrypter(io.jans.as.model.jwe.JweEncrypter) InvalidClaimException(io.jans.as.model.exception.InvalidClaimException) ParseException(java.text.ParseException) EntryPersistenceException(io.jans.orm.exception.EntryPersistenceException) InvalidJweException(io.jans.as.model.exception.InvalidJweException) InvalidJweException(io.jans.as.model.exception.InvalidJweException)

Example 5 with JweEncrypterImpl

use of io.jans.as.model.jwe.JweEncrypterImpl in project jans by JanssenProject.

the class RedirectUri method getJweResponse.

private String getJweResponse(String nestedJws) throws InvalidJweException, InvalidJwtException, CryptoProviderException {
    Jwe jwe = new Jwe();
    // Header
    jwe.getHeader().setType(JwtType.JWT);
    jwe.getHeader().setAlgorithm(keyEncryptionAlgorithm);
    jwe.getHeader().setEncryptionMethod(blockEncryptionAlgorithm);
    // Claims
    if (nestedJws == null) {
        jwe.getClaims().setClaim(ISS, issuer);
        jwe.getClaims().setClaim(AUD, audience);
        if (responseParameters.containsKey(EXPIRES_IN)) {
            jwe.getClaims().setClaim(EXP, responseParameters.get(EXPIRES_IN));
        } else {
            final Calendar calendar = Calendar.getInstance();
            calendar.add(Calendar.SECOND, authorizationCodeLifetime);
            jwe.getClaims().setClaim(EXP, calendar.getTime());
        }
        for (Map.Entry<String, String> entry : responseParameters.entrySet()) {
            jwe.getClaims().setClaim(entry.getKey(), entry.getValue());
        }
    } else {
        Jwt jwt = Jwt.parse(nestedJws);
        jwe.setSignedJWTPayload(jwt);
    }
    // Encryption
    if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5) {
        PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jsonWebKeys, null);
        if (publicKey == null) {
            throw new InvalidJweException("The public key is not valid");
        }
        JweEncrypterImpl jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, publicKey);
        jwe = jweEncrypter.encrypt(jwe);
    } else if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
        JweEncrypterImpl jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, sharedSymmetricKey);
        jwe = jweEncrypter.encrypt(jwe);
    }
    return jwe.toString();
}
Also used : Jwt(io.jans.as.model.jwt.Jwt) PublicKey(java.security.PublicKey) Jwe(io.jans.as.model.jwe.Jwe) JweEncrypterImpl(io.jans.as.model.jwe.JweEncrypterImpl) InvalidJweException(io.jans.as.model.exception.InvalidJweException)

Aggregations

JweEncrypterImpl (io.jans.as.model.jwe.JweEncrypterImpl)7 Jwe (io.jans.as.model.jwe.Jwe)6 PublicKey (java.security.PublicKey)6 JSONObject (org.json.JSONObject)5 InvalidJweException (io.jans.as.model.exception.InvalidJweException)4 BlockEncryptionAlgorithm (io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm)3 KeyEncryptionAlgorithm (io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)3 Jwt (io.jans.as.model.jwt.Jwt)3 RSAKey (com.nimbusds.jose.jwk.RSAKey)2 CryptoProviderException (io.jans.as.model.exception.CryptoProviderException)2 InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)2 JweEncrypter (io.jans.as.model.jwe.JweEncrypter)2 JwtClaims (io.jans.as.model.jwt.JwtClaims)2 JwtHeader (io.jans.as.model.jwt.JwtHeader)2 ServerCryptoProvider (io.jans.as.server.service.ServerCryptoProvider)2 ParseException (java.text.ParseException)2 JSONException (org.json.JSONException)2 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1 JOSEException (com.nimbusds.jose.JOSEException)1 JWEAlgorithm (com.nimbusds.jose.JWEAlgorithm)1