Example 6 with JWE
use of org.keycloak.jose.jwe.JWE in project keycloak by keycloak.
the class JOSEParser method parse.
/**
* Parses the given encoded {@code jwt} and returns either a {@link JWSInput} or {@link JWE}
* depending on the JOSE header configuration.
*
* @param jwt the encoded JWT
* @return a {@link JOSE}
*/
public static JOSE parse(String jwt) {
String[] parts = jwt.split("\\.");
if (parts.length == 0) {
throw new RuntimeException("Could not infer header from JWT");
}
JsonNode header;
try {
header = JsonSerialization.readValue(Base64Url.decode(parts[0]), JsonNode.class);
} catch (IOException cause) {
throw new RuntimeException("Failed to parse JWT header", cause);
}
if (header.has("enc")) {
return new JWE(jwt);
}
try {
return new JWSInput(jwt);
} catch (JWSInputException cause) {
throw new RuntimeException("Failed to build JWS", cause);
}
}
Also used :
JWE(org.keycloak.jose.jwe.JWE)
JWSInputException(org.keycloak.jose.jws.JWSInputException)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
IOException(java.io.IOException)
JWSInput(org.keycloak.jose.jws.JWSInput)
Example 7 with JWE
use of org.keycloak.jose.jwe.JWE in project keycloak by keycloak.
the class TokenUtil method jweDirectVerifyAndDecode.
public static byte[] jweDirectVerifyAndDecode(Key aesKey, Key hmacKey, String jweStr) throws JWEException {
JWE jwe = new JWE();
jwe.getKeyStorage().setCEKKey(aesKey, JWEKeyStorage.KeyUse.ENCRYPTION).setCEKKey(hmacKey, JWEKeyStorage.KeyUse.SIGNATURE);
jwe.verifyAndDecodeJwe(jweStr);
return jwe.getContent();
}
Also used :
JWE(org.keycloak.jose.jwe.JWE)
Example 8 with JWE
use of org.keycloak.jose.jwe.JWE in project keycloak by keycloak.
the class TokenUtil method jweDirectEncode.
public static String jweDirectEncode(Key aesKey, Key hmacKey, byte[] contentBytes) throws JWEException {
int keyLength = aesKey.getEncoded().length;
String encAlgorithm;
switch(keyLength) {
case 16:
encAlgorithm = JWEConstants.A128CBC_HS256;
break;
case 24:
encAlgorithm = JWEConstants.A192CBC_HS384;
break;
case 32:
encAlgorithm = JWEConstants.A256CBC_HS512;
break;
default:
throw new IllegalArgumentException("Bad size for Encryption key: " + aesKey + ". Valid sizes are 16, 24, 32.");
}
JWEHeader jweHeader = new JWEHeader(JWEConstants.DIR, encAlgorithm, null);
JWE jwe = new JWE().header(jweHeader).content(contentBytes);
jwe.getKeyStorage().setCEKKey(aesKey, JWEKeyStorage.KeyUse.ENCRYPTION).setCEKKey(hmacKey, JWEKeyStorage.KeyUse.SIGNATURE);
return jwe.encodeJwe();
}Example 9 with JWE
use of org.keycloak.jose.jwe.JWE in project keycloak by keycloak.
the class OIDCAdvancedRequestParamsTest method createEncryptedRequestObject.
private String createEncryptedRequestObject(String encAlg) throws IOException, JWEException {
try (CloseableHttpClient httpClient = HttpClientBuilder.create().build()) {
OIDCConfigurationRepresentation representation = SimpleHttp.doGet(getAuthServerRoot().toString() + "realms/" + oauth.getRealm() + "/.well-known/openid-configuration", httpClient).asJson(OIDCConfigurationRepresentation.class);
String jwksUri = representation.getJwksUri();
JSONWebKeySet jsonWebKeySet = SimpleHttp.doGet(jwksUri, httpClient).asJson(JSONWebKeySet.class);
Map<String, PublicKey> keysForUse = JWKSUtils.getKeysForUse(jsonWebKeySet, JWK.Use.ENCRYPTION);
String keyId = null;
if (keyId == null) {
KeysMetadataRepresentation.KeyMetadataRepresentation encKey = KeyUtils.getActiveEncKey(testRealm().keys().getKeyMetadata(), org.keycloak.crypto.Algorithm.PS256);
keyId = encKey.getKid();
}
PublicKey decryptionKEK = keysForUse.get(keyId);
JWE jwe = new JWE().header(new JWEHeader(encAlg, JWEConstants.A256GCM, null)).content(createAndSignRequestObject().getBytes());
jwe.getKeyStorage().setEncryptionKey(decryptionKEK);
return jwe.encodeJwe();
}
}
Also used :
KeysMetadataRepresentation(org.keycloak.representations.idm.KeysMetadataRepresentation)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
JWEHeader(org.keycloak.jose.jwe.JWEHeader)
JSONWebKeySet(org.keycloak.jose.jwk.JSONWebKeySet)
PublicKey(java.security.PublicKey)
JWE(org.keycloak.jose.jwe.JWE)
OIDCConfigurationRepresentation(org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation)
Aggregations
JWE (org.keycloak.jose.jwe.JWE)9
IOException (java.io.IOException)2
PublicKey (java.security.PublicKey)2
CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)2
JWEHeader (org.keycloak.jose.jwe.JWEHeader)2
JSONWebKeySet (org.keycloak.jose.jwk.JSONWebKeySet)2
JsonNode (com.fasterxml.jackson.databind.JsonNode)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
Key (java.security.Key)1
PrivateKey (java.security.PrivateKey)1
Comparator (java.util.Comparator)1
Optional (java.util.Optional)1
BiConsumer (java.util.function.BiConsumer)1
Function (java.util.function.Function)1
Predicate (java.util.function.Predicate)1
Supplier (java.util.function.Supplier)1
Stream (java.util.stream.Stream)1
Logger (org.jboss.logging.Logger)1
Token (org.keycloak.Token)1
TokenCategory (org.keycloak.TokenCategory)1
