Examples of EncryptionMethod

com.nimbusds.jose.EncryptionMethod
Encryption method name, represents the {@code enc} header parameter in JSONWeb Encryption (JWE) objects. This class is immutable.
Includes constants for the following standard encryption method names:
- {@link #A128CBC_HS256 A128CBC-HS256}
- {@link #A192CBC_HS384 A192CBC-HS384}
- {@link #A256CBC_HS512 A256CBC-HS512}
- {@link #A128GCM}
- {@link #A192GCM}
- {@link #A256GCM}
- {@link #A128CBC_HS256_DEPRECATED A128CBC+HS256 (deprecated)}
- {@link #A256CBC_HS512_DEPRECATED A256CBC+HS512 (deprecated)}
Additional encryption method names can be defined using the constructors. @author Vladimir Dzhuvinov @version $version$ (2014-05-23)
org.apache.xml.security.algorithms.encryption.EncryptionMethod
This is the representation of an xenc:EncryptionMethod element. It's additionally the factory for encryption/wrap/transport algorithms. @author $Author: vdkoogh $
org.apache.xml.security.encryption.EncryptionMethod
EncryptionMethod describes the encryption algorithm applied to the cipher data. If the element is absent, the encryption algorithm must be known by the recipient or the decryption will fail.
It is defined as follows:
@author Axl Mattheus
org.jboss.resteasy.jose.jwe.EncryptionMethod
org.opensaml.xml.encryption.EncryptionMethod
XMLObject representing XML Encryption, version 20021210, EncryptionMethod element.
org.picketlink.identity.xmlsec.w3.xmlenc.EncryptionMethodType.EncryptionMethod
3.org/2001/XMLSchema}anyType"> <sequence maxOccurs="unbounded"> <choice> <element name="X509IssuerSerial" type="{http://www.w3.org/2000/09/xmldsig#}X509IssuerSerialType"/> <element name="X509SKI" type="{http://www.w3.org/2001/XMLSchema}base64Binary"/> <element name="X509SubjectName" type="{http://www.w3.org/2001/XMLSchema}string"/> <element name="X509Certificate" type="{http://www.w3.org/2001/XMLSchema}base64Binary"/> <element name="X509CRL" type="{http://www.w3.org/2001/XMLSchema}base64Binary"/> <any/> </choice> </sequence> </restriction> </complexContent> </complexType>

Examples of com.nimbusds.jose.EncryptionMethod


    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(header.toBase64URL().toString());


    // Decrypt the cipher text according to the JWE enc
    EncryptionMethod enc = header.getEncryptionMethod();


    byte[] plainText;


    if (enc.equals(EncryptionMethod.A128CBC_HS256) || enc.equals(EncryptionMethod.A192CBC_HS384) || enc.equals(EncryptionMethod.A256CBC_HS512)) {


      plainText = AESCBC.decryptAuthenticated(getKey(), iv.decode(), cipherText.decode(), aad, authTag.decode(), contentEncryptionProvider, macProvider);


    } else if (enc.equals(EncryptionMethod.A128GCM) || enc.equals(EncryptionMethod.A192GCM) || enc.equals(EncryptionMethod.A256GCM)) {


      plainText = AESGCM.decrypt(getKey(), iv.decode(), cipherText.decode(), aad, authTag.decode(), contentEncryptionProvider);


    } else {

View Full Code Here

Examples of com.nimbusds.jose.EncryptionMethod

  @Override
  public JWECryptoParts encrypt(final JWEHeader header, final byte[] bytes)
    throws JOSEException {


    final JWEAlgorithm alg = header.getAlgorithm();
    final EncryptionMethod enc = header.getEncryptionMethod();


    // Generate and encrypt the CEK according to the enc method
    final SecureRandom randomGen = getSecureRandom();
    final SecretKey cek = AES.generateKey(enc.cekBitLength(), randomGen);
    byte[] keyIV;


    final AuthenticatedCipherText authCiphCEK;


    AlgFamily algFamily;


    Base64URL encryptedKey; // The second JWE part


    if (alg.equals(JWEAlgorithm.A128KW)) {


      if(kek.getEncoded().length != 16){
        throw new JOSEException("The Key Encryption Key (KEK) length must be 128 bits for A128KW encryption");
      }
      algFamily = AlgFamily.AESKW;


    } else if (alg.equals(JWEAlgorithm.A192KW)) {


      if(kek.getEncoded().length != 24){
        throw new JOSEException("The Key Encryption Key (KEK) length must be 192 bits for A192KW encryption");
      }
      algFamily = AlgFamily.AESKW;


    } else if (alg.equals(JWEAlgorithm.A256KW)) {


      if (kek.getEncoded().length != 32) {
        throw new JOSEException("The Key Encryption Key (KEK) length must be 256 bits for A256KW encryption");
      }
      algFamily = AlgFamily.AESKW;


    } else if (alg.equals(JWEAlgorithm.A128GCMKW)) {


      if(kek.getEncoded().length != 16){
        throw new JOSEException("The Key Encryption Key (KEK) length must be 128 bits for A128GCMKW encryption");
      }
      algFamily = AlgFamily.AESGCMKW;


    } else if (alg.equals(JWEAlgorithm.A192GCMKW)) {


      if(kek.getEncoded().length != 24){
        throw new JOSEException("The Key Encryption Key (KEK) length must be 192 bits for A192GCMKW encryption");
      }
      algFamily = AlgFamily.AESGCMKW;


    } else if (alg.equals(JWEAlgorithm.A256GCMKW)) {


      if(kek.getEncoded().length != 32){
        throw new JOSEException("The Key Encryption Key (KEK) length must be 256 bits for A256GCMKW encryption");
      }
      algFamily = AlgFamily.AESGCMKW;


    } else {


      throw new JOSEException("Unsupported JWE algorithm, must be A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW orA256GCMKW");
    }


    // We need to work on the header
    JWEHeader modifiableHeader;


    switch (algFamily) {


      case AESKW:
        encryptedKey = Base64URL.encode(AESKW.encryptCEK(cek, kek));
        modifiableHeader = header; // simply copy ref
        break;


      case AESGCMKW:
        keyIV = AESGCM.generateIV(randomGen);
        authCiphCEK = AESGCMKW.encryptCEK(cek, keyIV, kek, keyEncryptionProvider);
        encryptedKey = Base64URL.encode(authCiphCEK.getCipherText());


        // Add iv and tag to the header
        modifiableHeader = new JWEHeader.Builder(header).
          iv(Base64URL.encode(keyIV)).
          authTag(Base64URL.encode(authCiphCEK.getAuthenticationTag())).
          build();
        break;


      default:
        // This should never happen
        throw new JOSEException("Unsupported JWE algorithm, must be A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW orA256GCMKW");
    }


    // Apply compression if instructed
    byte[] plainText = DeflateHelper.applyCompression(modifiableHeader, bytes);


    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(modifiableHeader.toBase64URL().toString());


    // Encrypt the plain text according to the JWE enc
    byte[] iv;
    AuthenticatedCipherText authCipherText;


    if (enc.equals(EncryptionMethod.A128CBC_HS256) ||
        enc.equals(EncryptionMethod.A192CBC_HS384) ||
        enc.equals(EncryptionMethod.A256CBC_HS512)   ) {


      iv = AESCBC.generateIV(randomGen);


      authCipherText = AESCBC.encryptAuthenticated(
        cek, iv, plainText, aad,
        contentEncryptionProvider, macProvider);


    } else if (enc.equals(EncryptionMethod.A128GCM) ||
         enc.equals(EncryptionMethod.A192GCM) ||
         enc.equals(EncryptionMethod.A256GCM)    ) {


      iv = AESGCM.generateIV(randomGen);


      authCipherText = AESGCM.encrypt(
        cek, iv, plainText, aad,
        contentEncryptionProvider);


    } else if (enc.equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) ||
         enc.equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)    ) {


      iv = AESCBC.generateIV(randomGen);


      authCipherText = AESCBC.encryptWithConcatKDF(
        modifiableHeader, cek, encryptedKey, iv, plainText,

View Full Code Here

Examples of com.nimbusds.jose.EncryptionMethod

      op.requestObjectJWEEncs = new ArrayList<>();


      for (String v: JSONObjectUtils.getStringArray(jsonObject, "request_object_encryption_enc_values_supported")) {


        if (v != null)
          op.requestObjectJWEEncs.add(new EncryptionMethod(v));
      }
    }
    
    
    // ID token


    if (jsonObject.containsKey("id_token_signing_alg_values_supported")) {


      op.idTokenJWSAlgs = new ArrayList<>();


      for (String v: JSONObjectUtils.getStringArray(jsonObject, "id_token_signing_alg_values_supported")) {


        if (v != null)
          op.idTokenJWSAlgs.add(new JWSAlgorithm(v));
      }
    }




    if (jsonObject.containsKey("id_token_encryption_alg_values_supported")) {


      op.idTokenJWEAlgs = new ArrayList<>();


      for (String v: JSONObjectUtils.getStringArray(jsonObject, "id_token_encryption_alg_values_supported")) {


        if (v != null)
          op.idTokenJWEAlgs.add(new JWEAlgorithm(v));
      }
    }




    if (jsonObject.containsKey("id_token_encryption_enc_values_supported")) {


      op.idTokenJWEEncs = new ArrayList<>();


      for (String v: JSONObjectUtils.getStringArray(jsonObject, "id_token_encryption_enc_values_supported")) {


        if (v != null)
          op.idTokenJWEEncs.add(new EncryptionMethod(v));
      }
    }


    // UserInfo


    if (jsonObject.containsKey("userinfo_signing_alg_values_supported")) {


      op.userInfoJWSAlgs = new ArrayList<>();


      for (String v: JSONObjectUtils.getStringArray(jsonObject, "userinfo_signing_alg_values_supported")) {


        if (v != null)
          op.userInfoJWSAlgs.add(new JWSAlgorithm(v));
      }
    }




    if (jsonObject.containsKey("userinfo_encryption_alg_values_supported")) {


      op.userInfoJWEAlgs = new ArrayList<>();


      for (String v: JSONObjectUtils.getStringArray(jsonObject, "userinfo_encryption_alg_values_supported")) {


        if (v != null)
          op.userInfoJWEAlgs.add(new JWEAlgorithm(v));
      }
    }




    if (jsonObject.containsKey("userinfo_encryption_enc_values_supported")) {


      op.userInfoJWEEncs = new ArrayList<>();


      for (String v: JSONObjectUtils.getStringArray(jsonObject, "userinfo_encryption_enc_values_supported")) {


          if (v != null)
            op.userInfoJWEEncs.add(new EncryptionMethod(v));
      }
    }


    
    // Misc

View Full Code Here

Examples of com.nimbusds.jose.EncryptionMethod


      oidcFields.remove("request_object_encryption_alg");
    }


    if (jsonObject.containsKey("request_object_encryption_enc")) {
      metadata.setRequestObjectJWEEnc(new EncryptionMethod(
        JSONObjectUtils.getString(jsonObject, "request_object_encryption_enc")));


      oidcFields.remove("request_object_encryption_enc");
    }


    if (jsonObject.containsKey("token_endpoint_auth_signing_alg")) {
      metadata.setTokenEndpointAuthJWSAlg(new JWSAlgorithm(
        JSONObjectUtils.getString(jsonObject, "token_endpoint_auth_signing_alg")));


      oidcFields.remove("token_endpoint_auth_signing_alg");
    }


    if (jsonObject.containsKey("id_token_signed_response_alg")) {
      metadata.setIDTokenJWSAlg(new JWSAlgorithm(
        JSONObjectUtils.getString(jsonObject, "id_token_signed_response_alg")));


      oidcFields.remove("id_token_signed_response_alg");
    }


    if (jsonObject.containsKey("id_token_encrypted_response_alg")) {
      metadata.setIDTokenJWEAlg(new JWEAlgorithm(
        JSONObjectUtils.getString(jsonObject, "id_token_encrypted_response_alg")));


      oidcFields.remove("id_token_encrypted_response_alg");
    }


    if (jsonObject.containsKey("id_token_encrypted_response_enc")) {
      metadata.setIDTokenJWEEnc(new EncryptionMethod(
        JSONObjectUtils.getString(jsonObject, "id_token_encrypted_response_enc")));


      oidcFields.remove("id_token_encrypted_response_enc");
    }


    if (jsonObject.containsKey("userinfo_signed_response_alg")) {
      metadata.setUserInfoJWSAlg(new JWSAlgorithm(
        JSONObjectUtils.getString(jsonObject, "userinfo_signed_response_alg")));


      oidcFields.remove("userinfo_signed_response_alg");
    }


    if (jsonObject.containsKey("userinfo_encrypted_response_alg")) {
      metadata.setUserInfoJWEAlg(new JWEAlgorithm(
        JSONObjectUtils.getString(jsonObject, "userinfo_encrypted_response_alg")));


      oidcFields.remove("userinfo_encrypted_response_alg");
    }


    if (jsonObject.containsKey("userinfo_encrypted_response_enc")) {
      metadata.setUserInfoJWEEnc(new EncryptionMethod(
        JSONObjectUtils.getString(jsonObject, "userinfo_encrypted_response_enc")));


      oidcFields.remove("userinfo_encrypted_response_enc");
    }

View Full Code Here

Examples of com.nimbusds.jose.EncryptionMethod

  @Override
  public JWECryptoParts encrypt(final JWEHeader header, final byte[] bytes)
    throws JOSEException {


    final JWEAlgorithm alg = header.getAlgorithm();
    final EncryptionMethod enc = header.getEncryptionMethod();


    // Generate and encrypt the CEK according to the enc method
    final SecureRandom randomGen = getSecureRandom();
    final SecretKey cek = AES.generateKey(enc.cekBitLength(), randomGen);


    Base64URL encryptedKey; // The second JWE part


    if (alg.equals(JWEAlgorithm.RSA1_5)) {


      encryptedKey = Base64URL.encode(RSA1_5.encryptCEK(publicKey, cek, keyEncryptionProvider));


    } else if (alg.equals(JWEAlgorithm.RSA_OAEP)) {


      encryptedKey = Base64URL.encode(RSA_OAEP.encryptCEK(publicKey, cek, keyEncryptionProvider));


    } else if (alg.equals(JWEAlgorithm.RSA_OAEP_256)) {
      
      encryptedKey = Base64URL.encode(RSA_OAEP_256.encryptCEK(publicKey, cek, keyEncryptionProvider));
      
    } else {


      throw new JOSEException("Unsupported JWE algorithm, must be RSA1_5, RSA-OAEP, or RSA-OAEP-256");
    }




    // Apply compression if instructed
    byte[] plainText = DeflateHelper.applyCompression(header, bytes);


    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(header.toBase64URL().toString());


    // Encrypt the plain text according to the JWE enc
    byte[] iv;
    AuthenticatedCipherText authCipherText;
    
    if (enc.equals(EncryptionMethod.A128CBC_HS256) ||
        enc.equals(EncryptionMethod.A192CBC_HS384) ||
        enc.equals(EncryptionMethod.A256CBC_HS512)    ) {


      iv = AESCBC.generateIV(randomGen);


      authCipherText = AESCBC.encryptAuthenticated(
        cek, iv, plainText, aad,
        contentEncryptionProvider, macProvider);


    } else if (enc.equals(EncryptionMethod.A128GCM) ||
         enc.equals(EncryptionMethod.A192GCM) ||
         enc.equals(EncryptionMethod.A256GCM)    ) {


      iv = AESGCM.generateIV(randomGen);


      authCipherText = AESGCM.encrypt(
        cek, iv, plainText, aad,
        contentEncryptionProvider);


    } else if (enc.equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) ||
         enc.equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)    ) {


      iv = AESCBC.generateIV(randomGen);


      authCipherText = AESCBC.encryptWithConcatKDF(
        header, cek, encryptedKey, iv, plainText,

View Full Code Here

Examples of com.nimbusds.jose.EncryptionMethod


      throw new JOSEException("Unsupported JWE algorithm, must be \"dir\"");
    }


    // Check key length matches matches encryption method
    EncryptionMethod enc = readOnlyJWEHeader.getEncryptionMethod();


    if (enc.cekBitLength() != getKey().getEncoded().length * 8) {


      throw new JOSEException("The Content Encryption Key (CEK) length must be " + enc.cekBitLength() + " bits for " + enc + " encryption");
    }


    final Base64URL encryptedKey = null; // The second JWE part




    // Apply compression if instructed
    byte[] plainText = DeflateHelper.applyCompression(readOnlyJWEHeader, bytes);




    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(readOnlyJWEHeader.toBase64URL().toString());
    


    // Encrypt the plain text according to the JWE enc
    byte[] iv;
    AuthenticatedCipherText authCipherText;
    SecureRandom randomGen = getSecureRandom();


    if (enc.equals(EncryptionMethod.A128CBC_HS256) || enc.equals(EncryptionMethod.A192CBC_HS384) || enc.equals(EncryptionMethod.A256CBC_HS512)) {


      iv = AESCBC.generateIV(randomGen);


      authCipherText = AESCBC.encryptAuthenticated(getKey(), iv, plainText, aad, contentEncryptionProvider, macProvider);


    } else if (enc.equals(EncryptionMethod.A128GCM) || enc.equals(EncryptionMethod.A192GCM) || enc.equals(EncryptionMethod.A256GCM)) {


      iv = AESGCM.generateIV(randomGen);


      authCipherText = AESGCM.encrypt(getKey(), iv, plainText, aad, contentEncryptionProvider);

View Full Code Here

Examples of com.nimbusds.jose.EncryptionMethod


    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(header.toBase64URL().toString());


    // Decrypt the cipher text according to the JWE enc
    EncryptionMethod enc = header.getEncryptionMethod();


    byte[] plainText;


    if (enc.equals(EncryptionMethod.A128CBC_HS256) ||
        enc.equals(EncryptionMethod.A192CBC_HS384) ||
        enc.equals(EncryptionMethod.A256CBC_HS512)    ) {


      plainText = AESCBC.decryptAuthenticated(
        cek,
        iv.decode(),
        cipherText.decode(),
        aad,
        authTag.decode(),
        contentEncryptionProvider,
        macProvider);


    } else if (enc.equals(EncryptionMethod.A128GCM) ||
         enc.equals(EncryptionMethod.A192GCM) ||
         enc.equals(EncryptionMethod.A256GCM)    ) {


      plainText = AESGCM.decrypt(
        cek,
        iv.decode(),
        cipherText.decode(),
        aad,
        authTag.decode(),
        contentEncryptionProvider);


    } else if (enc.equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) ||
         enc.equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)    ) {


      plainText = AESCBC.decryptWithConcatKDF(
        header,
        cek,
        encryptedKey,

View Full Code Here

Examples of com.nimbusds.jose.EncryptionMethod


    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(header.toBase64URL().toString());


    // Decrypt the cipher text according to the JWE enc
    EncryptionMethod enc = header.getEncryptionMethod();


    byte[] plainText;


    if (enc.equals(EncryptionMethod.A128CBC_HS256) ||
      enc.equals(EncryptionMethod.A192CBC_HS384) ||
      enc.equals(EncryptionMethod.A256CBC_HS512)) {


      plainText = AESCBC.decryptAuthenticated(
        cek,
        iv.decode(),
        cipherText.decode(),
        aad,
        authTag.decode(),
        contentEncryptionProvider,
        macProvider);


    } else if (enc.equals(EncryptionMethod.A128GCM) ||
      enc.equals(EncryptionMethod.A192GCM) ||
      enc.equals(EncryptionMethod.A256GCM)) {


      plainText = AESGCM.decrypt(
        cek,
        iv.decode(),
        cipherText.decode(),
        aad,
        authTag.decode(),
        contentEncryptionProvider);


    } else if (enc.equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) ||
      enc.equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)) {


      plainText = AESCBC.decryptWithConcatKDF(
        header,
        cek,
        encryptedKey,

View Full Code Here

Examples of com.nimbusds.jose.EncryptionMethod


    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(header.toBase64URL().toString());


    // Decrypt the cipher text according to the JWE enc
    EncryptionMethod enc = header.getEncryptionMethod();


    byte[] plainText;


    if (enc.equals(EncryptionMethod.A128CBC_HS256) || enc.equals(EncryptionMethod.A192CBC_HS384) || enc.equals(EncryptionMethod.A256CBC_HS512)) {


      plainText = AESCBC.decryptAuthenticated(getKey(), iv.decode(), cipherText.decode(), aad, authTag.decode(), contentEncryptionProvider, macProvider);


    } else if (enc.equals(EncryptionMethod.A128GCM) || enc.equals(EncryptionMethod.A192GCM) || enc.equals(EncryptionMethod.A256GCM)) {


      plainText = AESGCM.decrypt(getKey(), iv.decode(), cipherText.decode(), aad, authTag.decode(), contentEncryptionProvider);


    } else {

View Full Code Here

Examples of com.nimbusds.jose.EncryptionMethod


    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(header.toBase64URL().toString());


    // Decrypt the cipher text according to the JWE enc
    EncryptionMethod enc = header.getEncryptionMethod();


    byte[] plainText;


    if (enc.equals(EncryptionMethod.A128CBC_HS256) ||
        enc.equals(EncryptionMethod.A192CBC_HS384) ||
        enc.equals(EncryptionMethod.A256CBC_HS512)    ) {


      plainText = AESCBC.decryptAuthenticated(
        cek,
        iv.decode(),
        cipherText.decode(),
        aad,
        authTag.decode(),
        contentEncryptionProvider,
        macProvider);


    } else if (enc.equals(EncryptionMethod.A128GCM) ||
         enc.equals(EncryptionMethod.A192GCM) ||
         enc.equals(EncryptionMethod.A256GCM)    ) {


      plainText = AESGCM.decrypt(
        cek,
        iv.decode(),
        cipherText.decode(),
        aad,
        authTag.decode(),
        contentEncryptionProvider);


    } else if (enc.equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) ||
         enc.equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)    ) {


      plainText = AESCBC.decryptWithConcatKDF(
        header,
        cek,
        encryptedKey,

View Full Code Here

0 1 2 3 4 5

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.