use of org.gluu.oxauth.model.jwt.JwtHeader in project oxAuth by GluuFederation.
the class JweEncrypterImpl method encrypt.
@Override
public Jwe encrypt(Jwe jwe) throws InvalidJweException {
try {
JWEEncrypter encrypter = createJweEncrypter();
if (jwe.getSignedJWTPayload() != null) {
jwe.getHeader().setContentType(JwtType.JWT);
}
JWEObject jweObject = new JWEObject(JWEHeader.parse(jwe.getHeader().toJsonObject().toString()), createPayload(jwe));
jweObject.encrypt(encrypter);
String encryptedJwe = jweObject.serialize();
String[] jweParts = encryptedJwe.split("\\.");
if (jweParts.length != 5) {
throw new InvalidJwtException("Invalid JWS format.");
}
String encodedHeader = jweParts[0];
String encodedEncryptedKey = jweParts[1];
String encodedInitializationVector = jweParts[2];
String encodedCipherText = jweParts[3];
String encodedIntegrityValue = jweParts[4];
jwe.setEncodedHeader(encodedHeader);
jwe.setEncodedEncryptedKey(encodedEncryptedKey);
jwe.setEncodedInitializationVector(encodedInitializationVector);
jwe.setEncodedCiphertext(encodedCipherText);
jwe.setEncodedIntegrityValue(encodedIntegrityValue);
jwe.setHeader(new JwtHeader(encodedHeader));
return jwe;
} catch (Exception e) {
throw new InvalidJweException(e);
}
}
use of org.gluu.oxauth.model.jwt.JwtHeader in project oxAuth by GluuFederation.
the class SoftwareStatement method headerToJSONObject.
protected JSONObject headerToJSONObject() throws InvalidJwtException {
JwtHeader jwtHeader = new JwtHeader();
jwtHeader.setAlgorithm(signatureAlgorithm);
jwtHeader.setKeyId(keyId);
return jwtHeader.toJsonObject();
}
use of org.gluu.oxauth.model.jwt.JwtHeader in project oxAuth by GluuFederation.
the class JwtAuthorizationRequest method getEncodedJwt.
public String getEncodedJwt(JSONObject jwks) throws Exception {
String encodedJwt = null;
if (keyEncryptionAlgorithm != null && blockEncryptionAlgorithm != null) {
JweEncrypterImpl jweEncrypter;
if (cryptoProvider != null && jwks != null) {
PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jwks, null);
jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, publicKey);
} else {
jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, sharedKey.getBytes(Util.UTF8_STRING_ENCODING));
}
String header = ClientUtil.toPrettyJson(headerToJSONObject());
String encodedHeader = Base64Util.base64urlencode(header.getBytes(Util.UTF8_STRING_ENCODING));
String claims = ClientUtil.toPrettyJson(payloadToJSONObject());
String encodedClaims = Base64Util.base64urlencode(claims.getBytes(Util.UTF8_STRING_ENCODING));
Jwe jwe = new Jwe();
jwe.setHeader(new JwtHeader(encodedHeader));
jwe.setClaims(new JwtClaims(encodedClaims));
jweEncrypter.encrypt(jwe);
encodedJwt = jwe.toString();
} else {
if (cryptoProvider == null) {
throw new Exception("The Crypto Provider cannot be null.");
}
JSONObject headerJsonObject = headerToJSONObject();
JSONObject payloadJsonObject = payloadToJSONObject();
String headerString = ClientUtil.toPrettyJson(headerJsonObject);
String payloadString = ClientUtil.toPrettyJson(payloadJsonObject);
String encodedHeader = Base64Util.base64urlencode(headerString.getBytes(Util.UTF8_STRING_ENCODING));
String encodedPayload = Base64Util.base64urlencode(payloadString.getBytes(Util.UTF8_STRING_ENCODING));
String signingInput = encodedHeader + "." + encodedPayload;
String encodedSignature = cryptoProvider.sign(signingInput, keyId, sharedKey, signatureAlgorithm);
encodedJwt = encodedHeader + "." + encodedPayload + "." + encodedSignature;
}
return encodedJwt;
}
use of org.gluu.oxauth.model.jwt.JwtHeader in project oxAuth by GluuFederation.
the class JweDecrypterImpl method decrypt.
@Override
public Jwe decrypt(String encryptedJwe) throws InvalidJweException {
try {
String[] jweParts = encryptedJwe.split("\\.");
if (jweParts.length != 5) {
throw new InvalidJwtException("Invalid JWS format.");
}
String encodedHeader = jweParts[0];
String encodedEncryptedKey = jweParts[1];
String encodedInitializationVector = jweParts[2];
String encodedCipherText = jweParts[3];
String encodedIntegrityValue = jweParts[4];
Jwe jwe = new Jwe();
jwe.setEncodedHeader(encodedHeader);
jwe.setEncodedEncryptedKey(encodedEncryptedKey);
jwe.setEncodedInitializationVector(encodedInitializationVector);
jwe.setEncodedCiphertext(encodedCipherText);
jwe.setEncodedIntegrityValue(encodedIntegrityValue);
jwe.setHeader(new JwtHeader(encodedHeader));
EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptedJwe);
setKeyEncryptionAlgorithm(KeyEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)));
setBlockEncryptionAlgorithm(BlockEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(JwtHeaderName.ENCRYPTION_METHOD)));
final KeyEncryptionAlgorithm keyEncryptionAlgorithm = getKeyEncryptionAlgorithm();
Key encriptionKey = null;
if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5 || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP) {
encriptionKey = privateKey;
} else if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
if (sharedSymmetricKey == null) {
throw new InvalidJweException("The shared symmetric key is null");
}
int keyLength = 16;
if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
keyLength = 32;
}
if (sharedSymmetricKey.length != keyLength) {
MessageDigest sha = MessageDigest.getInstance("SHA-256");
sharedSymmetricKey = sha.digest(sharedSymmetricKey);
sharedSymmetricKey = Arrays.copyOf(sharedSymmetricKey, keyLength);
}
encriptionKey = new SecretKeySpec(sharedSymmetricKey, 0, sharedSymmetricKey.length, "AES");
} else {
throw new InvalidJweException("The key encryption algorithm is not supported");
}
JWEDecrypter decrypter = DECRYPTER_FACTORY.createJWEDecrypter(encryptedJwt.getHeader(), encriptionKey);
decrypter.getJCAContext().setProvider(SecurityProviderUtility.getInstance());
encryptedJwt.decrypt(decrypter);
final SignedJWT signedJWT = encryptedJwt.getPayload().toSignedJWT();
if (signedJWT != null) {
final Jwt jwt = Jwt.parse(signedJWT.serialize());
jwe.setSignedJWTPayload(jwt);
jwe.setClaims(jwt != null ? jwt.getClaims() : null);
} else {
final String base64encodedPayload = encryptedJwt.getPayload().toString();
jwe.setClaims(new JwtClaims(base64encodedPayload));
}
return jwe;
} catch (Exception e) {
throw new InvalidJweException(e);
}
}
use of org.gluu.oxauth.model.jwt.JwtHeader in project oxAuth by GluuFederation.
the class JwtAuthorizationRequest method headerToJSONObject.
protected JSONObject headerToJSONObject() throws InvalidJwtException {
JwtHeader jwtHeader = new JwtHeader();
jwtHeader.setType(type);
if (keyEncryptionAlgorithm != null && blockEncryptionAlgorithm != null) {
jwtHeader.setAlgorithm(keyEncryptionAlgorithm);
jwtHeader.setEncryptionMethod(blockEncryptionAlgorithm);
} else {
jwtHeader.setAlgorithm(signatureAlgorithm);
}
jwtHeader.setKeyId(keyId);
return jwtHeader.toJsonObject();
}
Aggregations