use of org.xdi.oxauth.model.exception.InvalidParameterException in project oxAuth by GluuFederation.
the class JweDecrypterImpl method decryptCipherText.
@Override
public String decryptCipherText(String encodedCipherText, byte[] contentMasterKey, byte[] initializationVector, byte[] authenticationTag, byte[] additionalAuthenticatedData) throws InvalidJweException {
if (getBlockEncryptionAlgorithm() == null) {
throw new InvalidJweException("The block encryption algorithm is null");
}
if (contentMasterKey == null) {
throw new InvalidJweException("The content master key (CMK) is null");
}
if (initializationVector == null) {
throw new InvalidJweException("The initialization vector is null");
}
if (authenticationTag == null) {
throw new InvalidJweException("The authentication tag is null");
}
if (additionalAuthenticatedData == null) {
throw new InvalidJweException("The additional authentication data is null");
}
try {
if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128GCM || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256GCM) {
final int MAC_SIZE_BITS = 128;
byte[] cipherText = Base64Util.base64urldecode(encodedCipherText);
KeyParameter key = new KeyParameter(contentMasterKey);
AEADParameters aeadParameters = new AEADParameters(key, MAC_SIZE_BITS, initializationVector, additionalAuthenticatedData);
SecretKeySpec sks = new SecretKeySpec(contentMasterKey, "AES");
BlockCipher blockCipher = new AESEngine();
CipherParameters params = new KeyParameter(sks.getEncoded());
blockCipher.init(false, params);
GCMBlockCipher aGCMBlockCipher = new GCMBlockCipher(blockCipher);
aGCMBlockCipher.init(false, aeadParameters);
byte[] input = new byte[cipherText.length + authenticationTag.length];
System.arraycopy(cipherText, 0, input, 0, cipherText.length);
System.arraycopy(authenticationTag, 0, input, cipherText.length, authenticationTag.length);
int len = aGCMBlockCipher.getOutputSize(input.length);
byte[] out = new byte[len];
int outOff = aGCMBlockCipher.processBytes(input, 0, input.length, out, 0);
aGCMBlockCipher.doFinal(out, outOff);
String plaintext = new String(out, Charset.forName(Util.UTF8_STRING_ENCODING));
return plaintext;
} else if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128CBC_PLUS_HS256 || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256CBC_PLUS_HS512) {
byte[] cipherText = Base64Util.base64urldecode(encodedCipherText);
byte[] cek = KeyDerivationFunction.generateCek(contentMasterKey, getBlockEncryptionAlgorithm());
Cipher cipher = Cipher.getInstance(getBlockEncryptionAlgorithm().getAlgorithm());
IvParameterSpec ivParameter = new IvParameterSpec(initializationVector);
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(cek, "AES"), ivParameter);
byte[] decodedPlainTextBytes = cipher.doFinal(cipherText);
String decodedPlainText = new String(decodedPlainTextBytes, Charset.forName(Util.UTF8_STRING_ENCODING));
// Integrity check
String securedInputValue = new String(additionalAuthenticatedData, Charset.forName(Util.UTF8_STRING_ENCODING)) + "." + encodedCipherText;
byte[] cik = KeyDerivationFunction.generateCik(contentMasterKey, getBlockEncryptionAlgorithm());
SecretKey secretKey = new SecretKeySpec(cik, getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
Mac mac = Mac.getInstance(getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
mac.init(secretKey);
byte[] integrityValue = mac.doFinal(securedInputValue.getBytes(Util.UTF8_STRING_ENCODING));
if (!Arrays.equals(integrityValue, authenticationTag)) {
throw new InvalidJweException("The authentication tag is not valid");
}
return decodedPlainText;
} else {
throw new InvalidJweException("The block encryption algorithm is not supported");
}
} catch (InvalidCipherTextException e) {
throw new InvalidJweException(e);
} catch (NoSuchPaddingException e) {
throw new InvalidJweException(e);
} catch (BadPaddingException e) {
throw new InvalidJweException(e);
} catch (InvalidAlgorithmParameterException e) {
throw new InvalidJweException(e);
} catch (NoSuchAlgorithmException e) {
throw new InvalidJweException(e);
} catch (IllegalBlockSizeException e) {
throw new InvalidJweException(e);
} catch (UnsupportedEncodingException e) {
throw new InvalidJweException(e);
} catch (NoSuchProviderException e) {
throw new InvalidJweException(e);
} catch (InvalidKeyException e) {
throw new InvalidJweException(e);
} catch (InvalidParameterException e) {
throw new InvalidJweException(e);
}
}
use of org.xdi.oxauth.model.exception.InvalidParameterException in project oxAuth by GluuFederation.
the class KeyDerivationFunction method generateCek.
public static byte[] generateCek(byte[] cmk, BlockEncryptionAlgorithm blockEncryptionAlgorithm) throws UnsupportedEncodingException, NoSuchProviderException, NoSuchAlgorithmException, InvalidParameterException {
if (cmk == null) {
throw new InvalidParameterException("The content master key (CMK) is null");
}
if (blockEncryptionAlgorithm == null) {
throw new InvalidParameterException("The block encryption algorithm is null");
}
if (blockEncryptionAlgorithm != BlockEncryptionAlgorithm.A128CBC_PLUS_HS256 && blockEncryptionAlgorithm != BlockEncryptionAlgorithm.A256CBC_PLUS_HS512) {
throw new InvalidParameterException("The block encryption algorithm is not supported");
}
byte[] round1 = Base64Util.unsignedToBytes(new int[] { 0, 0, 0, 1 });
byte[] outputBitSize = null;
if (blockEncryptionAlgorithm != BlockEncryptionAlgorithm.A128CBC_PLUS_HS256) {
outputBitSize = Base64Util.unsignedToBytes(new int[] { 0, 0, 0, 128 });
} else {
//A256CBC_PLUS_HS512
outputBitSize = Base64Util.unsignedToBytes(new int[] { 0, 0, 1, 0 });
}
byte[] encValue = blockEncryptionAlgorithm.getName().getBytes(Util.UTF8_STRING_ENCODING);
byte[] epu = Base64Util.unsignedToBytes(new int[] { 0, 0, 0, 0 });
byte[] epv = Base64Util.unsignedToBytes(new int[] { 0, 0, 0, 0 });
byte[] label = "Encryption".getBytes(Util.UTF8_STRING_ENCODING);
byte[] round1Input = ArrayUtils.addAll(round1, cmk);
round1Input = ArrayUtils.addAll(round1Input, outputBitSize);
round1Input = ArrayUtils.addAll(round1Input, encValue);
round1Input = ArrayUtils.addAll(round1Input, epu);
round1Input = ArrayUtils.addAll(round1Input, epv);
round1Input = ArrayUtils.addAll(round1Input, label);
MessageDigest mda = MessageDigest.getInstance(blockEncryptionAlgorithm.getMessageDiggestAlgorithm(), "BC");
byte[] round1Hash = mda.digest(round1Input);
byte[] cek = Arrays.copyOf(round1Hash, blockEncryptionAlgorithm.getCekLength() / 8);
return cek;
}
use of org.xdi.oxauth.model.exception.InvalidParameterException in project oxAuth by GluuFederation.
the class KeyDerivationFunction method generateCik.
public static byte[] generateCik(byte[] cmk, BlockEncryptionAlgorithm blockEncryptionAlgorithm) throws UnsupportedEncodingException, NoSuchProviderException, NoSuchAlgorithmException, InvalidParameterException {
if (cmk == null) {
throw new InvalidParameterException("The content master key (CMK) is null");
}
if (blockEncryptionAlgorithm == null) {
throw new InvalidParameterException("The block encryption algorithm is null");
}
if (blockEncryptionAlgorithm != BlockEncryptionAlgorithm.A128CBC_PLUS_HS256 && blockEncryptionAlgorithm != BlockEncryptionAlgorithm.A256CBC_PLUS_HS512) {
throw new InvalidParameterException("The block encryption algorithm is not supported");
}
byte[] round1 = Base64Util.unsignedToBytes(new int[] { 0, 0, 0, 1 });
byte[] outputBitSize = null;
if (blockEncryptionAlgorithm != BlockEncryptionAlgorithm.A128CBC_PLUS_HS256) {
outputBitSize = Base64Util.unsignedToBytes(new int[] { 0, 0, 1, 0 });
} else {
//A256CBC_PLUS_HS512
outputBitSize = Base64Util.unsignedToBytes(new int[] { 0, 0, 2, 0 });
}
byte[] encValue = blockEncryptionAlgorithm.getName().getBytes(Util.UTF8_STRING_ENCODING);
byte[] epu = Base64Util.unsignedToBytes(new int[] { 0, 0, 0, 0 });
byte[] epv = Base64Util.unsignedToBytes(new int[] { 0, 0, 0, 0 });
byte[] label = "Integrity".getBytes(Util.UTF8_STRING_ENCODING);
byte[] round1Input = ArrayUtils.addAll(round1, cmk);
round1Input = ArrayUtils.addAll(round1Input, outputBitSize);
round1Input = ArrayUtils.addAll(round1Input, encValue);
round1Input = ArrayUtils.addAll(round1Input, epu);
round1Input = ArrayUtils.addAll(round1Input, epv);
round1Input = ArrayUtils.addAll(round1Input, label);
MessageDigest mda = MessageDigest.getInstance(blockEncryptionAlgorithm.getMessageDiggestAlgorithm(), "BC");
byte[] cik = mda.digest(round1Input);
return cik;
}
use of org.xdi.oxauth.model.exception.InvalidParameterException in project oxAuth by GluuFederation.
the class JweEncrypterImpl method generateCipherTextAndIntegrityValue.
@Override
public Pair<String, String> generateCipherTextAndIntegrityValue(byte[] contentMasterKey, byte[] initializationVector, byte[] additionalAuthenticatedData, byte[] plainText) throws InvalidJweException {
if (getBlockEncryptionAlgorithm() == null) {
throw new InvalidJweException("The block encryption algorithm is null");
}
if (contentMasterKey == null) {
throw new InvalidJweException("The content master key (CMK) is null");
}
if (initializationVector == null) {
throw new InvalidJweException("The initialization vector is null");
}
if (additionalAuthenticatedData == null) {
throw new InvalidJweException("The additional authentication data is null");
}
if (plainText == null) {
throw new InvalidJweException("The plain text to encrypt is null");
}
try {
if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128GCM || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256GCM) {
SecretKey secretKey = new SecretKeySpec(contentMasterKey, "AES");
KeyParameter key = new KeyParameter(contentMasterKey);
final int MAC_SIZE_BITS = 128;
AEADParameters aeadParameters = new AEADParameters(key, MAC_SIZE_BITS, initializationVector, additionalAuthenticatedData);
final int macSize = aeadParameters.getMacSize() / 8;
BlockCipher blockCipher = new AESEngine();
CipherParameters params = new KeyParameter(secretKey.getEncoded());
blockCipher.init(true, params);
GCMBlockCipher aGCMBlockCipher = new GCMBlockCipher(blockCipher);
aGCMBlockCipher.init(true, aeadParameters);
int len = aGCMBlockCipher.getOutputSize(plainText.length);
byte[] out = new byte[len];
int outOff = aGCMBlockCipher.processBytes(plainText, 0, plainText.length, out, 0);
outOff += aGCMBlockCipher.doFinal(out, outOff);
byte[] cipherText = new byte[outOff - macSize];
System.arraycopy(out, 0, cipherText, 0, cipherText.length);
byte[] authenticationTag = new byte[macSize];
System.arraycopy(out, outOff - macSize, authenticationTag, 0, authenticationTag.length);
String encodedCipherText = Base64Util.base64urlencode(cipherText);
String encodedAuthenticationTag = Base64Util.base64urlencode(authenticationTag);
return new Pair<String, String>(encodedCipherText, encodedAuthenticationTag);
} else if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128CBC_PLUS_HS256 || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256CBC_PLUS_HS512) {
byte[] cek = KeyDerivationFunction.generateCek(contentMasterKey, getBlockEncryptionAlgorithm());
IvParameterSpec parameters = new IvParameterSpec(initializationVector);
Cipher cipher = Cipher.getInstance(getBlockEncryptionAlgorithm().getAlgorithm(), "BC");
//Cipher cipher = Cipher.getInstance(getBlockEncryptionAlgorithm().getAlgorithm());
SecretKeySpec secretKeySpec = new SecretKeySpec(cek, "AES");
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, parameters);
byte[] cipherText = cipher.doFinal(plainText);
String encodedCipherText = Base64Util.base64urlencode(cipherText);
String securedInputValue = new String(additionalAuthenticatedData, Charset.forName(Util.UTF8_STRING_ENCODING)) + "." + encodedCipherText;
byte[] cik = KeyDerivationFunction.generateCik(contentMasterKey, getBlockEncryptionAlgorithm());
SecretKey secretKey = new SecretKeySpec(cik, getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
Mac mac = Mac.getInstance(getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
mac.init(secretKey);
byte[] integrityValue = mac.doFinal(securedInputValue.getBytes(Util.UTF8_STRING_ENCODING));
String encodedIntegrityValue = Base64Util.base64urlencode(integrityValue);
return new Pair<String, String>(encodedCipherText, encodedIntegrityValue);
} else {
throw new InvalidJweException("The block encryption algorithm is not supported");
}
} catch (InvalidCipherTextException e) {
throw new InvalidJweException(e);
} catch (NoSuchAlgorithmException e) {
throw new InvalidJweException(e);
} catch (UnsupportedEncodingException e) {
throw new InvalidJweException(e);
} catch (NoSuchProviderException e) {
throw new InvalidJweException(e);
} catch (IllegalBlockSizeException e) {
throw new InvalidJweException(e);
} catch (InvalidKeyException e) {
throw new InvalidJweException(e);
} catch (BadPaddingException e) {
throw new InvalidJweException(e);
} catch (InvalidAlgorithmParameterException e) {
throw new InvalidJweException(e);
} catch (NoSuchPaddingException e) {
throw new InvalidJweException(e);
} catch (InvalidParameterException e) {
throw new InvalidJweException(e);
}
}
Aggregations