Examples of com.nimbusds.jose.JOSEException

com.nimbusds.jose.JOSEException
Javascript Object Signing and Encryption (JOSE) exception. @author Vladimir Dzhuvinov @version $version$ (2012-09-15)


    byte[] plainText = decrypt(compositeKey.getAESKey(), iv, cipherText, ceProvider);


    if (! macCheckPassed) {


      throw new JOSEException("MAC check failed");
    }


    return plainText;
  }

View Full Code Here


    byte[] mac = HMAC.compute(cik, macInput.getBytes(), macProvider);


    if (! ConstantTimeUtils.areEqual(authTag.decode(), mac)) {


      throw new JOSEException("HMAC integrity check failed");
    }


    return plainText;
  }

View Full Code Here

      signer.update(signingInput);
      return Base64URL.encode(signer.sign());


    } catch (InvalidKeyException e) {


      throw new JOSEException("Invalid private RSA key: " + e.getMessage(), e);


    } catch (SignatureException e) {


      throw new JOSEException("RSA signature exception: " + e.getMessage(), e);
    }
  }

View Full Code Here

      try {
        return DeflateUtils.compress(bytes);


      } catch (Exception e) {


        throw new JOSEException("Couldn't compress plain text: " + e.getMessage(), e);
      }


    } else {


      throw new JOSEException("Unsupported compression algorithm: " + compressionAlg);
    }
  }

View Full Code Here

      try {
        return DeflateUtils.decompress(bytes);


      } catch (Exception e) {


        throw new JOSEException("Couldn't decompress plain text: " + e.getMessage(), e);
      }


    } else {


      throw new JOSEException("Unsupported compression algorithm: " + compressionAlg);
    }
  }

View Full Code Here

      return encrypter.wrap(cekBytes, 0, cekBytes.length);
    } catch (Exception e) {


      // java.lang.IllegalStateException
      // org.bouncycastle.crypto.DataLengthException
      throw new JOSEException("Couldn't encrypt Content Encryption Key (CEK): " + e.getMessage(), e);
    }
  }

View Full Code Here

      return new SecretKeySpec(cekBytes, "AES");
    } catch (Exception e) {


      // java.lang.IllegalStateException
      // org.bouncycastle.crypto.InvalidCipherTextException
      throw new JOSEException("Couldn't decrypt Content Encryption Key (CEK): " + e.getMessage(), e);
    }
  }

View Full Code Here

    throws JOSEException {


    // Validate required JWE parts
    if (encryptedKey == null) {


      throw new JOSEException("The encrypted key must not be null");
    }  


    if (iv == null) {


      throw new JOSEException("The initialization vector (IV) must not be null");
    }


    if (authTag == null) {


      throw new JOSEException("The authentication tag must not be null");
    }


    if (! critParamChecker.headerPasses(header)) {


      throw new JOSEException("Unsupported critical header parameter");
    }
    


    // Derive the content encryption key
    JWEAlgorithm alg = header.getAlgorithm();


    SecretKey cek;


    if (alg.equals(JWEAlgorithm.RSA1_5)) {


      int keyLength = header.getEncryptionMethod().cekBitLength();


      // Protect against MMA attack by generating random CEK on failure,
      // see http://www.ietf.org/mail-archive/web/jose/current/msg01832.html
      SecureRandom randomGen = getSecureRandom();
      SecretKey randomCEK = AES.generateKey(keyLength, randomGen);


      try {
        cek = RSA1_5.decryptCEK(privateKey, encryptedKey.decode(), keyLength, keyEncryptionProvider);


        if (cek == null) {
          // CEK length mismatch, signalled by null instead of
          // exception to prevent MMA attack
          cek = randomCEK;
        }


      } catch (Exception e) {
        // continue
        cek = randomCEK;
      }
    
    } else if (alg.equals(JWEAlgorithm.RSA_OAEP)) {


      cek = RSA_OAEP.decryptCEK(privateKey, encryptedKey.decode(), keyEncryptionProvider);


    } else if (alg.equals(JWEAlgorithm.RSA_OAEP_256)) {
      
      cek = RSA_OAEP_256.decryptCEK(privateKey, encryptedKey.decode(), keyEncryptionProvider);
      
    } else {
    
      throw new JOSEException("Unsupported JWE algorithm, must be RSA1_5 or RSA_OAEP");
    }


    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(header.toBase64URL().toString());


    // Decrypt the cipher text according to the JWE enc
    EncryptionMethod enc = header.getEncryptionMethod();


    byte[] plainText;


    if (enc.equals(EncryptionMethod.A128CBC_HS256) ||
        enc.equals(EncryptionMethod.A192CBC_HS384) ||
        enc.equals(EncryptionMethod.A256CBC_HS512)    ) {


      plainText = AESCBC.decryptAuthenticated(
        cek,
        iv.decode(),
        cipherText.decode(),
        aad,
        authTag.decode(),
        contentEncryptionProvider,
        macProvider);


    } else if (enc.equals(EncryptionMethod.A128GCM) ||
         enc.equals(EncryptionMethod.A192GCM) ||
         enc.equals(EncryptionMethod.A256GCM)    ) {


      plainText = AESGCM.decrypt(
        cek,
        iv.decode(),
        cipherText.decode(),
        aad,
        authTag.decode(),
        contentEncryptionProvider);


    } else if (enc.equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) ||
         enc.equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)    ) {


      plainText = AESCBC.decryptWithConcatKDF(
        header,
        cek,
        encryptedKey,
        iv,
        cipherText,
        authTag,
        contentEncryptionProvider,
        macProvider);


    } else {


      throw new JOSEException("Unsupported encryption method, must be A128CBC_HS256, A192CBC_HS384, A256CBC_HS512, A128GCM, A192GCM or A256GCM");
    }




    // Apply decompression if requested
    return DeflateHelper.applyDecompression(header, plainText);

View Full Code Here

    throws JOSEException {


    // Validate required JWE parts
    if (encryptedKey == null) {


      throw new JOSEException("The encrypted key must not be null");
    }


    if (iv == null) {


      throw new JOSEException("The initialization vector (IV) must not be null");
    }


    if (authTag == null) {


      throw new JOSEException("The authentication tag must not be null");
    }


    if (!critParamChecker.headerPasses(header)) {


      throw new JOSEException("Unsupported critical header parameter");
    }




    // Derive the content encryption key
    JWEAlgorithm alg = header.getAlgorithm();
    int keyLength = header.getEncryptionMethod().cekBitLength();


    SecretKey cek;


    if (alg.equals(JWEAlgorithm.A128KW) ||
        alg.equals(JWEAlgorithm.A192KW) ||
        alg.equals(JWEAlgorithm.A256KW))   {


      cek = AESKW.decryptCEK(kek, encryptedKey.decode());


    } else if (alg.equals(JWEAlgorithm.A128GCMKW) ||
         alg.equals(JWEAlgorithm.A192GCMKW) ||
         alg.equals(JWEAlgorithm.A256GCMKW)) {


      byte[] keyIV = header.getIV().decode();
      byte[] keyTag = header.getAuthTag().decode();
      AuthenticatedCipherText authEncrCEK = new AuthenticatedCipherText(encryptedKey.decode(), keyTag);
      cek = AESGCMKW.decryptCEK(kek, keyIV, authEncrCEK, keyLength, keyEncryptionProvider);


    } else {


      throw new JOSEException("Unsupported JWE algorithm, must be A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW orA256GCMKW");
    }


    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(header.toBase64URL().toString());


    // Decrypt the cipher text according to the JWE enc
    EncryptionMethod enc = header.getEncryptionMethod();


    byte[] plainText;


    if (enc.equals(EncryptionMethod.A128CBC_HS256) ||
      enc.equals(EncryptionMethod.A192CBC_HS384) ||
      enc.equals(EncryptionMethod.A256CBC_HS512)) {


      plainText = AESCBC.decryptAuthenticated(
        cek,
        iv.decode(),
        cipherText.decode(),
        aad,
        authTag.decode(),
        contentEncryptionProvider,
        macProvider);


    } else if (enc.equals(EncryptionMethod.A128GCM) ||
      enc.equals(EncryptionMethod.A192GCM) ||
      enc.equals(EncryptionMethod.A256GCM)) {


      plainText = AESGCM.decrypt(
        cek,
        iv.decode(),
        cipherText.decode(),
        aad,
        authTag.decode(),
        contentEncryptionProvider);


    } else if (enc.equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) ||
      enc.equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)) {


      plainText = AESCBC.decryptWithConcatKDF(
        header,
        cek,
        encryptedKey,
        iv,
        cipherText,
        authTag,
        contentEncryptionProvider,
        macProvider);


    } else {


      throw new JOSEException("Unsupported encryption method, must be A128CBC_HS256, A192CBC_HS384, A256CBC_HS512, A128GCM, A192GCM or A256GCM");
    }




    // Apply decompression if requested
    return DeflateHelper.applyDecompression(header, plainText);

View Full Code Here


      return "HMACSHA512";


    } else {
      
      throw new JOSEException("Unsupported HMAC algorithm, must be HS256, HS384 or HS512");
    }
  }

View Full Code Here

0 1 2 3 4 5 6

TOP

Related Classes of com.nimbusds.jose.JOSEException

com.nimbusds.jose.crypto.AES

com.nimbusds.jose.crypto.AESCBC

com.nimbusds.jose.crypto.AESDecrypter

com.nimbusds.jose.crypto.AESEncrypter

com.nimbusds.jose.crypto.AESGCM

com.nimbusds.jose.crypto.AESGCMKW

com.nimbusds.jose.crypto.AESKW

com.nimbusds.jose.crypto.CompositeKey

com.nimbusds.jose.crypto.ConcatKDF

com.nimbusds.jose.crypto.DeflateHelper

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.