Example 1 with JwtHeader
use of org.gluu.oxauth.model.jwt.JwtHeader in project oxAuth by GluuFederation.
the class JweEncrypterImpl method encrypt.
@Override
public Jwe encrypt(Jwe jwe) throws InvalidJweException {
try {
JWEEncrypter encrypter = createJweEncrypter();
if (jwe.getSignedJWTPayload() != null) {
jwe.getHeader().setContentType(JwtType.JWT);
}
JWEObject jweObject = new JWEObject(JWEHeader.parse(jwe.getHeader().toJsonObject().toString()), createPayload(jwe));
jweObject.encrypt(encrypter);
String encryptedJwe = jweObject.serialize();
String[] jweParts = encryptedJwe.split("\\.");
if (jweParts.length != 5) {
throw new InvalidJwtException("Invalid JWS format.");
}
String encodedHeader = jweParts[0];
String encodedEncryptedKey = jweParts[1];
String encodedInitializationVector = jweParts[2];
String encodedCipherText = jweParts[3];
String encodedIntegrityValue = jweParts[4];
jwe.setEncodedHeader(encodedHeader);
jwe.setEncodedEncryptedKey(encodedEncryptedKey);
jwe.setEncodedInitializationVector(encodedInitializationVector);
jwe.setEncodedCiphertext(encodedCipherText);
jwe.setEncodedIntegrityValue(encodedIntegrityValue);
jwe.setHeader(new JwtHeader(encodedHeader));
return jwe;
} catch (Exception e) {
throw new InvalidJweException(e);
}
}
Also used :
InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException)
JwtHeader(org.gluu.oxauth.model.jwt.JwtHeader)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException)
ParseException(java.text.ParseException)
InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException)
Example 2 with JwtHeader
use of org.gluu.oxauth.model.jwt.JwtHeader in project oxAuth by GluuFederation.
the class SoftwareStatement method headerToJSONObject.
protected JSONObject headerToJSONObject() throws InvalidJwtException {
JwtHeader jwtHeader = new JwtHeader();
jwtHeader.setAlgorithm(signatureAlgorithm);
jwtHeader.setKeyId(keyId);
return jwtHeader.toJsonObject();
}
Also used :
JwtHeader(org.gluu.oxauth.model.jwt.JwtHeader)
Example 3 with JwtHeader
use of org.gluu.oxauth.model.jwt.JwtHeader in project oxAuth by GluuFederation.
the class JwtAuthorizationRequest method getEncodedJwt.
public String getEncodedJwt(JSONObject jwks) throws Exception {
String encodedJwt = null;
if (keyEncryptionAlgorithm != null && blockEncryptionAlgorithm != null) {
JweEncrypterImpl jweEncrypter;
if (cryptoProvider != null && jwks != null) {
PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jwks, null);
jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, publicKey);
} else {
jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, sharedKey.getBytes(Util.UTF8_STRING_ENCODING));
}
String header = ClientUtil.toPrettyJson(headerToJSONObject());
String encodedHeader = Base64Util.base64urlencode(header.getBytes(Util.UTF8_STRING_ENCODING));
String claims = ClientUtil.toPrettyJson(payloadToJSONObject());
String encodedClaims = Base64Util.base64urlencode(claims.getBytes(Util.UTF8_STRING_ENCODING));
Jwe jwe = new Jwe();
jwe.setHeader(new JwtHeader(encodedHeader));
jwe.setClaims(new JwtClaims(encodedClaims));
jweEncrypter.encrypt(jwe);
encodedJwt = jwe.toString();
} else {
if (cryptoProvider == null) {
throw new Exception("The Crypto Provider cannot be null.");
}
JSONObject headerJsonObject = headerToJSONObject();
JSONObject payloadJsonObject = payloadToJSONObject();
String headerString = ClientUtil.toPrettyJson(headerJsonObject);
String payloadString = ClientUtil.toPrettyJson(payloadJsonObject);
String encodedHeader = Base64Util.base64urlencode(headerString.getBytes(Util.UTF8_STRING_ENCODING));
String encodedPayload = Base64Util.base64urlencode(payloadString.getBytes(Util.UTF8_STRING_ENCODING));
String signingInput = encodedHeader + "." + encodedPayload;
String encodedSignature = cryptoProvider.sign(signingInput, keyId, sharedKey, signatureAlgorithm);
encodedJwt = encodedHeader + "." + encodedPayload + "." + encodedSignature;
}
return encodedJwt;
}
Also used :
JwtHeader(org.gluu.oxauth.model.jwt.JwtHeader)
JSONObject(org.json.JSONObject)
JwtClaims(org.gluu.oxauth.model.jwt.JwtClaims)
PublicKey(java.security.PublicKey)
Jwe(org.gluu.oxauth.model.jwe.Jwe)
JweEncrypterImpl(org.gluu.oxauth.model.jwe.JweEncrypterImpl)
JSONException(org.json.JSONException)
InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Example 4 with JwtHeader
use of org.gluu.oxauth.model.jwt.JwtHeader in project oxAuth by GluuFederation.
the class JweDecrypterImpl method decrypt.
@Override
public Jwe decrypt(String encryptedJwe) throws InvalidJweException {
try {
String[] jweParts = encryptedJwe.split("\\.");
if (jweParts.length != 5) {
throw new InvalidJwtException("Invalid JWS format.");
}
String encodedHeader = jweParts[0];
String encodedEncryptedKey = jweParts[1];
String encodedInitializationVector = jweParts[2];
String encodedCipherText = jweParts[3];
String encodedIntegrityValue = jweParts[4];
Jwe jwe = new Jwe();
jwe.setEncodedHeader(encodedHeader);
jwe.setEncodedEncryptedKey(encodedEncryptedKey);
jwe.setEncodedInitializationVector(encodedInitializationVector);
jwe.setEncodedCiphertext(encodedCipherText);
jwe.setEncodedIntegrityValue(encodedIntegrityValue);
jwe.setHeader(new JwtHeader(encodedHeader));
EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptedJwe);
setKeyEncryptionAlgorithm(KeyEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)));
setBlockEncryptionAlgorithm(BlockEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(JwtHeaderName.ENCRYPTION_METHOD)));
final KeyEncryptionAlgorithm keyEncryptionAlgorithm = getKeyEncryptionAlgorithm();
Key encriptionKey = null;
if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5 || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP) {
encriptionKey = privateKey;
} else if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
if (sharedSymmetricKey == null) {
throw new InvalidJweException("The shared symmetric key is null");
}
int keyLength = 16;
if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
keyLength = 32;
}
if (sharedSymmetricKey.length != keyLength) {
MessageDigest sha = MessageDigest.getInstance("SHA-256");
sharedSymmetricKey = sha.digest(sharedSymmetricKey);
sharedSymmetricKey = Arrays.copyOf(sharedSymmetricKey, keyLength);
}
encriptionKey = new SecretKeySpec(sharedSymmetricKey, 0, sharedSymmetricKey.length, "AES");
} else {
throw new InvalidJweException("The key encryption algorithm is not supported");
}
JWEDecrypter decrypter = DECRYPTER_FACTORY.createJWEDecrypter(encryptedJwt.getHeader(), encriptionKey);
decrypter.getJCAContext().setProvider(SecurityProviderUtility.getInstance());
encryptedJwt.decrypt(decrypter);
final SignedJWT signedJWT = encryptedJwt.getPayload().toSignedJWT();
if (signedJWT != null) {
final Jwt jwt = Jwt.parse(signedJWT.serialize());
jwe.setSignedJWTPayload(jwt);
jwe.setClaims(jwt != null ? jwt.getClaims() : null);
} else {
final String base64encodedPayload = encryptedJwt.getPayload().toString();
jwe.setClaims(new JwtClaims(base64encodedPayload));
}
return jwe;
} catch (Exception e) {
throw new InvalidJweException(e);
}
}
Also used :
InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException)
JwtClaims(org.gluu.oxauth.model.jwt.JwtClaims)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
SignedJWT(com.nimbusds.jwt.SignedJWT)
InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException)
InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException)
JWEDecrypter(com.nimbusds.jose.JWEDecrypter)
JwtHeader(org.gluu.oxauth.model.jwt.JwtHeader)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
KeyEncryptionAlgorithm(org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm)
MessageDigest(java.security.MessageDigest)
EncryptedJWT(com.nimbusds.jwt.EncryptedJWT)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
RSAPrivateKey(org.gluu.oxauth.model.crypto.signature.RSAPrivateKey)
InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException)
Example 5 with JwtHeader
use of org.gluu.oxauth.model.jwt.JwtHeader in project oxAuth by GluuFederation.
the class JwtAuthorizationRequest method headerToJSONObject.
protected JSONObject headerToJSONObject() throws InvalidJwtException {
JwtHeader jwtHeader = new JwtHeader();
jwtHeader.setType(type);
if (keyEncryptionAlgorithm != null && blockEncryptionAlgorithm != null) {
jwtHeader.setAlgorithm(keyEncryptionAlgorithm);
jwtHeader.setEncryptionMethod(blockEncryptionAlgorithm);
} else {
jwtHeader.setAlgorithm(signatureAlgorithm);
}
jwtHeader.setKeyId(keyId);
return jwtHeader.toJsonObject();
}
Also used :
JwtHeader(org.gluu.oxauth.model.jwt.JwtHeader)
Aggregations
JwtHeader (org.gluu.oxauth.model.jwt.JwtHeader)7
InvalidJwtException (org.gluu.oxauth.model.exception.InvalidJwtException)4
UnsupportedEncodingException (java.io.UnsupportedEncodingException)3
JwtClaims (org.gluu.oxauth.model.jwt.JwtClaims)3
PublicKey (java.security.PublicKey)2
InvalidJweException (org.gluu.oxauth.model.exception.InvalidJweException)2
Jwe (org.gluu.oxauth.model.jwe.Jwe)2
JweEncrypterImpl (org.gluu.oxauth.model.jwe.JweEncrypterImpl)2
JSONException (org.json.JSONException)2
JSONObject (org.json.JSONObject)2
JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1
JWEDecrypter (com.nimbusds.jose.JWEDecrypter)1
EncryptedJWT (com.nimbusds.jwt.EncryptedJWT)1
SignedJWT (com.nimbusds.jwt.SignedJWT)1
Key (java.security.Key)1
MessageDigest (java.security.MessageDigest)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
PrivateKey (java.security.PrivateKey)1
ParseException (java.text.ParseException)1
SecretKeySpec (javax.crypto.spec.SecretKeySpec)1
