use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.
the class JweDecrypterImpl method decryptEncryptionKey.
@Override
public byte[] decryptEncryptionKey(String encodedEncryptedKey) throws InvalidJweException {
if (getKeyEncryptionAlgorithm() == null) {
throw new InvalidJweException("The key encryption algorithm is null");
}
if (encodedEncryptedKey == null) {
throw new InvalidJweException("The encoded encryption key is null");
}
try {
if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA_OAEP || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA1_5) {
if (rsaPrivateKey == null && privateKey == null) {
throw new InvalidJweException("The RSA private key is null");
}
//Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm(), "BC");
Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm());
if (rsaPrivateKey != null) {
KeyFactory keyFactory = KeyFactory.getInstance(getKeyEncryptionAlgorithm().getFamily(), "BC");
RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(rsaPrivateKey.getModulus(), rsaPrivateKey.getPrivateExponent());
java.security.interfaces.RSAPrivateKey privKey = (java.security.interfaces.RSAPrivateKey) keyFactory.generatePrivate(privKeySpec);
cipher.init(Cipher.DECRYPT_MODE, privKey);
} else {
cipher.init(Cipher.DECRYPT_MODE, privateKey);
}
byte[] decryptedKey = cipher.doFinal(Base64Util.base64urldecode(encodedEncryptedKey));
return decryptedKey;
} else if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A128KW || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A256KW) {
if (sharedSymmetricKey == null) {
throw new InvalidJweException("The shared symmetric key is null");
}
if (sharedSymmetricKey.length != 16) {
// 128 bit
MessageDigest sha = MessageDigest.getInstance("SHA-1");
sharedSymmetricKey = sha.digest(sharedSymmetricKey);
sharedSymmetricKey = Arrays.copyOf(sharedSymmetricKey, 16);
}
byte[] encryptedKey = Base64Util.base64urldecode(encodedEncryptedKey);
SecretKeySpec keyEncryptionKey = new SecretKeySpec(sharedSymmetricKey, "AES");
AESWrapEngine aesWrapEngine = new AESWrapEngine();
CipherParameters params = new KeyParameter(keyEncryptionKey.getEncoded());
aesWrapEngine.init(false, params);
byte[] decryptedKey = aesWrapEngine.unwrap(encryptedKey, 0, encryptedKey.length);
return decryptedKey;
} else {
throw new InvalidJweException("The key encryption algorithm is not supported");
}
} catch (NoSuchPaddingException e) {
throw new InvalidJweException(e);
} catch (NoSuchAlgorithmException e) {
throw new InvalidJweException(e);
} catch (IllegalBlockSizeException e) {
throw new InvalidJweException(e);
} catch (BadPaddingException e) {
throw new InvalidJweException(e);
} catch (NoSuchProviderException e) {
throw new InvalidJweException(e);
} catch (InvalidKeyException e) {
throw new InvalidJweException(e);
} catch (InvalidKeySpecException e) {
throw new InvalidJweException(e);
} catch (InvalidCipherTextException e) {
throw new InvalidJweException(e);
}
}
use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.
the class ECSigner method sign.
@Deprecated
@Override
public String sign(String signingInput) throws Exception {
if (Strings.isNullOrEmpty(signingInput)) {
throw new Exception("Invalid signing input");
}
try {
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(getSignatureAlgorithm().getCurve().getName());
ECPrivateKeySpec privateKeySpec = new ECPrivateKeySpec(ecdsaPrivateKey.getD(), ecSpec);
KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec);
Signature signature = Signature.getInstance(getSignatureAlgorithm().getAlgorithm(), "BC");
signature.initSign(privateKey);
signature.update(signingInput.getBytes(Util.UTF8_STRING_ENCODING));
return Base64Util.base64urlencode(signature.sign());
} catch (NoSuchAlgorithmException e) {
throw new Exception("There was a problem in EC signing", e);
} catch (UnsupportedEncodingException e) {
throw new Exception("There was a problem in EC signing", e);
} catch (SignatureException e) {
throw new Exception("There was a problem in EC signing", e);
} catch (NoSuchProviderException e) {
throw new Exception("There was a problem in EC signing", e);
} catch (InvalidKeyException e) {
throw new Exception("There was a problem in EC signing", e);
} catch (InvalidKeySpecException e) {
throw new Exception("There was a problem in EC signing", e);
}
}
use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.
the class ECSigner method verifySignature.
@Deprecated
@Override
public boolean verifySignature(String signingInput, String signature) throws Exception {
if (Strings.isNullOrEmpty(signingInput)) {
return false;
}
if (Strings.isNullOrEmpty(signature)) {
return false;
}
try {
byte[] sigBytes = Base64Util.base64urldecode(signature);
byte[] sigInBytes = signingInput.getBytes(Util.UTF8_STRING_ENCODING);
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(getSignatureAlgorithm().getCurve().getName());
BigInteger q = ((ECCurve.Fp) ecSpec.getCurve()).getQ();
ECFieldElement xFieldElement = new ECFieldElement.Fp(q, ecdsaPublicKey.getX());
ECFieldElement yFieldElement = new ECFieldElement.Fp(q, ecdsaPublicKey.getY());
ECPoint pointQ = new ECPoint.Fp(ecSpec.getCurve(), xFieldElement, yFieldElement);
ECPublicKeySpec publicKeySpec = new ECPublicKeySpec(pointQ, ecSpec);
KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
Signature sig = Signature.getInstance(getSignatureAlgorithm().getAlgorithm(), "BC");
sig.initVerify(publicKey);
sig.update(sigInBytes);
return sig.verify(sigBytes);
} catch (NoSuchAlgorithmException e) {
throw new Exception("There was a problem in EC verifier", e);
} catch (UnsupportedEncodingException e) {
throw new Exception("There was a problem in EC verifier", e);
} catch (SignatureException e) {
throw new Exception("There was a problem in EC verifier", e);
} catch (NoSuchProviderException e) {
throw new Exception("There was a problem in EC verifier", e);
} catch (InvalidKeyException e) {
throw new Exception("There was a problem in EC verifier", e);
} catch (InvalidKeySpecException e) {
throw new Exception("There was a problem in EC verifier", e);
}
}
use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.
the class ECDSASigner method generateSignature.
@Override
public String generateSignature(String signingInput) throws SignatureException {
if (getSignatureAlgorithm() == null) {
throw new SignatureException("The signature algorithm is null");
}
if (ecdsaPrivateKey == null) {
throw new SignatureException("The ECDSA private key is null");
}
if (signingInput == null) {
throw new SignatureException("The signing input is null");
}
try {
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(getSignatureAlgorithm().getCurve().getName());
ECPrivateKeySpec privateKeySpec = new ECPrivateKeySpec(ecdsaPrivateKey.getD(), ecSpec);
KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec);
Signature signature = Signature.getInstance(getSignatureAlgorithm().getAlgorithm(), "BC");
signature.initSign(privateKey);
signature.update(signingInput.getBytes(Util.UTF8_STRING_ENCODING));
return Base64Util.base64urlencode(signature.sign());
} catch (InvalidKeySpecException e) {
throw new SignatureException(e);
} catch (InvalidKeyException e) {
throw new SignatureException(e);
} catch (NoSuchAlgorithmException e) {
throw new SignatureException(e);
} catch (NoSuchProviderException e) {
throw new SignatureException(e);
} catch (UnsupportedEncodingException e) {
throw new SignatureException(e);
} catch (Exception e) {
throw new SignatureException(e);
}
}
use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.
the class RSASigner method validateSignature.
@Override
public boolean validateSignature(String signingInput, String signature) throws SignatureException {
if (getSignatureAlgorithm() == null) {
throw new SignatureException("The signature algorithm is null");
}
if (rsaPublicKey == null) {
throw new SignatureException("The RSA public key is null");
}
if (signingInput == null) {
throw new SignatureException("The signing input is null");
}
String algorithm = null;
switch(getSignatureAlgorithm()) {
case RS256:
algorithm = "SHA-256";
break;
case RS384:
algorithm = "SHA-384";
break;
case RS512:
algorithm = "SHA-512";
break;
default:
throw new SignatureException("Unsupported signature algorithm");
}
ASN1InputStream aIn = null;
try {
byte[] sigBytes = Base64Util.base64urldecode(signature);
byte[] sigInBytes = signingInput.getBytes(Util.UTF8_STRING_ENCODING);
RSAPublicKeySpec rsaPublicKeySpec = new RSAPublicKeySpec(rsaPublicKey.getModulus(), rsaPublicKey.getPublicExponent());
KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC");
PublicKey publicKey = keyFactory.generatePublic(rsaPublicKeySpec);
Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
cipher.init(Cipher.DECRYPT_MODE, publicKey);
byte[] decSig = cipher.doFinal(sigBytes);
aIn = new ASN1InputStream(decSig);
ASN1Sequence seq = (ASN1Sequence) aIn.readObject();
MessageDigest hash = MessageDigest.getInstance(algorithm, "BC");
hash.update(sigInBytes);
ASN1OctetString sigHash = (ASN1OctetString) seq.getObjectAt(1);
return MessageDigest.isEqual(hash.digest(), sigHash.getOctets());
} catch (IOException e) {
throw new SignatureException(e);
} catch (NoSuchAlgorithmException e) {
throw new SignatureException(e);
} catch (InvalidKeyException e) {
throw new SignatureException(e);
} catch (InvalidKeySpecException e) {
throw new SignatureException(e);
} catch (NoSuchPaddingException e) {
throw new SignatureException(e);
} catch (BadPaddingException e) {
throw new SignatureException(e);
} catch (NoSuchProviderException e) {
throw new SignatureException(e);
} catch (IllegalBlockSizeException e) {
throw new SignatureException(e);
} catch (Exception e) {
throw new SignatureException(e);
} finally {
IOUtils.closeQuietly(aIn);
}
}
Aggregations