use of org.keycloak.jose.jwe.JWE in project keycloak by keycloak.
the class JOSEParser method parse.
/**
* Parses the given encoded {@code jwt} and returns either a {@link JWSInput} or {@link JWE}
* depending on the JOSE header configuration.
*
* @param jwt the encoded JWT
* @return a {@link JOSE}
*/
public static JOSE parse(String jwt) {
String[] parts = jwt.split("\\.");
if (parts.length == 0) {
throw new RuntimeException("Could not infer header from JWT");
}
JsonNode header;
try {
header = JsonSerialization.readValue(Base64Url.decode(parts[0]), JsonNode.class);
} catch (IOException cause) {
throw new RuntimeException("Failed to parse JWT header", cause);
}
if (header.has("enc")) {
return new JWE(jwt);
}
try {
return new JWSInput(jwt);
} catch (JWSInputException cause) {
throw new RuntimeException("Failed to build JWS", cause);
}
}
use of org.keycloak.jose.jwe.JWE in project keycloak by keycloak.
the class TokenUtil method jweDirectVerifyAndDecode.
public static byte[] jweDirectVerifyAndDecode(Key aesKey, Key hmacKey, String jweStr) throws JWEException {
JWE jwe = new JWE();
jwe.getKeyStorage().setCEKKey(aesKey, JWEKeyStorage.KeyUse.ENCRYPTION).setCEKKey(hmacKey, JWEKeyStorage.KeyUse.SIGNATURE);
jwe.verifyAndDecodeJwe(jweStr);
return jwe.getContent();
}
use of org.keycloak.jose.jwe.JWE in project keycloak by keycloak.
the class TokenUtil method jweDirectEncode.
public static String jweDirectEncode(Key aesKey, Key hmacKey, byte[] contentBytes) throws JWEException {
int keyLength = aesKey.getEncoded().length;
String encAlgorithm;
switch(keyLength) {
case 16:
encAlgorithm = JWEConstants.A128CBC_HS256;
break;
case 24:
encAlgorithm = JWEConstants.A192CBC_HS384;
break;
case 32:
encAlgorithm = JWEConstants.A256CBC_HS512;
break;
default:
throw new IllegalArgumentException("Bad size for Encryption key: " + aesKey + ". Valid sizes are 16, 24, 32.");
}
JWEHeader jweHeader = new JWEHeader(JWEConstants.DIR, encAlgorithm, null);
JWE jwe = new JWE().header(jweHeader).content(contentBytes);
jwe.getKeyStorage().setCEKKey(aesKey, JWEKeyStorage.KeyUse.ENCRYPTION).setCEKKey(hmacKey, JWEKeyStorage.KeyUse.SIGNATURE);
return jwe.encodeJwe();
}
use of org.keycloak.jose.jwe.JWE in project keycloak by keycloak.
the class OIDCAdvancedRequestParamsTest method createEncryptedRequestObject.
private String createEncryptedRequestObject(String encAlg) throws IOException, JWEException {
try (CloseableHttpClient httpClient = HttpClientBuilder.create().build()) {
OIDCConfigurationRepresentation representation = SimpleHttp.doGet(getAuthServerRoot().toString() + "realms/" + oauth.getRealm() + "/.well-known/openid-configuration", httpClient).asJson(OIDCConfigurationRepresentation.class);
String jwksUri = representation.getJwksUri();
JSONWebKeySet jsonWebKeySet = SimpleHttp.doGet(jwksUri, httpClient).asJson(JSONWebKeySet.class);
Map<String, PublicKey> keysForUse = JWKSUtils.getKeysForUse(jsonWebKeySet, JWK.Use.ENCRYPTION);
String keyId = null;
if (keyId == null) {
KeysMetadataRepresentation.KeyMetadataRepresentation encKey = KeyUtils.getActiveEncKey(testRealm().keys().getKeyMetadata(), org.keycloak.crypto.Algorithm.PS256);
keyId = encKey.getKid();
}
PublicKey decryptionKEK = keysForUse.get(keyId);
JWE jwe = new JWE().header(new JWEHeader(encAlg, JWEConstants.A256GCM, null)).content(createAndSignRequestObject().getBytes());
jwe.getKeyStorage().setEncryptionKey(decryptionKEK);
return jwe.encodeJwe();
}
}
Aggregations