Examples with InvalidParameterException org.xdi.oxauth.model.exception.InvalidParameterException used on opensource projects

Search in sources :

Example 1 with InvalidParameterException

use of org.xdi.oxauth.model.exception.InvalidParameterException in project oxAuth by GluuFederation.

the class JweDecrypterImpl method decryptCipherText.

@Override
public String decryptCipherText(String encodedCipherText, byte[] contentMasterKey, byte[] initializationVector, byte[] authenticationTag, byte[] additionalAuthenticatedData) throws InvalidJweException {
    if (getBlockEncryptionAlgorithm() == null) {
        throw new InvalidJweException("The block encryption algorithm is null");
    }
    if (contentMasterKey == null) {
        throw new InvalidJweException("The content master key (CMK) is null");
    }
    if (initializationVector == null) {
        throw new InvalidJweException("The initialization vector is null");
    }
    if (authenticationTag == null) {
        throw new InvalidJweException("The authentication tag is null");
    }
    if (additionalAuthenticatedData == null) {
        throw new InvalidJweException("The additional authentication data is null");
    }
    try {
        if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128GCM || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256GCM) {
            final int MAC_SIZE_BITS = 128;
            byte[] cipherText = Base64Util.base64urldecode(encodedCipherText);
            KeyParameter key = new KeyParameter(contentMasterKey);
            AEADParameters aeadParameters = new AEADParameters(key, MAC_SIZE_BITS, initializationVector, additionalAuthenticatedData);
            SecretKeySpec sks = new SecretKeySpec(contentMasterKey, "AES");
            BlockCipher blockCipher = new AESEngine();
            CipherParameters params = new KeyParameter(sks.getEncoded());
            blockCipher.init(false, params);
            GCMBlockCipher aGCMBlockCipher = new GCMBlockCipher(blockCipher);
            aGCMBlockCipher.init(false, aeadParameters);
            byte[] input = new byte[cipherText.length + authenticationTag.length];
            System.arraycopy(cipherText, 0, input, 0, cipherText.length);
            System.arraycopy(authenticationTag, 0, input, cipherText.length, authenticationTag.length);
            int len = aGCMBlockCipher.getOutputSize(input.length);
            byte[] out = new byte[len];
            int outOff = aGCMBlockCipher.processBytes(input, 0, input.length, out, 0);
            aGCMBlockCipher.doFinal(out, outOff);
            String plaintext = new String(out, Charset.forName(Util.UTF8_STRING_ENCODING));
            return plaintext;
        } else if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128CBC_PLUS_HS256 || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256CBC_PLUS_HS512) {
            byte[] cipherText = Base64Util.base64urldecode(encodedCipherText);
            byte[] cek = KeyDerivationFunction.generateCek(contentMasterKey, getBlockEncryptionAlgorithm());
            Cipher cipher = Cipher.getInstance(getBlockEncryptionAlgorithm().getAlgorithm());
            IvParameterSpec ivParameter = new IvParameterSpec(initializationVector);
            cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(cek, "AES"), ivParameter);
            byte[] decodedPlainTextBytes = cipher.doFinal(cipherText);
            String decodedPlainText = new String(decodedPlainTextBytes, Charset.forName(Util.UTF8_STRING_ENCODING));
            // Integrity check
            String securedInputValue = new String(additionalAuthenticatedData, Charset.forName(Util.UTF8_STRING_ENCODING)) + "." + encodedCipherText;
            byte[] cik = KeyDerivationFunction.generateCik(contentMasterKey, getBlockEncryptionAlgorithm());
            SecretKey secretKey = new SecretKeySpec(cik, getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
            Mac mac = Mac.getInstance(getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
            mac.init(secretKey);
            byte[] integrityValue = mac.doFinal(securedInputValue.getBytes(Util.UTF8_STRING_ENCODING));
            if (!Arrays.equals(integrityValue, authenticationTag)) {
                throw new InvalidJweException("The authentication tag is not valid");
            }
            return decodedPlainText;
        } else {
            throw new InvalidJweException("The block encryption algorithm is not supported");
        }
    } catch (InvalidCipherTextException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchPaddingException e) {
        throw new InvalidJweException(e);
    } catch (BadPaddingException e) {
        throw new InvalidJweException(e);
    } catch (InvalidAlgorithmParameterException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new InvalidJweException(e);
    } catch (IllegalBlockSizeException e) {
        throw new InvalidJweException(e);
    } catch (UnsupportedEncodingException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchProviderException e) {
        throw new InvalidJweException(e);
    } catch (InvalidKeyException e) {
        throw new InvalidJweException(e);
    } catch (InvalidParameterException e) {
        throw new InvalidJweException(e);
    }
}
Also used : InvalidCipherTextException(org.bouncycastle.crypto.InvalidCipherTextException) KeyParameter(org.bouncycastle.crypto.params.KeyParameter) InvalidParameterException(org.xdi.oxauth.model.exception.InvalidParameterException) SecretKeySpec(javax.crypto.spec.SecretKeySpec) InvalidJweException(org.xdi.oxauth.model.exception.InvalidJweException) AESEngine(org.bouncycastle.crypto.engines.AESEngine) BlockCipher(org.bouncycastle.crypto.BlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) UnsupportedEncodingException(java.io.UnsupportedEncodingException) CipherParameters(org.bouncycastle.crypto.CipherParameters) AEADParameters(org.bouncycastle.crypto.params.AEADParameters) IvParameterSpec(javax.crypto.spec.IvParameterSpec) BlockCipher(org.bouncycastle.crypto.BlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher)

Example 2 with InvalidParameterException

use of org.xdi.oxauth.model.exception.InvalidParameterException in project oxAuth by GluuFederation.

the class KeyDerivationFunction method generateCek.

public static byte[] generateCek(byte[] cmk, BlockEncryptionAlgorithm blockEncryptionAlgorithm) throws UnsupportedEncodingException, NoSuchProviderException, NoSuchAlgorithmException, InvalidParameterException {
    if (cmk == null) {
        throw new InvalidParameterException("The content master key (CMK) is null");
    }
    if (blockEncryptionAlgorithm == null) {
        throw new InvalidParameterException("The block encryption algorithm is null");
    }
    if (blockEncryptionAlgorithm != BlockEncryptionAlgorithm.A128CBC_PLUS_HS256 && blockEncryptionAlgorithm != BlockEncryptionAlgorithm.A256CBC_PLUS_HS512) {
        throw new InvalidParameterException("The block encryption algorithm is not supported");
    }
    byte[] round1 = Base64Util.unsignedToBytes(new int[] { 0, 0, 0, 1 });
    byte[] outputBitSize = null;
    if (blockEncryptionAlgorithm != BlockEncryptionAlgorithm.A128CBC_PLUS_HS256) {
        outputBitSize = Base64Util.unsignedToBytes(new int[] { 0, 0, 0, 128 });
    } else {
        //A256CBC_PLUS_HS512
        outputBitSize = Base64Util.unsignedToBytes(new int[] { 0, 0, 1, 0 });
    }
    byte[] encValue = blockEncryptionAlgorithm.getName().getBytes(Util.UTF8_STRING_ENCODING);
    byte[] epu = Base64Util.unsignedToBytes(new int[] { 0, 0, 0, 0 });
    byte[] epv = Base64Util.unsignedToBytes(new int[] { 0, 0, 0, 0 });
    byte[] label = "Encryption".getBytes(Util.UTF8_STRING_ENCODING);
    byte[] round1Input = ArrayUtils.addAll(round1, cmk);
    round1Input = ArrayUtils.addAll(round1Input, outputBitSize);
    round1Input = ArrayUtils.addAll(round1Input, encValue);
    round1Input = ArrayUtils.addAll(round1Input, epu);
    round1Input = ArrayUtils.addAll(round1Input, epv);
    round1Input = ArrayUtils.addAll(round1Input, label);
    MessageDigest mda = MessageDigest.getInstance(blockEncryptionAlgorithm.getMessageDiggestAlgorithm(), "BC");
    byte[] round1Hash = mda.digest(round1Input);
    byte[] cek = Arrays.copyOf(round1Hash, blockEncryptionAlgorithm.getCekLength() / 8);
    return cek;
}
Also used : InvalidParameterException(org.xdi.oxauth.model.exception.InvalidParameterException) MessageDigest(java.security.MessageDigest)

Example 3 with InvalidParameterException

use of org.xdi.oxauth.model.exception.InvalidParameterException in project oxAuth by GluuFederation.

the class KeyDerivationFunction method generateCik.

public static byte[] generateCik(byte[] cmk, BlockEncryptionAlgorithm blockEncryptionAlgorithm) throws UnsupportedEncodingException, NoSuchProviderException, NoSuchAlgorithmException, InvalidParameterException {
    if (cmk == null) {
        throw new InvalidParameterException("The content master key (CMK) is null");
    }
    if (blockEncryptionAlgorithm == null) {
        throw new InvalidParameterException("The block encryption algorithm is null");
    }
    if (blockEncryptionAlgorithm != BlockEncryptionAlgorithm.A128CBC_PLUS_HS256 && blockEncryptionAlgorithm != BlockEncryptionAlgorithm.A256CBC_PLUS_HS512) {
        throw new InvalidParameterException("The block encryption algorithm is not supported");
    }
    byte[] round1 = Base64Util.unsignedToBytes(new int[] { 0, 0, 0, 1 });
    byte[] outputBitSize = null;
    if (blockEncryptionAlgorithm != BlockEncryptionAlgorithm.A128CBC_PLUS_HS256) {
        outputBitSize = Base64Util.unsignedToBytes(new int[] { 0, 0, 1, 0 });
    } else {
        //A256CBC_PLUS_HS512
        outputBitSize = Base64Util.unsignedToBytes(new int[] { 0, 0, 2, 0 });
    }
    byte[] encValue = blockEncryptionAlgorithm.getName().getBytes(Util.UTF8_STRING_ENCODING);
    byte[] epu = Base64Util.unsignedToBytes(new int[] { 0, 0, 0, 0 });
    byte[] epv = Base64Util.unsignedToBytes(new int[] { 0, 0, 0, 0 });
    byte[] label = "Integrity".getBytes(Util.UTF8_STRING_ENCODING);
    byte[] round1Input = ArrayUtils.addAll(round1, cmk);
    round1Input = ArrayUtils.addAll(round1Input, outputBitSize);
    round1Input = ArrayUtils.addAll(round1Input, encValue);
    round1Input = ArrayUtils.addAll(round1Input, epu);
    round1Input = ArrayUtils.addAll(round1Input, epv);
    round1Input = ArrayUtils.addAll(round1Input, label);
    MessageDigest mda = MessageDigest.getInstance(blockEncryptionAlgorithm.getMessageDiggestAlgorithm(), "BC");
    byte[] cik = mda.digest(round1Input);
    return cik;
}
Also used : InvalidParameterException(org.xdi.oxauth.model.exception.InvalidParameterException) MessageDigest(java.security.MessageDigest)

Example 4 with InvalidParameterException

use of org.xdi.oxauth.model.exception.InvalidParameterException in project oxAuth by GluuFederation.

the class JweEncrypterImpl method generateCipherTextAndIntegrityValue.

@Override
public Pair<String, String> generateCipherTextAndIntegrityValue(byte[] contentMasterKey, byte[] initializationVector, byte[] additionalAuthenticatedData, byte[] plainText) throws InvalidJweException {
    if (getBlockEncryptionAlgorithm() == null) {
        throw new InvalidJweException("The block encryption algorithm is null");
    }
    if (contentMasterKey == null) {
        throw new InvalidJweException("The content master key (CMK) is null");
    }
    if (initializationVector == null) {
        throw new InvalidJweException("The initialization vector is null");
    }
    if (additionalAuthenticatedData == null) {
        throw new InvalidJweException("The additional authentication data is null");
    }
    if (plainText == null) {
        throw new InvalidJweException("The plain text to encrypt is null");
    }
    try {
        if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128GCM || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256GCM) {
            SecretKey secretKey = new SecretKeySpec(contentMasterKey, "AES");
            KeyParameter key = new KeyParameter(contentMasterKey);
            final int MAC_SIZE_BITS = 128;
            AEADParameters aeadParameters = new AEADParameters(key, MAC_SIZE_BITS, initializationVector, additionalAuthenticatedData);
            final int macSize = aeadParameters.getMacSize() / 8;
            BlockCipher blockCipher = new AESEngine();
            CipherParameters params = new KeyParameter(secretKey.getEncoded());
            blockCipher.init(true, params);
            GCMBlockCipher aGCMBlockCipher = new GCMBlockCipher(blockCipher);
            aGCMBlockCipher.init(true, aeadParameters);
            int len = aGCMBlockCipher.getOutputSize(plainText.length);
            byte[] out = new byte[len];
            int outOff = aGCMBlockCipher.processBytes(plainText, 0, plainText.length, out, 0);
            outOff += aGCMBlockCipher.doFinal(out, outOff);
            byte[] cipherText = new byte[outOff - macSize];
            System.arraycopy(out, 0, cipherText, 0, cipherText.length);
            byte[] authenticationTag = new byte[macSize];
            System.arraycopy(out, outOff - macSize, authenticationTag, 0, authenticationTag.length);
            String encodedCipherText = Base64Util.base64urlencode(cipherText);
            String encodedAuthenticationTag = Base64Util.base64urlencode(authenticationTag);
            return new Pair<String, String>(encodedCipherText, encodedAuthenticationTag);
        } else if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128CBC_PLUS_HS256 || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256CBC_PLUS_HS512) {
            byte[] cek = KeyDerivationFunction.generateCek(contentMasterKey, getBlockEncryptionAlgorithm());
            IvParameterSpec parameters = new IvParameterSpec(initializationVector);
            Cipher cipher = Cipher.getInstance(getBlockEncryptionAlgorithm().getAlgorithm(), "BC");
            //Cipher cipher = Cipher.getInstance(getBlockEncryptionAlgorithm().getAlgorithm());
            SecretKeySpec secretKeySpec = new SecretKeySpec(cek, "AES");
            cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, parameters);
            byte[] cipherText = cipher.doFinal(plainText);
            String encodedCipherText = Base64Util.base64urlencode(cipherText);
            String securedInputValue = new String(additionalAuthenticatedData, Charset.forName(Util.UTF8_STRING_ENCODING)) + "." + encodedCipherText;
            byte[] cik = KeyDerivationFunction.generateCik(contentMasterKey, getBlockEncryptionAlgorithm());
            SecretKey secretKey = new SecretKeySpec(cik, getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
            Mac mac = Mac.getInstance(getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
            mac.init(secretKey);
            byte[] integrityValue = mac.doFinal(securedInputValue.getBytes(Util.UTF8_STRING_ENCODING));
            String encodedIntegrityValue = Base64Util.base64urlencode(integrityValue);
            return new Pair<String, String>(encodedCipherText, encodedIntegrityValue);
        } else {
            throw new InvalidJweException("The block encryption algorithm is not supported");
        }
    } catch (InvalidCipherTextException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new InvalidJweException(e);
    } catch (UnsupportedEncodingException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchProviderException e) {
        throw new InvalidJweException(e);
    } catch (IllegalBlockSizeException e) {
        throw new InvalidJweException(e);
    } catch (InvalidKeyException e) {
        throw new InvalidJweException(e);
    } catch (BadPaddingException e) {
        throw new InvalidJweException(e);
    } catch (InvalidAlgorithmParameterException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchPaddingException e) {
        throw new InvalidJweException(e);
    } catch (InvalidParameterException e) {
        throw new InvalidJweException(e);
    }
}
Also used : InvalidCipherTextException(org.bouncycastle.crypto.InvalidCipherTextException) KeyParameter(org.bouncycastle.crypto.params.KeyParameter) InvalidParameterException(org.xdi.oxauth.model.exception.InvalidParameterException) SecretKeySpec(javax.crypto.spec.SecretKeySpec) InvalidJweException(org.xdi.oxauth.model.exception.InvalidJweException) Pair(org.xdi.oxauth.model.util.Pair) AESEngine(org.bouncycastle.crypto.engines.AESEngine) BlockCipher(org.bouncycastle.crypto.BlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) UnsupportedEncodingException(java.io.UnsupportedEncodingException) CipherParameters(org.bouncycastle.crypto.CipherParameters) AEADParameters(org.bouncycastle.crypto.params.AEADParameters) IvParameterSpec(javax.crypto.spec.IvParameterSpec) BlockCipher(org.bouncycastle.crypto.BlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher)

Aggregations

InvalidParameterException (org.xdi.oxauth.model.exception.InvalidParameterException)4 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 MessageDigest (java.security.MessageDigest)2 IvParameterSpec (javax.crypto.spec.IvParameterSpec)2 SecretKeySpec (javax.crypto.spec.SecretKeySpec)2 BlockCipher (org.bouncycastle.crypto.BlockCipher)2 CipherParameters (org.bouncycastle.crypto.CipherParameters)2 InvalidCipherTextException (org.bouncycastle.crypto.InvalidCipherTextException)2 AESEngine (org.bouncycastle.crypto.engines.AESEngine)2 GCMBlockCipher (org.bouncycastle.crypto.modes.GCMBlockCipher)2 AEADParameters (org.bouncycastle.crypto.params.AEADParameters)2 KeyParameter (org.bouncycastle.crypto.params.KeyParameter)2 InvalidJweException (org.xdi.oxauth.model.exception.InvalidJweException)2 Pair (org.xdi.oxauth.model.util.Pair)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial