Package com.nimbusds.jose

Examples of com.nimbusds.jose.JOSEException

222
223
224
225
226
227
228
229
     
      return decrypt(encryptedJWT);
     
    } else {
   
      throw new JOSEException("Unexpected JWT type: " + jwt.getClass());
    }
  }
View Full Code Here
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
     
      encryptedKey = Base64URL.encode(RSA_OAEP_256.encryptCEK(publicKey, cek, keyEncryptionProvider));
     
    } else {

      throw new JOSEException("Unsupported JWE algorithm, must be RSA1_5, RSA-OAEP, or RSA-OAEP-256");
    }


    // Apply compression if instructed
    byte[] plainText = DeflateHelper.applyCompression(header, bytes);

    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(header.toBase64URL().toString());

    // Encrypt the plain text according to the JWE enc
    byte[] iv;
    AuthenticatedCipherText authCipherText;
   
    if (enc.equals(EncryptionMethod.A128CBC_HS256) ||
        enc.equals(EncryptionMethod.A192CBC_HS384) ||
        enc.equals(EncryptionMethod.A256CBC_HS512)    ) {

      iv = AESCBC.generateIV(randomGen);

      authCipherText = AESCBC.encryptAuthenticated(
        cek, iv, plainText, aad,
        contentEncryptionProvider, macProvider);

    } else if (enc.equals(EncryptionMethod.A128GCM) ||
         enc.equals(EncryptionMethod.A192GCM) ||
         enc.equals(EncryptionMethod.A256GCM)    ) {

      iv = AESGCM.generateIV(randomGen);

      authCipherText = AESGCM.encrypt(
        cek, iv, plainText, aad,
        contentEncryptionProvider);

    } else if (enc.equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) ||
         enc.equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)    ) {

      iv = AESCBC.generateIV(randomGen);

      authCipherText = AESCBC.encryptWithConcatKDF(
        header, cek, encryptedKey, iv, plainText,
        contentEncryptionProvider, macProvider);

    } else {

      throw new JOSEException("Unsupported encryption method, must be A128CBC_HS256, A192CBC_HS384, A256CBC_HS512, A128GCM, A192GCM or A256GCM");
    }

    return new JWECryptoParts(encryptedKey, 
                        Base64URL.encode(iv),
                        Base64URL.encode(authCipherText.getCipherText()),
View Full Code Here
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
      // Append "Encryption" label
      baos.write(ENCRYPTION_BYTES);

    } catch (IOException e) {

      throw new JOSEException(e.getMessage(), e);
    }

    // Write out
    byte[] hashInput = baos.toByteArray();

    MessageDigest md;

    try {
      // SHA-256 or SHA-512
      md = MessageDigest.getInstance("SHA-" + hashBitLength);

    } catch (NoSuchAlgorithmException e) {

      throw new JOSEException(e.getMessage(), e);
    }

    byte[] hashOutput = md.digest(hashInput);

    byte[] cekBytes = new byte[hashOutput.length / 2];
View Full Code Here
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
      // Append "Encryption" label
      baos.write(INTEGRITY_BYTES);

    } catch (IOException e) {

      throw new JOSEException(e.getMessage(), e);
    }

    // Write out
    byte[] hashInput = baos.toByteArray();

    MessageDigest md;

    try {
      // SHA-256 or SHA-512
      md = MessageDigest.getInstance("SHA-" + hashBitLength);

    } catch (NoSuchAlgorithmException e) {

      throw new JOSEException(e.getMessage(), e);
    }

    // HMACSHA256 or HMACSHA512
    return new SecretKeySpec(md.digest(hashInput), "HMACSHA" + cikBitLength);
  }
View Full Code Here
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
    JWEAlgorithm alg = readOnlyJWEHeader.getAlgorithm();

    if (! alg.equals(JWEAlgorithm.DIR)) {

      throw new JOSEException("Unsupported JWE algorithm, must be \"dir\"");
    }

    // Check key length matches matches encryption method
    EncryptionMethod enc = readOnlyJWEHeader.getEncryptionMethod();

    if (enc.cekBitLength() != getKey().getEncoded().length * 8) {

      throw new JOSEException("The Content Encryption Key (CEK) length must be " + enc.cekBitLength() + " bits for " + enc + " encryption");
    }

    final Base64URL encryptedKey = null; // The second JWE part


    // Apply compression if instructed
    byte[] plainText = DeflateHelper.applyCompression(readOnlyJWEHeader, bytes);


    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(readOnlyJWEHeader.toBase64URL().toString());
   

    // Encrypt the plain text according to the JWE enc
    byte[] iv;
    AuthenticatedCipherText authCipherText;
    SecureRandom randomGen = getSecureRandom();

    if (enc.equals(EncryptionMethod.A128CBC_HS256) || enc.equals(EncryptionMethod.A192CBC_HS384) || enc.equals(EncryptionMethod.A256CBC_HS512)) {

      iv = AESCBC.generateIV(randomGen);

      authCipherText = AESCBC.encryptAuthenticated(getKey(), iv, plainText, aad, contentEncryptionProvider, macProvider);

    } else if (enc.equals(EncryptionMethod.A128GCM) || enc.equals(EncryptionMethod.A192GCM) || enc.equals(EncryptionMethod.A256GCM)) {

      iv = AESGCM.generateIV(randomGen);

      authCipherText = AESGCM.encrypt(getKey(), iv, plainText, aad, contentEncryptionProvider);

    } else {

      throw new JOSEException("Unsupported encryption method, must be A128CBC_HS256, A192CBC_HS384, A256CBC_HS512, A128GCM, A192GCM or A128GCM");
    }

    return new JWECryptoParts(encryptedKey, 
                        Base64URL.encode(iv),
                        Base64URL.encode(authCipherText.getCipherText()),
View Full Code Here
80
81
82
83
84
85
86
87
88
89
90
    try {
      outputOffset += gcm.doFinal(output, outputOffset);

    } catch (InvalidCipherTextException e) {

      throw new JOSEException("Couldn't generate GCM authentication tag for key: " + e.getMessage(), e);
    }

    // Split output into cipher text and authentication tag
    int authTagLength = AUTH_TAG_BIT_LENGTH / 8;
View Full Code Here
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
    try {
      keyBytesOffset += gcm.doFinal(keyBytes, keyBytesOffset);

    } catch (InvalidCipherTextException e) {

      throw new JOSEException("Couldn't validate GCM authentication tag: " + e.getMessage(), e);
    }

    if (8 * keyBytes.length != keyLength) {

      throw new JOSEException("CEK key length mismatch: " +
        keyBytes.length + " != " + keyLength);
    }

    return new SecretKeySpec(keyBytes, "AES");

View Full Code Here
95
96
97
98
99
100
101
102
103
104
        cipher.init(Cipher.DECRYPT_MODE, keyspec, ivSpec);
      }

    } catch (Exception e) {

      throw new JOSEException(e.getMessage(), e);
    }

    return cipher;
  }
View Full Code Here
129
130
131
132
133
134
135
136
    try {
      return cipher.doFinal(plainText)
   
    } catch (Exception e) {

      throw new JOSEException(e.getMessage(), e);
    }
  }
View Full Code Here
292
293
294
295
296
297
298
299
    try {
      return cipher.doFinal(cipherText);

    } catch (Exception e) {

      throw new JOSEException(e.getMessage(), e);
    }
  }
View Full Code Here
TOP

Related Classes of com.nimbusds.jose.JOSEException

  • com.nimbusds.jose.crypto.AES
  • com.nimbusds.jose.crypto.AESCBC
  • com.nimbusds.jose.crypto.AESDecrypter
  • com.nimbusds.jose.crypto.AESEncrypter
  • com.nimbusds.jose.crypto.AESGCM
  • com.nimbusds.jose.crypto.AESGCMKW
  • com.nimbusds.jose.crypto.AESKW
  • com.nimbusds.jose.crypto.CompositeKey
  • com.nimbusds.jose.crypto.ConcatKDF
  • com.nimbusds.jose.crypto.DeflateHelper
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.