Package com.nimbusds.jose

Examples of com.nimbusds.jose.JWEAlgorithm


      throw new JOSEException("The authentication tag must not be null");
    }
   

    JWEAlgorithm alg = header.getAlgorithm();

    if (! alg.equals(JWEAlgorithm.DIR)) {

      throw new JOSEException("Unsupported algorithm, must be \"dir\"");
    }

    if (! critParamChecker.headerPasses(header)) {
View Full Code Here


  @Override
  public JWECryptoParts encrypt(final JWEHeader header, final byte[] bytes)
    throws JOSEException {

    final JWEAlgorithm alg = header.getAlgorithm();
    final EncryptionMethod enc = header.getEncryptionMethod();

    // Generate and encrypt the CEK according to the enc method
    final SecureRandom randomGen = getSecureRandom();
    final SecretKey cek = AES.generateKey(enc.cekBitLength(), randomGen);
    byte[] keyIV;

    final AuthenticatedCipherText authCiphCEK;

    AlgFamily algFamily;

    Base64URL encryptedKey; // The second JWE part

    if (alg.equals(JWEAlgorithm.A128KW)) {

      if(kek.getEncoded().length != 16){
        throw new JOSEException("The Key Encryption Key (KEK) length must be 128 bits for A128KW encryption");
      }
      algFamily = AlgFamily.AESKW;

    } else if (alg.equals(JWEAlgorithm.A192KW)) {

      if(kek.getEncoded().length != 24){
        throw new JOSEException("The Key Encryption Key (KEK) length must be 192 bits for A192KW encryption");
      }
      algFamily = AlgFamily.AESKW;

    } else if (alg.equals(JWEAlgorithm.A256KW)) {

      if (kek.getEncoded().length != 32) {
        throw new JOSEException("The Key Encryption Key (KEK) length must be 256 bits for A256KW encryption");
      }
      algFamily = AlgFamily.AESKW;

    } else if (alg.equals(JWEAlgorithm.A128GCMKW)) {

      if(kek.getEncoded().length != 16){
        throw new JOSEException("The Key Encryption Key (KEK) length must be 128 bits for A128GCMKW encryption");
      }
      algFamily = AlgFamily.AESGCMKW;

    } else if (alg.equals(JWEAlgorithm.A192GCMKW)) {

      if(kek.getEncoded().length != 24){
        throw new JOSEException("The Key Encryption Key (KEK) length must be 192 bits for A192GCMKW encryption");
      }
      algFamily = AlgFamily.AESGCMKW;

    } else if (alg.equals(JWEAlgorithm.A256GCMKW)) {

      if(kek.getEncoded().length != 32){
        throw new JOSEException("The Key Encryption Key (KEK) length must be 256 bits for A256GCMKW encryption");
      }
      algFamily = AlgFamily.AESGCMKW;
View Full Code Here

      op.requestObjectJWEAlgs = new ArrayList<>();

      for (String v: JSONObjectUtils.getStringArray(jsonObject, "request_object_encryption_alg_values_supported")) {

        if (v != null)
          op.requestObjectJWEAlgs.add(new JWEAlgorithm(v));
      }
    }


    if (jsonObject.containsKey("request_object_encryption_enc_values_supported")) {

      op.requestObjectJWEEncs = new ArrayList<>();

      for (String v: JSONObjectUtils.getStringArray(jsonObject, "request_object_encryption_enc_values_supported")) {

        if (v != null)
          op.requestObjectJWEEncs.add(new EncryptionMethod(v));
      }
    }
   
   
    // ID token

    if (jsonObject.containsKey("id_token_signing_alg_values_supported")) {

      op.idTokenJWSAlgs = new ArrayList<>();

      for (String v: JSONObjectUtils.getStringArray(jsonObject, "id_token_signing_alg_values_supported")) {

        if (v != null)
          op.idTokenJWSAlgs.add(new JWSAlgorithm(v));
      }
    }


    if (jsonObject.containsKey("id_token_encryption_alg_values_supported")) {

      op.idTokenJWEAlgs = new ArrayList<>();

      for (String v: JSONObjectUtils.getStringArray(jsonObject, "id_token_encryption_alg_values_supported")) {

        if (v != null)
          op.idTokenJWEAlgs.add(new JWEAlgorithm(v));
      }
    }


    if (jsonObject.containsKey("id_token_encryption_enc_values_supported")) {

      op.idTokenJWEEncs = new ArrayList<>();

      for (String v: JSONObjectUtils.getStringArray(jsonObject, "id_token_encryption_enc_values_supported")) {

        if (v != null)
          op.idTokenJWEEncs.add(new EncryptionMethod(v));
      }
    }

    // UserInfo

    if (jsonObject.containsKey("userinfo_signing_alg_values_supported")) {

      op.userInfoJWSAlgs = new ArrayList<>();

      for (String v: JSONObjectUtils.getStringArray(jsonObject, "userinfo_signing_alg_values_supported")) {

        if (v != null)
          op.userInfoJWSAlgs.add(new JWSAlgorithm(v));
      }
    }


    if (jsonObject.containsKey("userinfo_encryption_alg_values_supported")) {

      op.userInfoJWEAlgs = new ArrayList<>();

      for (String v: JSONObjectUtils.getStringArray(jsonObject, "userinfo_encryption_alg_values_supported")) {

        if (v != null)
          op.userInfoJWEAlgs.add(new JWEAlgorithm(v));
      }
    }


    if (jsonObject.containsKey("userinfo_encryption_enc_values_supported")) {
View Full Code Here

   * @throws ParseException If parsing of the JWT claims set failed.
   */
  private ReadOnlyJWTClaimsSet decrypt(final EncryptedJWT encryptedJWT)
    throws JOSEException, ParseException {
   
    JWEAlgorithm alg = encryptedJWT.getHeader().getAlgorithm();
   
    JWEDecrypter decrypter = jweDecrypters.get(alg);
   
    if (decrypter == null) {

View Full Code Here

      oidcFields.remove("request_object_signing_alg");
    }

    if (jsonObject.containsKey("request_object_encryption_alg")) {
      metadata.setRequestObjectJWEAlg(new JWEAlgorithm(
        JSONObjectUtils.getString(jsonObject, "request_object_encryption_alg")));

      oidcFields.remove("request_object_encryption_alg");
    }

    if (jsonObject.containsKey("request_object_encryption_enc")) {
      metadata.setRequestObjectJWEEnc(new EncryptionMethod(
        JSONObjectUtils.getString(jsonObject, "request_object_encryption_enc")));

      oidcFields.remove("request_object_encryption_enc");
    }

    if (jsonObject.containsKey("token_endpoint_auth_signing_alg")) {
      metadata.setTokenEndpointAuthJWSAlg(new JWSAlgorithm(
        JSONObjectUtils.getString(jsonObject, "token_endpoint_auth_signing_alg")));

      oidcFields.remove("token_endpoint_auth_signing_alg");
    }

    if (jsonObject.containsKey("id_token_signed_response_alg")) {
      metadata.setIDTokenJWSAlg(new JWSAlgorithm(
        JSONObjectUtils.getString(jsonObject, "id_token_signed_response_alg")));

      oidcFields.remove("id_token_signed_response_alg");
    }

    if (jsonObject.containsKey("id_token_encrypted_response_alg")) {
      metadata.setIDTokenJWEAlg(new JWEAlgorithm(
        JSONObjectUtils.getString(jsonObject, "id_token_encrypted_response_alg")));

      oidcFields.remove("id_token_encrypted_response_alg");
    }

    if (jsonObject.containsKey("id_token_encrypted_response_enc")) {
      metadata.setIDTokenJWEEnc(new EncryptionMethod(
        JSONObjectUtils.getString(jsonObject, "id_token_encrypted_response_enc")));

      oidcFields.remove("id_token_encrypted_response_enc");
    }

    if (jsonObject.containsKey("userinfo_signed_response_alg")) {
      metadata.setUserInfoJWSAlg(new JWSAlgorithm(
        JSONObjectUtils.getString(jsonObject, "userinfo_signed_response_alg")));

      oidcFields.remove("userinfo_signed_response_alg");
    }

    if (jsonObject.containsKey("userinfo_encrypted_response_alg")) {
      metadata.setUserInfoJWEAlg(new JWEAlgorithm(
        JSONObjectUtils.getString(jsonObject, "userinfo_encrypted_response_alg")));

      oidcFields.remove("userinfo_encrypted_response_alg");
    }
View Full Code Here

  @Override
  public JWECryptoParts encrypt(final JWEHeader header, final byte[] bytes)
    throws JOSEException {

    final JWEAlgorithm alg = header.getAlgorithm();
    final EncryptionMethod enc = header.getEncryptionMethod();

    // Generate and encrypt the CEK according to the enc method
    final SecureRandom randomGen = getSecureRandom();
    final SecretKey cek = AES.generateKey(enc.cekBitLength(), randomGen);

    Base64URL encryptedKey; // The second JWE part

    if (alg.equals(JWEAlgorithm.RSA1_5)) {

      encryptedKey = Base64URL.encode(RSA1_5.encryptCEK(publicKey, cek, keyEncryptionProvider));

    } else if (alg.equals(JWEAlgorithm.RSA_OAEP)) {

      encryptedKey = Base64URL.encode(RSA_OAEP.encryptCEK(publicKey, cek, keyEncryptionProvider));

    } else if (alg.equals(JWEAlgorithm.RSA_OAEP_256)) {
     
      encryptedKey = Base64URL.encode(RSA_OAEP_256.encryptCEK(publicKey, cek, keyEncryptionProvider));
     
    } else {
View Full Code Here

  @Override
  public JWECryptoParts encrypt(final JWEHeader readOnlyJWEHeader, final byte[] bytes)
    throws JOSEException {

    JWEAlgorithm alg = readOnlyJWEHeader.getAlgorithm();

    if (! alg.equals(JWEAlgorithm.DIR)) {

      throw new JOSEException("Unsupported JWE algorithm, must be \"dir\"");
    }

    // Check key length matches matches encryption method
View Full Code Here

      throw new JOSEException("Unsupported critical header parameter");
    }
   

    // Derive the content encryption key
    JWEAlgorithm alg = header.getAlgorithm();

    SecretKey cek;

    if (alg.equals(JWEAlgorithm.RSA1_5)) {

      int keyLength = header.getEncryptionMethod().cekBitLength();

      // Protect against MMA attack by generating random CEK on failure,
      // see http://www.ietf.org/mail-archive/web/jose/current/msg01832.html
      SecureRandom randomGen = getSecureRandom();
      SecretKey randomCEK = AES.generateKey(keyLength, randomGen);

      try {
        cek = RSA1_5.decryptCEK(privateKey, encryptedKey.decode(), keyLength, keyEncryptionProvider);

        if (cek == null) {
          // CEK length mismatch, signalled by null instead of
          // exception to prevent MMA attack
          cek = randomCEK;
        }

      } catch (Exception e) {
        // continue
        cek = randomCEK;
      }
   
    } else if (alg.equals(JWEAlgorithm.RSA_OAEP)) {

      cek = RSA_OAEP.decryptCEK(privateKey, encryptedKey.decode(), keyEncryptionProvider);

    } else if (alg.equals(JWEAlgorithm.RSA_OAEP_256)) {
     
      cek = RSA_OAEP_256.decryptCEK(privateKey, encryptedKey.decode(), keyEncryptionProvider);
     
    } else {
   
View Full Code Here

      throw new JOSEException("Unsupported critical header parameter");
    }


    // Derive the content encryption key
    JWEAlgorithm alg = header.getAlgorithm();
    int keyLength = header.getEncryptionMethod().cekBitLength();

    SecretKey cek;

    if (alg.equals(JWEAlgorithm.A128KW) ||
        alg.equals(JWEAlgorithm.A192KW) ||
        alg.equals(JWEAlgorithm.A256KW))   {

      cek = AESKW.decryptCEK(kek, encryptedKey.decode());

    } else if (alg.equals(JWEAlgorithm.A128GCMKW) ||
         alg.equals(JWEAlgorithm.A192GCMKW) ||
         alg.equals(JWEAlgorithm.A256GCMKW)) {

      byte[] keyIV = header.getIV().decode();
      byte[] keyTag = header.getAuthTag().decode();
      AuthenticatedCipherText authEncrCEK = new AuthenticatedCipherText(encryptedKey.decode(), keyTag);
      cek = AESGCMKW.decryptCEK(kek, keyIV, authEncrCEK, keyLength, keyEncryptionProvider);
View Full Code Here

      throw new JOSEException("The authentication tag must not be null");
    }
   

    JWEAlgorithm alg = header.getAlgorithm();

    if (! alg.equals(JWEAlgorithm.DIR)) {

      throw new JOSEException("Unsupported algorithm, must be \"dir\"");
    }

    if (! critParamChecker.headerPasses(header)) {
View Full Code Here

TOP

Related Classes of com.nimbusds.jose.JWEAlgorithm

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.