Examples of com.nimbusds.jose.JOSEException

• com.nimbusds.jose.JOSEException
  Javascript Object Signing and Encryption (JOSE) exception. @author Vladimir Dzhuvinov @version $version$ (2012-09-15)

      // Append "Encryption" label
      baos.write(ENCRYPTION_BYTES);

    } catch (IOException e) {

      throw new JOSEException(e.getMessage(), e);
    }

    // Write out
    byte[] hashInput = baos.toByteArray();

    MessageDigest md;

    try {
      // SHA-256 or SHA-512
      md = MessageDigest.getInstance("SHA-" + hashBitLength);

    } catch (NoSuchAlgorithmException e) {

      throw new JOSEException(e.getMessage(), e);
    }

    byte[] hashOutput = md.digest(hashInput);

    byte[] cekBytes = new byte[hashOutput.length / 2];

      // Append "Encryption" label
      baos.write(INTEGRITY_BYTES);

    } catch (IOException e) {

      throw new JOSEException(e.getMessage(), e);
    }

    // Write out
    byte[] hashInput = baos.toByteArray();

    MessageDigest md;

    try {
      // SHA-256 or SHA-512
      md = MessageDigest.getInstance("SHA-" + hashBitLength);

    } catch (NoSuchAlgorithmException e) {

      throw new JOSEException(e.getMessage(), e);
    }

    byte[] hashOutput = md.digest(hashInput);

    byte[] cikBytes = hashOutput;

    JWEAlgorithm alg = readOnlyJWEHeader.getAlgorithm();

    if (! alg.equals(JWEAlgorithm.DIR)) {

      throw new JOSEException("Unsupported JWE algorithm, must be \"dir\"");
    }

    // Check key length matches matches encryption method
    EncryptionMethod enc = readOnlyJWEHeader.getEncryptionMethod();

    if (enc.cekBitLength() != getKey().getEncoded().length * 8) {

      throw new JOSEException("The Content Encryption Key (CEK) length must be " + enc.cekBitLength() + " bits for " + enc + " encryption");
    }

    final Base64URL encryptedKey = null; // The second JWE part


    // Apply compression if instructed
    byte[] plainText = DeflateHelper.applyCompression(readOnlyJWEHeader, bytes);


    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(readOnlyJWEHeader.toBase64URL().toString());


    // Encrypt the plain text according to the JWE enc
    byte[] iv;
    AuthenticatedCipherText authCipherText;
    SecureRandom randomGen = getSecureRandom();

    if (enc.equals(EncryptionMethod.A128CBC_HS256) || enc.equals(EncryptionMethod.A192CBC_HS384) || enc.equals(EncryptionMethod.A256CBC_HS512)) {

      iv = AESCBC.generateIV(randomGen);

      authCipherText = AESCBC.encryptAuthenticated(getKey(), iv, plainText, aad, contentEncryptionProvider, macProvider);

    } else if (enc.equals(EncryptionMethod.A128GCM) || enc.equals(EncryptionMethod.A192GCM) || enc.equals(EncryptionMethod.A256GCM)) {

      iv = AESGCM.generateIV(randomGen);

      authCipherText = AESGCM.encrypt(getKey(), iv, plainText, aad, contentEncryptionProvider);

    } else {

      throw new JOSEException("Unsupported encryption method, must be A128CBC_HS256, A192CBC_HS384, A256CBC_HS512, A128GCM, A192GCM or A128GCM");
    }

    return new JWECryptoParts(encryptedKey,
                        Base64URL.encode(iv),
                        Base64URL.encode(authCipherText.getCipherText()),

      encKey = new SecretKeySpec(secretKeyBytes, 32, 32, "AES");
      truncatedMacLength = 32;

    } else {

      throw new JOSEException("Unsupported AES/CBC/PKCS5Padding/HMAC-SHA2 key length, must be 256, 384 or 512 bits");
    }
  }