Examples with ServerCryptoProvider - org.gluu.oxauth.service.ServerCryptoProvider

Example 1 with ServerCryptoProvider

use of org.gluu.oxauth.service.ServerCryptoProvider in project oxAuth by GluuFederation.

the class JwrService method encryptJwe.

private Jwe encryptJwe(Jwe jwe, Client client) throws Exception {
    if (appConfiguration.getUseNestedJwtDuringEncryption()) {
        JwtSigner jwtSigner = JwtSigner.newJwtSigner(appConfiguration, webKeysConfiguration, client);
        Jwt jwt = jwtSigner.newJwt();
        jwt.setClaims(jwe.getClaims());
        jwe.setSignedJWTPayload(signJwt(jwt, client));
    }
    KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(ALGORITHM));
    final BlockEncryptionAlgorithm encryptionMethod = jwe.getHeader().getEncryptionMethod();
    if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5) {
        JSONObject jsonWebKeys = JwtUtil.getJSONWebKeys(client.getJwksUri());
        String keyId = new ServerCryptoProvider(cryptoProvider).getKeyId(JSONWebKeySet.fromJSONObject(jsonWebKeys), Algorithm.fromString(keyEncryptionAlgorithm.getName()), Use.ENCRYPTION);
        PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jsonWebKeys, null);
        jwe.getHeader().setKeyId(keyId);
        if (publicKey == null) {
            throw new InvalidJweException("The public key is not valid");
        }
        JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, encryptionMethod, publicKey);
        return jweEncrypter.encrypt(jwe);
    }
    if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
        byte[] sharedSymmetricKey = clientService.decryptSecret(client.getClientSecret()).getBytes(StandardCharsets.UTF_8);
        JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, encryptionMethod, sharedSymmetricKey);
        return jweEncrypter.encrypt(jwe);
    }
    throw new IllegalArgumentException("Unsupported encryption algorithm: " + keyEncryptionAlgorithm);
}

Also used : ServerCryptoProvider(org.gluu.oxauth.service.ServerCryptoProvider) Jwt(org.gluu.oxauth.model.jwt.Jwt) PublicKey(java.security.PublicKey) BlockEncryptionAlgorithm(org.gluu.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm) JSONObject(org.json.JSONObject) KeyEncryptionAlgorithm(org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm) JweEncrypterImpl(org.gluu.oxauth.model.jwe.JweEncrypterImpl) JweEncrypter(org.gluu.oxauth.model.jwe.JweEncrypter) InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException)

Aggregations

PublicKey (java.security.PublicKey)1 BlockEncryptionAlgorithm (org.gluu.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm)1 KeyEncryptionAlgorithm (org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm)1 InvalidJweException (org.gluu.oxauth.model.exception.InvalidJweException)1 JweEncrypter (org.gluu.oxauth.model.jwe.JweEncrypter)1 JweEncrypterImpl (org.gluu.oxauth.model.jwe.JweEncrypterImpl)1 Jwt (org.gluu.oxauth.model.jwt.Jwt)1 ServerCryptoProvider (org.gluu.oxauth.service.ServerCryptoProvider)1 JSONObject (org.json.JSONObject)1