Example 1 with JweEncrypter
use of org.gluu.oxauth.model.jwe.JweEncrypter in project oxAuth by GluuFederation.
the class JwrService method encryptJwe.
private Jwe encryptJwe(Jwe jwe, Client client) throws Exception {
if (appConfiguration.getUseNestedJwtDuringEncryption()) {
JwtSigner jwtSigner = JwtSigner.newJwtSigner(appConfiguration, webKeysConfiguration, client);
Jwt jwt = jwtSigner.newJwt();
jwt.setClaims(jwe.getClaims());
jwe.setSignedJWTPayload(signJwt(jwt, client));
}
KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(ALGORITHM));
final BlockEncryptionAlgorithm encryptionMethod = jwe.getHeader().getEncryptionMethod();
if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5) {
JSONObject jsonWebKeys = JwtUtil.getJSONWebKeys(client.getJwksUri());
String keyId = new ServerCryptoProvider(cryptoProvider).getKeyId(JSONWebKeySet.fromJSONObject(jsonWebKeys), Algorithm.fromString(keyEncryptionAlgorithm.getName()), Use.ENCRYPTION);
PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jsonWebKeys, null);
jwe.getHeader().setKeyId(keyId);
if (publicKey == null) {
throw new InvalidJweException("The public key is not valid");
}
JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, encryptionMethod, publicKey);
return jweEncrypter.encrypt(jwe);
}
if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
byte[] sharedSymmetricKey = clientService.decryptSecret(client.getClientSecret()).getBytes(StandardCharsets.UTF_8);
JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, encryptionMethod, sharedSymmetricKey);
return jweEncrypter.encrypt(jwe);
}
throw new IllegalArgumentException("Unsupported encryption algorithm: " + keyEncryptionAlgorithm);
}
Also used :
ServerCryptoProvider(org.gluu.oxauth.service.ServerCryptoProvider)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
PublicKey(java.security.PublicKey)
BlockEncryptionAlgorithm(org.gluu.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm)
JSONObject(org.json.JSONObject)
KeyEncryptionAlgorithm(org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm)
JweEncrypterImpl(org.gluu.oxauth.model.jwe.JweEncrypterImpl)
JweEncrypter(org.gluu.oxauth.model.jwe.JweEncrypter)
InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException)
Example 2 with JweEncrypter
use of org.gluu.oxauth.model.jwe.JweEncrypter in project oxAuth by GluuFederation.
the class UserInfoRestWebServiceImpl method getJweResponse.
public String getJweResponse(KeyEncryptionAlgorithm keyEncryptionAlgorithm, BlockEncryptionAlgorithm blockEncryptionAlgorithm, User user, AuthorizationGrant authorizationGrant, Collection<String> scopes) throws Exception {
log.trace("Building JWE reponse with next scopes {0} for user {1} and user custom attributes {0}", scopes, user.getUserId(), user.getCustomAttributes());
Jwe jwe = new Jwe();
// Header
jwe.getHeader().setType(JwtType.JWT);
jwe.getHeader().setAlgorithm(keyEncryptionAlgorithm);
jwe.getHeader().setEncryptionMethod(blockEncryptionAlgorithm);
// Claims
jwe.setClaims(createJwtClaims(user, authorizationGrant, scopes));
// Encryption
if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5) {
JSONObject jsonWebKeys = JwtUtil.getJSONWebKeys(authorizationGrant.getClient().getJwksUri());
String keyId = new ServerCryptoProvider(cryptoProvider).getKeyId(JSONWebKeySet.fromJSONObject(jsonWebKeys), Algorithm.fromString(keyEncryptionAlgorithm.getName()), Use.ENCRYPTION);
PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jsonWebKeys, null);
if (publicKey != null) {
JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, publicKey);
jwe = jweEncrypter.encrypt(jwe);
} else {
throw new InvalidJweException("The public key is not valid");
}
} else if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
try {
byte[] sharedSymmetricKey = clientService.decryptSecret(authorizationGrant.getClient().getClientSecret()).getBytes(Util.UTF8_STRING_ENCODING);
JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, sharedSymmetricKey);
jwe = jweEncrypter.encrypt(jwe);
} catch (Exception e) {
throw new InvalidJweException(e);
}
}
return jwe.toString();
}
Also used :
JSONObject(org.json.JSONObject)
PublicKey(java.security.PublicKey)
Jwe(org.gluu.oxauth.model.jwe.Jwe)
JweEncrypterImpl(org.gluu.oxauth.model.jwe.JweEncrypterImpl)
JweEncrypter(org.gluu.oxauth.model.jwe.JweEncrypter)
EntryPersistenceException(org.gluu.persist.exception.EntryPersistenceException)
InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException)
InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException)
Aggregations
PublicKey (java.security.PublicKey)2
InvalidJweException (org.gluu.oxauth.model.exception.InvalidJweException)2
JweEncrypter (org.gluu.oxauth.model.jwe.JweEncrypter)2
JweEncrypterImpl (org.gluu.oxauth.model.jwe.JweEncrypterImpl)2
JSONObject (org.json.JSONObject)2
BlockEncryptionAlgorithm (org.gluu.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm)1
KeyEncryptionAlgorithm (org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm)1
Jwe (org.gluu.oxauth.model.jwe.Jwe)1
Jwt (org.gluu.oxauth.model.jwt.Jwt)1
ServerCryptoProvider (org.gluu.oxauth.service.ServerCryptoProvider)1
EntryPersistenceException (org.gluu.persist.exception.EntryPersistenceException)1
