Example 1 with JsonWebEncryption
use of org.jose4j.jwe.JsonWebEncryption in project cas by apereo.
the class BaseStringCipherExecutor method encryptValue.
/**
* Encrypt the value based on the seed array whose length was given during afterPropertiesSet,
* and the key and content encryption ids.
*
* @param value the value
* @return the encoded value
*/
private String encryptValue(final Serializable value) {
try {
final JsonWebEncryption jwe = new JsonWebEncryption();
jwe.setPayload(serializeValue(value));
jwe.enableDefaultCompression();
jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.DIRECT);
jwe.setEncryptionMethodHeaderParameter(this.contentEncryptionAlgorithmIdentifier);
jwe.setKey(this.secretKeyEncryptionKey);
LOGGER.debug("Encrypting via [{}]", this.contentEncryptionAlgorithmIdentifier);
return jwe.getCompactSerialization();
} catch (final Exception e) {
throw new RuntimeException("Ensure that you have installed JCE Unlimited Strength Jurisdiction Policy Files. " + e.getMessage(), e);
}
}
Also used :
JsonWebEncryption(org.jose4j.jwe.JsonWebEncryption)
Example 2 with JsonWebEncryption
use of org.jose4j.jwe.JsonWebEncryption in project cas by apereo.
the class EncodingUtils method encryptValueAsJwt.
/**
* Encrypt the value based on the seed array whose length was given during afterPropertiesSet,
* and the key and content encryption ids.
*
* @param secretKeyEncryptionKey the secret key encryption key
* @param value the value
* @param algorithmHeaderValue the algorithm header value
* @param contentEncryptionAlgorithmIdentifier the content encryption algorithm identifier
* @return the encoded value
*/
public static String encryptValueAsJwt(final Key secretKeyEncryptionKey, final Serializable value, final String algorithmHeaderValue, final String contentEncryptionAlgorithmIdentifier) {
try {
final JsonWebEncryption jwe = new JsonWebEncryption();
jwe.setPayload(value.toString());
jwe.enableDefaultCompression();
jwe.setAlgorithmHeaderValue(algorithmHeaderValue);
jwe.setEncryptionMethodHeaderParameter(contentEncryptionAlgorithmIdentifier);
jwe.setKey(secretKeyEncryptionKey);
LOGGER.debug("Encrypting via [{}]", contentEncryptionAlgorithmIdentifier);
return jwe.getCompactSerialization();
} catch (final Exception e) {
throw new IllegalArgumentException("Is JCE Unlimited Strength Jurisdiction Policy installed? " + e.getMessage(), e);
}
}
Also used :
JsonWebEncryption(org.jose4j.jwe.JsonWebEncryption)
Example 3 with JsonWebEncryption
use of org.jose4j.jwe.JsonWebEncryption in project open-ecard by ecsec.
the class ChipGateway method getPin.
@Nullable
private char[] getPin(@Nullable String encryptedPin) throws RemotePinException {
if (ChipGatewayProperties.isRemotePinAllowed() && encryptedPin != null) {
if (pinKey != null) {
try {
// decrypt PIN
JsonWebEncryption jwe = new JsonWebEncryption();
// specify algorithmic constraints
AlgorithmConstraints algConstraints = new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, KeyManagementAlgorithmIdentifiers.DIRECT);
jwe.setAlgorithmConstraints(algConstraints);
AlgorithmConstraints encConstraints = new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256, ContentEncryptionAlgorithmIdentifiers.AES_192_CBC_HMAC_SHA_384, ContentEncryptionAlgorithmIdentifiers.AES_256_CBC_HMAC_SHA_512, ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, ContentEncryptionAlgorithmIdentifiers.AES_192_GCM, ContentEncryptionAlgorithmIdentifiers.AES_256_GCM);
jwe.setContentEncryptionAlgorithmConstraints(encConstraints);
// perform decryption
jwe.setCompactSerialization(encryptedPin);
jwe.setKey(pinKey.getKey());
byte[] pinBytes = jwe.getPlaintextBytes();
// check if PIN is a sane value
char[] pin;
if (pinBytes == null || pinBytes.length == 0) {
String msg = "No or empty PIN received from ChipGateway server, despite a key being present.";
LOG.warn(msg);
pin = null;
} else {
CharBuffer charBuf = StandardCharsets.UTF_8.decode(ByteBuffer.wrap(pinBytes));
pin = new char[charBuf.remaining()];
charBuf.get(pin);
if (charBuf.hasArray()) {
Arrays.fill(charBuf.array(), ' ');
}
}
return pin;
} catch (JoseException ex) {
throw new RemotePinException("Error decrypting PIN.", ex);
}
} else {
// PIN sent but no key provided, raise error for the server
throw new RemotePinException("Encrypted PIN received, but no key for decryption is available.");
}
} else {
// no pin sent, let user supply the pin
return null;
}
}
Also used :
RemotePinException(org.openecard.addons.cg.ex.RemotePinException)
JoseException(org.jose4j.lang.JoseException)
CharBuffer(java.nio.CharBuffer)
JsonWebEncryption(org.jose4j.jwe.JsonWebEncryption)
AlgorithmConstraints(org.jose4j.jwa.AlgorithmConstraints)
Nullable(javax.annotation.Nullable)
Example 4 with JsonWebEncryption
use of org.jose4j.jwe.JsonWebEncryption in project cas by apereo.
the class BaseStringCipherExecutor method decryptValue.
/**
* Decrypt value based on the key created during afterPropertiesSet.
*
* @param value the value
* @return the decrypted value
*/
private String decryptValue(final String value) {
try {
final JsonWebEncryption jwe = new JsonWebEncryption();
jwe.setKey(this.secretKeyEncryptionKey);
jwe.setCompactSerialization(value);
LOGGER.debug("Decrypting value...");
return jwe.getPayload();
} catch (final Exception e) {
throw Throwables.propagate(e);
}
}
Also used :
JsonWebEncryption(org.jose4j.jwe.JsonWebEncryption)
Example 5 with JsonWebEncryption
use of org.jose4j.jwe.JsonWebEncryption in project cas by apereo.
the class OidcIdTokenSigningAndEncryptionService method encryptIdToken.
private String encryptIdToken(final OidcRegisteredService svc, final JsonWebSignature jws, final String innerJwt) throws Exception {
LOGGER.debug("Service [{}] is set to encrypt id tokens", svc);
final JsonWebEncryption jwe = new JsonWebEncryption();
jwe.setAlgorithmHeaderValue(svc.getIdTokenEncryptionAlg());
jwe.setEncryptionMethodHeaderParameter(svc.getIdTokenEncryptionEncoding());
final Optional<RsaJsonWebKey> jwks = this.serviceJsonWebKeystoreCache.get(svc);
if (!jwks.isPresent()) {
throw new IllegalArgumentException("Service " + svc.getServiceId() + " with client id " + svc.getClientId() + " is configured to encrypt id tokens, yet no JSON web key is available");
}
final RsaJsonWebKey jsonWebKey = jwks.get();
LOGGER.debug("Found JSON web key to encrypt the id token: [{}]", jsonWebKey);
if (jsonWebKey.getPublicKey() == null) {
throw new IllegalArgumentException("JSON web key used to sign the id token has no associated public key");
}
jwe.setKey(jsonWebKey.getPublicKey());
jwe.setKeyIdHeaderValue(jws.getKeyIdHeaderValue());
jwe.setContentTypeHeaderValue("JWT");
jwe.setPayload(innerJwt);
return jwe.getCompactSerialization();
}
Also used :
RsaJsonWebKey(org.jose4j.jwk.RsaJsonWebKey)
JsonWebEncryption(org.jose4j.jwe.JsonWebEncryption)
Aggregations
JsonWebEncryption (org.jose4j.jwe.JsonWebEncryption)8
lombok.val (lombok.val)2
DecryptionException (org.apereo.cas.util.crypto.DecryptionException)2
AlgorithmConstraints (org.jose4j.jwa.AlgorithmConstraints)2
IOException (java.io.IOException)1
CharBuffer (java.nio.CharBuffer)1
ParseException (java.text.ParseException)1
Nullable (javax.annotation.Nullable)1
InvalidJweException (org.gluu.oxauth.model.exception.InvalidJweException)1
InvalidJwtException (org.gluu.oxauth.model.exception.InvalidJwtException)1
PublicJsonWebKey (org.jose4j.jwk.PublicJsonWebKey)1
RsaJsonWebKey (org.jose4j.jwk.RsaJsonWebKey)1
JoseException (org.jose4j.lang.JoseException)1
JSONException (org.json.JSONException)1
RemotePinException (org.openecard.addons.cg.ex.RemotePinException)1
