Search in sources :

Example 1 with JweEncrypterImpl

use of org.gluu.oxauth.model.jwe.JweEncrypterImpl in project oxAuth by GluuFederation.

the class JwtAuthorizationRequest method getEncodedJwt.

public String getEncodedJwt(JSONObject jwks) throws Exception {
    String encodedJwt = null;
    if (keyEncryptionAlgorithm != null && blockEncryptionAlgorithm != null) {
        JweEncrypterImpl jweEncrypter;
        if (cryptoProvider != null && jwks != null) {
            PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jwks, null);
            jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, publicKey);
        } else {
            jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, sharedKey.getBytes(Util.UTF8_STRING_ENCODING));
        }
        String header = ClientUtil.toPrettyJson(headerToJSONObject());
        String encodedHeader = Base64Util.base64urlencode(header.getBytes(Util.UTF8_STRING_ENCODING));
        String claims = ClientUtil.toPrettyJson(payloadToJSONObject());
        String encodedClaims = Base64Util.base64urlencode(claims.getBytes(Util.UTF8_STRING_ENCODING));
        Jwe jwe = new Jwe();
        jwe.setHeader(new JwtHeader(encodedHeader));
        jwe.setClaims(new JwtClaims(encodedClaims));
        jweEncrypter.encrypt(jwe);
        encodedJwt = jwe.toString();
    } else {
        if (cryptoProvider == null) {
            throw new Exception("The Crypto Provider cannot be null.");
        }
        JSONObject headerJsonObject = headerToJSONObject();
        JSONObject payloadJsonObject = payloadToJSONObject();
        String headerString = ClientUtil.toPrettyJson(headerJsonObject);
        String payloadString = ClientUtil.toPrettyJson(payloadJsonObject);
        String encodedHeader = Base64Util.base64urlencode(headerString.getBytes(Util.UTF8_STRING_ENCODING));
        String encodedPayload = Base64Util.base64urlencode(payloadString.getBytes(Util.UTF8_STRING_ENCODING));
        String signingInput = encodedHeader + "." + encodedPayload;
        String encodedSignature = cryptoProvider.sign(signingInput, keyId, sharedKey, signatureAlgorithm);
        encodedJwt = encodedHeader + "." + encodedPayload + "." + encodedSignature;
    }
    return encodedJwt;
}
Also used : JwtHeader(org.gluu.oxauth.model.jwt.JwtHeader) JSONObject(org.json.JSONObject) JwtClaims(org.gluu.oxauth.model.jwt.JwtClaims) PublicKey(java.security.PublicKey) Jwe(org.gluu.oxauth.model.jwe.Jwe) JweEncrypterImpl(org.gluu.oxauth.model.jwe.JweEncrypterImpl) JSONException(org.json.JSONException) InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 2 with JweEncrypterImpl

use of org.gluu.oxauth.model.jwe.JweEncrypterImpl in project oxAuth by GluuFederation.

the class CrossEncryptionTest method nestedJWTProducedByGluu.

@Test
public void nestedJWTProducedByGluu() throws Exception {
    AppConfiguration appConfiguration = new AppConfiguration();
    List<JSONWebKey> keyArrayList = new ArrayList<JSONWebKey>();
    keyArrayList.add(getSenderWebKey());
    JSONWebKeySet keySet = new JSONWebKeySet();
    keySet.setKeys(keyArrayList);
    final JwtSigner jwtSigner = new JwtSigner(appConfiguration, keySet, SignatureAlgorithm.RS256, "audience", null, new AbstractCryptoProvider() {

        @Override
        public JSONObject generateKey(Algorithm algorithm, Long expirationTime, Use use) throws Exception {
            return null;
        }

        @Override
        public JSONObject generateKey(Algorithm algorithm, Long expirationTime, Use use, int keyLength) throws Exception {
            return null;
        }

        @Override
        public boolean containsKey(String keyId) {
            return false;
        }

        @Override
        public String sign(String signingInput, String keyId, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws Exception {
            RSAPrivateKey privateKey = ((RSAKey) JWK.parse(senderJwkJson)).toRSAPrivateKey();
            Signature signature = Signature.getInstance(signatureAlgorithm.getAlgorithm(), "BC");
            signature.initSign(privateKey);
            signature.update(signingInput.getBytes());
            return Base64Util.base64urlencode(signature.sign());
        }

        @Override
        public boolean verifySignature(String signingInput, String encodedSignature, String keyId, JSONObject jwks, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws Exception {
            return false;
        }

        @Override
        public boolean deleteKey(String keyId) throws Exception {
            return false;
        }

        @Override
        public PrivateKey getPrivateKey(String keyId) throws Exception {
            throw new UnsupportedOperationException("Method not implemented.");
        }
    });
    Jwt jwt = jwtSigner.newJwt();
    jwt.getClaims().setSubjectIdentifier("testing");
    jwt.getClaims().setIssuer("https:devgluu.saminet.local");
    jwt = jwtSigner.sign();
    RSAKey recipientPublicJWK = (RSAKey) (JWK.parse(recipientJwkJson));
    BlockEncryptionAlgorithm blockEncryptionAlgorithm = BlockEncryptionAlgorithm.A128GCM;
    KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.RSA_OAEP;
    Jwe jwe = new Jwe();
    jwe.getHeader().setType(JwtType.JWT);
    jwe.getHeader().setAlgorithm(keyEncryptionAlgorithm);
    jwe.getHeader().setEncryptionMethod(blockEncryptionAlgorithm);
    jwe.getHeader().setKeyId("1");
    jwe.setSignedJWTPayload(jwt);
    JweEncrypterImpl encrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, recipientPublicJWK.toPublicKey());
    String jweString = encrypter.encrypt(jwe).toString();
    decryptAndValidateSignatureWithGluu(jweString);
    decryptAndValidateSignatureWithNimbus(jweString);
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) JSONWebKeySet(org.gluu.oxauth.model.jwk.JSONWebKeySet) ArrayList(java.util.ArrayList) SignatureAlgorithm(org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm) BlockEncryptionAlgorithm(org.gluu.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm) JwtSigner(org.gluu.oxauth.model.token.JwtSigner) AppConfiguration(org.gluu.oxauth.model.configuration.AppConfiguration) Jwe(org.gluu.oxauth.model.jwe.Jwe) AbstractCryptoProvider(org.gluu.oxauth.model.crypto.AbstractCryptoProvider) Use(org.gluu.oxauth.model.jwk.Use) Jwt(org.gluu.oxauth.model.jwt.Jwt) SignatureAlgorithm(org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm) KeyEncryptionAlgorithm(org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm) Algorithm(org.gluu.oxauth.model.jwk.Algorithm) BlockEncryptionAlgorithm(org.gluu.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm) JSONException(org.json.JSONException) ParseException(java.text.ParseException) InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException) IOException(java.io.IOException) InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException) JSONWebKey(org.gluu.oxauth.model.jwk.JSONWebKey) JSONObject(org.json.JSONObject) Signature(java.security.Signature) KeyEncryptionAlgorithm(org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm) JweEncrypterImpl(org.gluu.oxauth.model.jwe.JweEncrypterImpl) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) Test(org.testng.annotations.Test)

Example 3 with JweEncrypterImpl

use of org.gluu.oxauth.model.jwe.JweEncrypterImpl in project oxAuth by GluuFederation.

the class JwrService method encryptJwe.

private Jwe encryptJwe(Jwe jwe, Client client) throws Exception {
    if (appConfiguration.getUseNestedJwtDuringEncryption()) {
        JwtSigner jwtSigner = JwtSigner.newJwtSigner(appConfiguration, webKeysConfiguration, client);
        Jwt jwt = jwtSigner.newJwt();
        jwt.setClaims(jwe.getClaims());
        jwe.setSignedJWTPayload(signJwt(jwt, client));
    }
    KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(ALGORITHM));
    final BlockEncryptionAlgorithm encryptionMethod = jwe.getHeader().getEncryptionMethod();
    if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5) {
        JSONObject jsonWebKeys = JwtUtil.getJSONWebKeys(client.getJwksUri());
        String keyId = new ServerCryptoProvider(cryptoProvider).getKeyId(JSONWebKeySet.fromJSONObject(jsonWebKeys), Algorithm.fromString(keyEncryptionAlgorithm.getName()), Use.ENCRYPTION);
        PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jsonWebKeys, null);
        jwe.getHeader().setKeyId(keyId);
        if (publicKey == null) {
            throw new InvalidJweException("The public key is not valid");
        }
        JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, encryptionMethod, publicKey);
        return jweEncrypter.encrypt(jwe);
    }
    if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
        byte[] sharedSymmetricKey = clientService.decryptSecret(client.getClientSecret()).getBytes(StandardCharsets.UTF_8);
        JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, encryptionMethod, sharedSymmetricKey);
        return jweEncrypter.encrypt(jwe);
    }
    throw new IllegalArgumentException("Unsupported encryption algorithm: " + keyEncryptionAlgorithm);
}
Also used : ServerCryptoProvider(org.gluu.oxauth.service.ServerCryptoProvider) Jwt(org.gluu.oxauth.model.jwt.Jwt) PublicKey(java.security.PublicKey) BlockEncryptionAlgorithm(org.gluu.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm) JSONObject(org.json.JSONObject) KeyEncryptionAlgorithm(org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm) JweEncrypterImpl(org.gluu.oxauth.model.jwe.JweEncrypterImpl) JweEncrypter(org.gluu.oxauth.model.jwe.JweEncrypter) InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException)

Example 4 with JweEncrypterImpl

use of org.gluu.oxauth.model.jwe.JweEncrypterImpl in project oxAuth by GluuFederation.

the class UserInfoRestWebServiceImpl method getJweResponse.

public String getJweResponse(KeyEncryptionAlgorithm keyEncryptionAlgorithm, BlockEncryptionAlgorithm blockEncryptionAlgorithm, User user, AuthorizationGrant authorizationGrant, Collection<String> scopes) throws Exception {
    log.trace("Building JWE reponse with next scopes {0} for user {1} and user custom attributes {0}", scopes, user.getUserId(), user.getCustomAttributes());
    Jwe jwe = new Jwe();
    // Header
    jwe.getHeader().setType(JwtType.JWT);
    jwe.getHeader().setAlgorithm(keyEncryptionAlgorithm);
    jwe.getHeader().setEncryptionMethod(blockEncryptionAlgorithm);
    // Claims
    jwe.setClaims(createJwtClaims(user, authorizationGrant, scopes));
    // Encryption
    if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5) {
        JSONObject jsonWebKeys = JwtUtil.getJSONWebKeys(authorizationGrant.getClient().getJwksUri());
        String keyId = new ServerCryptoProvider(cryptoProvider).getKeyId(JSONWebKeySet.fromJSONObject(jsonWebKeys), Algorithm.fromString(keyEncryptionAlgorithm.getName()), Use.ENCRYPTION);
        PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jsonWebKeys, null);
        if (publicKey != null) {
            JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, publicKey);
            jwe = jweEncrypter.encrypt(jwe);
        } else {
            throw new InvalidJweException("The public key is not valid");
        }
    } else if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
        try {
            byte[] sharedSymmetricKey = clientService.decryptSecret(authorizationGrant.getClient().getClientSecret()).getBytes(Util.UTF8_STRING_ENCODING);
            JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, sharedSymmetricKey);
            jwe = jweEncrypter.encrypt(jwe);
        } catch (Exception e) {
            throw new InvalidJweException(e);
        }
    }
    return jwe.toString();
}
Also used : JSONObject(org.json.JSONObject) PublicKey(java.security.PublicKey) Jwe(org.gluu.oxauth.model.jwe.Jwe) JweEncrypterImpl(org.gluu.oxauth.model.jwe.JweEncrypterImpl) JweEncrypter(org.gluu.oxauth.model.jwe.JweEncrypter) EntryPersistenceException(org.gluu.persist.exception.EntryPersistenceException) InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException) InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException)

Example 5 with JweEncrypterImpl

use of org.gluu.oxauth.model.jwe.JweEncrypterImpl in project oxAuth by GluuFederation.

the class CrossEncryptionTest method encryptWithGluuJweEncrypter.

private String encryptWithGluuJweEncrypter() {
    try {
        RSAKey recipientPublicJWK = (RSAKey) (JWK.parse(recipientJwkJson));
        BlockEncryptionAlgorithm blockEncryptionAlgorithm = BlockEncryptionAlgorithm.A128GCM;
        KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.RSA_OAEP;
        Jwe jwe = new Jwe();
        jwe.getHeader().setType(JwtType.JWT);
        jwe.getHeader().setAlgorithm(keyEncryptionAlgorithm);
        jwe.getHeader().setEncryptionMethod(blockEncryptionAlgorithm);
        jwe.getClaims().setIssuer("https:devgluu.saminet.local");
        jwe.getClaims().setSubjectIdentifier("testing");
        jwe.getHeader().setKeyId("1");
        JweEncrypterImpl encrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, recipientPublicJWK.toPublicKey());
        jwe = encrypter.encrypt(jwe);
        // System.out.println("EncodedIntegrityValue: " + jwe.getEncodedIntegrityValue());
        return jwe.toString();
    } catch (Exception e) {
        System.out.println("Error encryption with Gluu JweEncrypter: " + e.getMessage());
        return null;
    }
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) KeyEncryptionAlgorithm(org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm) Jwe(org.gluu.oxauth.model.jwe.Jwe) JweEncrypterImpl(org.gluu.oxauth.model.jwe.JweEncrypterImpl) JSONException(org.json.JSONException) ParseException(java.text.ParseException) InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException) IOException(java.io.IOException) InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException) BlockEncryptionAlgorithm(org.gluu.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm)

Aggregations

JweEncrypterImpl (org.gluu.oxauth.model.jwe.JweEncrypterImpl)6 Jwe (org.gluu.oxauth.model.jwe.Jwe)5 JSONObject (org.json.JSONObject)5 PublicKey (java.security.PublicKey)4 InvalidJweException (org.gluu.oxauth.model.exception.InvalidJweException)4 InvalidJwtException (org.gluu.oxauth.model.exception.InvalidJwtException)4 JSONException (org.json.JSONException)4 BlockEncryptionAlgorithm (org.gluu.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm)3 KeyEncryptionAlgorithm (org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm)3 RSAKey (com.nimbusds.jose.jwk.RSAKey)2 IOException (java.io.IOException)2 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 ParseException (java.text.ParseException)2 JweEncrypter (org.gluu.oxauth.model.jwe.JweEncrypter)2 Jwt (org.gluu.oxauth.model.jwt.Jwt)2 JwtClaims (org.gluu.oxauth.model.jwt.JwtClaims)2 JwtHeader (org.gluu.oxauth.model.jwt.JwtHeader)2 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1 PrivateKey (java.security.PrivateKey)1 Signature (java.security.Signature)1