Search in sources :

Example 1 with RsaKeyEncryptionJWEAlgorithmProvider

use of org.keycloak.jose.jwe.alg.RsaKeyEncryptionJWEAlgorithmProvider in project keycloak by keycloak.

the class JWETest method testKeyEncryption_ContentEncryptionAesGcm.

private void testKeyEncryption_ContentEncryptionAesGcm(String jweAlgorithmName, String jweEncryptionName) throws Exception {
    // generate key pair for KEK
    KeyPair keyPair = KeyUtils.generateRsaKeyPair(2048);
    JWEAlgorithmProvider jweAlgorithmProvider = new RsaKeyEncryptionJWEAlgorithmProvider(getJcaAlgorithmName(jweAlgorithmName));
    JWEEncryptionProvider jweEncryptionProvider = new AesGcmJWEEncryptionProvider(jweEncryptionName);
    JWEHeader jweHeader = new JWEHeader(jweAlgorithmName, jweEncryptionName, null);
    JWE jwe = new JWE().header(jweHeader).content(PAYLOAD.getBytes(StandardCharsets.UTF_8));
    jwe.getKeyStorage().setEncryptionKey(keyPair.getPublic());
    String encodedContent = jwe.encodeJwe(jweAlgorithmProvider, jweEncryptionProvider);
    System.out.println("Encoded content: " + encodedContent);
    System.out.println("Encoded content length: " + encodedContent.length());
    jwe = new JWE();
    jwe.getKeyStorage().setDecryptionKey(keyPair.getPrivate());
    jwe.verifyAndDecodeJwe(encodedContent, jweAlgorithmProvider, jweEncryptionProvider);
    String decodedContent = new String(jwe.getContent(), StandardCharsets.UTF_8);
    System.out.println("Decoded content: " + decodedContent);
    System.out.println("Decoded content length: " + decodedContent.length());
    Assert.assertEquals(PAYLOAD, decodedContent);
}
Also used : KeyPair(java.security.KeyPair) RsaKeyEncryptionJWEAlgorithmProvider(org.keycloak.jose.jwe.alg.RsaKeyEncryptionJWEAlgorithmProvider) JWEAlgorithmProvider(org.keycloak.jose.jwe.alg.JWEAlgorithmProvider) RsaKeyEncryptionJWEAlgorithmProvider(org.keycloak.jose.jwe.alg.RsaKeyEncryptionJWEAlgorithmProvider) AesGcmJWEEncryptionProvider(org.keycloak.jose.jwe.enc.AesGcmJWEEncryptionProvider) JWEEncryptionProvider(org.keycloak.jose.jwe.enc.JWEEncryptionProvider) AesCbcHmacShaJWEEncryptionProvider(org.keycloak.jose.jwe.enc.AesCbcHmacShaJWEEncryptionProvider) AesGcmJWEEncryptionProvider(org.keycloak.jose.jwe.enc.AesGcmJWEEncryptionProvider)

Example 2 with RsaKeyEncryptionJWEAlgorithmProvider

use of org.keycloak.jose.jwe.alg.RsaKeyEncryptionJWEAlgorithmProvider in project keycloak by keycloak.

the class JWETest method testKeyEncryption_ContentEncryptionAesHmacSha.

private void testKeyEncryption_ContentEncryptionAesHmacSha(String jweAlgorithmName, String jweEncryptionName) throws Exception {
    // generate key pair for KEK
    KeyPair keyPair = KeyUtils.generateRsaKeyPair(2048);
    // generate CEK
    final SecretKey aesKey = new SecretKeySpec(AES_128_KEY, "AES");
    final SecretKey hmacKey = new SecretKeySpec(HMAC_SHA256_KEY, "HMACSHA2");
    JWEAlgorithmProvider jweAlgorithmProvider = new RsaKeyEncryptionJWEAlgorithmProvider(getJcaAlgorithmName(jweAlgorithmName));
    JWEEncryptionProvider jweEncryptionProvider = new AesCbcHmacShaJWEEncryptionProvider(jweEncryptionName);
    JWEHeader jweHeader = new JWEHeader(jweAlgorithmName, jweEncryptionName, null);
    JWE jwe = new JWE().header(jweHeader).content(PAYLOAD.getBytes(StandardCharsets.UTF_8));
    jwe.getKeyStorage().setEncryptionKey(keyPair.getPublic());
    jwe.getKeyStorage().setCEKKey(aesKey, JWEKeyStorage.KeyUse.ENCRYPTION).setCEKKey(hmacKey, JWEKeyStorage.KeyUse.SIGNATURE);
    String encodedContent = jwe.encodeJwe(jweAlgorithmProvider, jweEncryptionProvider);
    System.out.println("Encoded content: " + encodedContent);
    System.out.println("Encoded content length: " + encodedContent.length());
    jwe = new JWE();
    jwe.getKeyStorage().setDecryptionKey(keyPair.getPrivate());
    jwe.getKeyStorage().setCEKKey(aesKey, JWEKeyStorage.KeyUse.ENCRYPTION).setCEKKey(hmacKey, JWEKeyStorage.KeyUse.SIGNATURE);
    jwe.verifyAndDecodeJwe(encodedContent, jweAlgorithmProvider, jweEncryptionProvider);
    String decodedContent = new String(jwe.getContent(), StandardCharsets.UTF_8);
    System.out.println("Decoded content: " + decodedContent);
    System.out.println("Decoded content length: " + decodedContent.length());
    Assert.assertEquals(PAYLOAD, decodedContent);
}
Also used : KeyPair(java.security.KeyPair) SecretKey(javax.crypto.SecretKey) RsaKeyEncryptionJWEAlgorithmProvider(org.keycloak.jose.jwe.alg.RsaKeyEncryptionJWEAlgorithmProvider) JWEAlgorithmProvider(org.keycloak.jose.jwe.alg.JWEAlgorithmProvider) SecretKeySpec(javax.crypto.spec.SecretKeySpec) RsaKeyEncryptionJWEAlgorithmProvider(org.keycloak.jose.jwe.alg.RsaKeyEncryptionJWEAlgorithmProvider) AesCbcHmacShaJWEEncryptionProvider(org.keycloak.jose.jwe.enc.AesCbcHmacShaJWEEncryptionProvider) AesGcmJWEEncryptionProvider(org.keycloak.jose.jwe.enc.AesGcmJWEEncryptionProvider) JWEEncryptionProvider(org.keycloak.jose.jwe.enc.JWEEncryptionProvider) AesCbcHmacShaJWEEncryptionProvider(org.keycloak.jose.jwe.enc.AesCbcHmacShaJWEEncryptionProvider)

Aggregations

KeyPair (java.security.KeyPair)2 JWEAlgorithmProvider (org.keycloak.jose.jwe.alg.JWEAlgorithmProvider)2 RsaKeyEncryptionJWEAlgorithmProvider (org.keycloak.jose.jwe.alg.RsaKeyEncryptionJWEAlgorithmProvider)2 AesCbcHmacShaJWEEncryptionProvider (org.keycloak.jose.jwe.enc.AesCbcHmacShaJWEEncryptionProvider)2 AesGcmJWEEncryptionProvider (org.keycloak.jose.jwe.enc.AesGcmJWEEncryptionProvider)2 JWEEncryptionProvider (org.keycloak.jose.jwe.enc.JWEEncryptionProvider)2 SecretKey (javax.crypto.SecretKey)1 SecretKeySpec (javax.crypto.spec.SecretKeySpec)1