Examples with AESWrapEngine org.bouncycastle.crypto.engines.AESWrapEngine used on opensource projects

Search in sources :

Example 1 with AESWrapEngine

use of org.bouncycastle.crypto.engines.AESWrapEngine in project oxAuth by GluuFederation.

the class JweDecrypterImpl method decryptEncryptionKey.

@Override
public byte[] decryptEncryptionKey(String encodedEncryptedKey) throws InvalidJweException {
    if (getKeyEncryptionAlgorithm() == null) {
        throw new InvalidJweException("The key encryption algorithm is null");
    }
    if (encodedEncryptedKey == null) {
        throw new InvalidJweException("The encoded encryption key is null");
    }
    try {
        if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA_OAEP || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA1_5) {
            if (rsaPrivateKey == null && privateKey == null) {
                throw new InvalidJweException("The RSA private key is null");
            }
            //Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm(), "BC");
            Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm());
            if (rsaPrivateKey != null) {
                KeyFactory keyFactory = KeyFactory.getInstance(getKeyEncryptionAlgorithm().getFamily(), "BC");
                RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(rsaPrivateKey.getModulus(), rsaPrivateKey.getPrivateExponent());
                java.security.interfaces.RSAPrivateKey privKey = (java.security.interfaces.RSAPrivateKey) keyFactory.generatePrivate(privKeySpec);
                cipher.init(Cipher.DECRYPT_MODE, privKey);
            } else {
                cipher.init(Cipher.DECRYPT_MODE, privateKey);
            }
            byte[] decryptedKey = cipher.doFinal(Base64Util.base64urldecode(encodedEncryptedKey));
            return decryptedKey;
        } else if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A128KW || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A256KW) {
            if (sharedSymmetricKey == null) {
                throw new InvalidJweException("The shared symmetric key is null");
            }
            if (sharedSymmetricKey.length != 16) {
                // 128 bit
                MessageDigest sha = MessageDigest.getInstance("SHA-1");
                sharedSymmetricKey = sha.digest(sharedSymmetricKey);
                sharedSymmetricKey = Arrays.copyOf(sharedSymmetricKey, 16);
            }
            byte[] encryptedKey = Base64Util.base64urldecode(encodedEncryptedKey);
            SecretKeySpec keyEncryptionKey = new SecretKeySpec(sharedSymmetricKey, "AES");
            AESWrapEngine aesWrapEngine = new AESWrapEngine();
            CipherParameters params = new KeyParameter(keyEncryptionKey.getEncoded());
            aesWrapEngine.init(false, params);
            byte[] decryptedKey = aesWrapEngine.unwrap(encryptedKey, 0, encryptedKey.length);
            return decryptedKey;
        } else {
            throw new InvalidJweException("The key encryption algorithm is not supported");
        }
    } catch (NoSuchPaddingException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new InvalidJweException(e);
    } catch (IllegalBlockSizeException e) {
        throw new InvalidJweException(e);
    } catch (BadPaddingException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchProviderException e) {
        throw new InvalidJweException(e);
    } catch (InvalidKeyException e) {
        throw new InvalidJweException(e);
    } catch (InvalidKeySpecException e) {
        throw new InvalidJweException(e);
    } catch (InvalidCipherTextException e) {
        throw new InvalidJweException(e);
    }
}
Also used : InvalidCipherTextException(org.bouncycastle.crypto.InvalidCipherTextException) KeyParameter(org.bouncycastle.crypto.params.KeyParameter) CipherParameters(org.bouncycastle.crypto.CipherParameters) java.security(java.security) RSAPrivateKeySpec(java.security.spec.RSAPrivateKeySpec) SecretKeySpec(javax.crypto.spec.SecretKeySpec) AESWrapEngine(org.bouncycastle.crypto.engines.AESWrapEngine) BlockCipher(org.bouncycastle.crypto.BlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) RSAPrivateKey(org.xdi.oxauth.model.crypto.signature.RSAPrivateKey) InvalidJweException(org.xdi.oxauth.model.exception.InvalidJweException)

Example 2 with AESWrapEngine

use of org.bouncycastle.crypto.engines.AESWrapEngine in project oxAuth by GluuFederation.

the class JweEncrypterImpl method generateEncryptedKey.

@Override
public String generateEncryptedKey(byte[] contentMasterKey) throws InvalidJweException {
    if (getKeyEncryptionAlgorithm() == null) {
        throw new InvalidJweException("The key encryption algorithm is null");
    }
    if (contentMasterKey == null) {
        throw new InvalidJweException("The content master key (CMK) is null");
    }
    try {
        if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA_OAEP || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA1_5) {
            if (publicKey != null) {
                Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm(), "BC");
                //Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm());
                cipher.init(Cipher.ENCRYPT_MODE, publicKey);
                byte[] encryptedKey = cipher.doFinal(contentMasterKey);
                String encodedEncryptedKey = Base64Util.base64urlencode(encryptedKey);
                return encodedEncryptedKey;
            } else {
                throw new InvalidJweException("The RSA public key is null");
            }
        } else if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A128KW || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A256KW) {
            if (sharedSymmetricKey == null) {
                throw new InvalidJweException("The shared symmetric key is null");
            }
            if (sharedSymmetricKey.length != 16) {
                // 128 bit
                MessageDigest sha = MessageDigest.getInstance("SHA-1");
                sharedSymmetricKey = sha.digest(sharedSymmetricKey);
                sharedSymmetricKey = Arrays.copyOf(sharedSymmetricKey, 16);
            }
            SecretKeySpec keyEncryptionKey = new SecretKeySpec(sharedSymmetricKey, "AES");
            AESWrapEngine aesWrapEngine = new AESWrapEngine();
            CipherParameters params = new KeyParameter(keyEncryptionKey.getEncoded());
            aesWrapEngine.init(true, params);
            byte[] wrappedKey = aesWrapEngine.wrap(contentMasterKey, 0, contentMasterKey.length);
            String encodedEncryptedKey = Base64Util.base64urlencode(wrappedKey);
            return encodedEncryptedKey;
        } else {
            throw new InvalidJweException("The key encryption algorithm is not supported");
        }
    } catch (NoSuchPaddingException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new InvalidJweException(e);
    } catch (IllegalBlockSizeException e) {
        throw new InvalidJweException(e);
    } catch (BadPaddingException e) {
        throw new InvalidJweException(e);
    } catch (InvalidKeyException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchProviderException e) {
        throw new InvalidJweException(e);
    }
}
Also used : KeyParameter(org.bouncycastle.crypto.params.KeyParameter) CipherParameters(org.bouncycastle.crypto.CipherParameters) SecretKeySpec(javax.crypto.spec.SecretKeySpec) AESWrapEngine(org.bouncycastle.crypto.engines.AESWrapEngine) BlockCipher(org.bouncycastle.crypto.BlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) InvalidJweException(org.xdi.oxauth.model.exception.InvalidJweException)

Aggregations

SecretKeySpec (javax.crypto.spec.SecretKeySpec)2 BlockCipher (org.bouncycastle.crypto.BlockCipher)2 CipherParameters (org.bouncycastle.crypto.CipherParameters)2 AESWrapEngine (org.bouncycastle.crypto.engines.AESWrapEngine)2 GCMBlockCipher (org.bouncycastle.crypto.modes.GCMBlockCipher)2 KeyParameter (org.bouncycastle.crypto.params.KeyParameter)2 InvalidJweException (org.xdi.oxauth.model.exception.InvalidJweException)2 java.security (java.security)1 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)1 RSAPrivateKeySpec (java.security.spec.RSAPrivateKeySpec)1 InvalidCipherTextException (org.bouncycastle.crypto.InvalidCipherTextException)1 RSAPrivateKey (org.xdi.oxauth.model.crypto.signature.RSAPrivateKey)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial