/*
* Copyright 2012-2014 Brian Campbell
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jose4j.examples;
import junit.framework.TestCase;
import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.Use;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.keys.AesKey;
import org.jose4j.keys.ExampleEcKeysFromJws;
import org.jose4j.lang.ByteUtil;
import org.jose4j.lang.JoseException;
import org.junit.Test;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Arrays;
/**
* There's probably a better way to do this but this is intended as a place to write and try and maintain
* example code for the project wiki at https://bitbucket.org/b_c/jose4j/wiki/Home
*/
public class ExamplesTest
{
@Test
public void jwsSigningExample() throws JoseException
{
//
// An example of signing using JSON Web Signature (JWS)
//
// The content that will be signed
String examplePayload = "This is some text that is to be signed.";
// Create a new JsonWebSignature
JsonWebSignature jws = new JsonWebSignature();
// Set the payload, or signed content, on the JWS object
jws.setPayload(examplePayload);
// Set the signature algorithm on the JWS that will integrity protect the payload
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256);
// Set the signing key on the JWS
// Note that your application will need to determine where/how to get the key
// and here we just use an example from the JWS spec
PrivateKey privateKey = ExampleEcKeysFromJws.PRIVATE_256;
jws.setKey(privateKey);
// Sign the JWS and produce the compact serialization or complete JWS representation, which
// is a string consisting of three dot ('.') separated base64url-encoded
// parts in the form Header.Payload.Signature
String jwsCompactSerialization = jws.getCompactSerialization();
// Do something useful with your JWS
System.out.println(jwsCompactSerialization);
}
@Test
public void jwsVerificationExample() throws JoseException
{
//
// An example of signature verification using JSON Web Signature (JWS)
//
// The complete JWS representation, or compact serialization, is string consisting of
// three dot ('.') separated base64url-encoded parts in the form Header.Payload.Signature
String compactSerialization = "eyJhbGciOiJFUzI1NiJ9." +
"VGhpcyBpcyBzb21lIHRleHQgdGhhdCBpcyB0byBiZSBzaWduZWQu." +
"GHiNd8EgKa-2A4yJLHyLCqlwoSxwqv2rzGrvUTxczTYDBeUHUwQRB3P0dp_DALL0jQIDz2vQAT_cnWTIW98W_A";
// Create a new JsonWebSignature
JsonWebSignature jws = new JsonWebSignature();
// Set the compact serialization on the JWS
jws.setCompactSerialization(compactSerialization);
// Set the verification key
// Note that your application will need to determine where/how to get the key
// Here we use an example from the JWS spec
PublicKey publicKey = ExampleEcKeysFromJws.PUBLIC_256;
jws.setKey(publicKey);
// Check the signature
boolean signatureVerified = jws.verifySignature();
// Do something useful with the result of signature verification
System.out.println("JWS Signature is valid: " + signatureVerified);
// Get the payload, or signed content, from the JWS
String payload = jws.getPayload();
// Do something useful with the content
System.out.println("JWS payload: " + payload);
}
@Test
public void parseJwksAndVerifyJwsExample() throws JoseException
{
//
// An example of signature verification using JSON Web Signature (JWS)
// where the verification key is obtained from a JSON Web Key Set document.
//
// A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a
// cryptographic key (often but not always a public key). A JSON Web Key Set (JWK Set) document
// is a JSON data structure for representing one or more JSON Web Keys (JWK). A JWK Set might,
// for example, be obtained from an HTTPS endpoint controlled by the signer but this example
// presumes the JWK Set JSONhas already been acquired by some secure/trusted means.
String jsonWebKeySetJson = "{\"keys\":[" +
"{\"kty\":\"EC\",\"use\":\"sig\"," +
"\"kid\":\"the key\"," +
"\"x\":\"amuk6RkDZi-48mKrzgBN_zUZ_9qupIwTZHJjM03qL-4\"," +
"\"y\":\"ZOESj6_dpPiZZR-fJ-XVszQta28Cjgti7JudooQJ0co\",\"crv\":\"P-256\"}," +
"{\"kty\":\"EC\",\"use\":\"sig\"," +
" \"kid\":\"other key\"," +
"\"x\":\"eCNZgiEHUpLaCNgYIcvWzfyBlzlaqEaWbt7RFJ4nIBA\"," +
"\"y\":\"UujFME4pNk-nU4B9h4hsetIeSAzhy8DesBgWppiHKPM\",\"crv\":\"P-256\"}]}";
// The complete JWS representation, or compact serialization, is string consisting of
// three dot ('.') separated base64url-encoded parts in the form Header.Payload.Signature
String compactSerialization = "eyJhbGciOiJFUzI1NiIsImtpZCI6InRoZSBrZXkifQ." +
"UEFZTE9BRCE."+
"Oq-H1lk5G0rl6oyNM3jR5S0-BZQgTlamIKMApq3RX8Hmh2d2XgB4scvsMzGvE-OlEmDY9Oy0YwNGArLpzXWyjw";
// Create a new JsonWebSignature object
JsonWebSignature jws = new JsonWebSignature();
// Set the compact serialization on the JWS
jws.setCompactSerialization(compactSerialization);
// Create a new JsonWebKeySet object with the JWK Set JSON
JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(jsonWebKeySetJson);
// The JWS header contains a Key ID, which is a hint indicating which key
// was used to secure the JWS. In this case (as will hopefully often be the case) the JWS Key ID
// corresponds directly to the Key ID in the JWK Set.
String keyId = jws.getKeyIdHeaderValue();
// Find a JWK from the JWK Set that has the same Key ID, uses the same Key Type (EC)
// and is designated to be used for signatures.
JsonWebKey jwk = jsonWebKeySet.findJsonWebKey(keyId, jws.getKeyType(), Use.SIGNATURE, null);
// The verification key on the JWS is the public key from the JWK we pulled from the JWK Set.
jws.setKey(jwk.getKey());
// Check the signature
boolean signatureVerified = jws.verifySignature();
// Do something useful with the result of signature verification
System.out.println("JWS Signature is valid: " + signatureVerified);
// Get the payload, or signed content, from the JWS
String payload = jws.getPayload();
// Do something useful with the content
System.out.println("JWS payload: " + payload);
}
@Test
public void jweRoundTripExample() throws JoseException
{
//
// An example showing the use of JSON Web Encryption (JWE) to encrypt and then decrypt some content
// using a symmetric key and direct encryption.
//
// The content to be encrypted
String message = "Well, as of this moment, they're on DOUBLE SECRET PROBATION!";
// The shared secret or shared symmetric key represented as a octet sequence JSON Web Key (JWK)
String jwkJson = "{\"kty\":\"oct\",\"k\":\"Fdh9u8rINxfivbrianbbVT1u232VQBZYKx1HGAGPt2I\"}";
JsonWebKey jwk = JsonWebKey.Factory.newJwk(jwkJson);
// Create a new Json Web Encryption object
JsonWebEncryption senderJwe = new JsonWebEncryption();
// The plaintext of the JWE is the message that we want to encrypt.
senderJwe.setPlaintext(message);
// Set the "alg" header, which indicates the key management mode for this JWE.
// In this example we are using the direct key management mode, which means
// the given key will be used directly as the content encryption key.
senderJwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.DIRECT);
// Set the "enc" header, which indicates the content encryption algorithm to be used.
// This example is using AES_128_CBC_HMAC_SHA_256 which is a composition of AES CBC
// and HMAC SHA2 that provides authenticated encryption.
senderJwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256);
// Set the key on the JWE. In this case, using direct mode, the key will used directly as
// the content encryption key. AES_128_CBC_HMAC_SHA_256, which is being used to encrypt the
// content requires a 256 bit key.
senderJwe.setKey(jwk.getKey());
// Produce the JWE compact serialization, which is where the actual encryption is done.
// The JWE compact serialization consists of five base64url encoded parts
// combined with a dot ('.') character in the general format of
// <header>.<encrypted key>.<initialization vector>.<ciphertext>.<authentication tag>
// Direct encryption doesn't use an encrypted key so that field will be an empty string
// in this case.
String compactSerialization = senderJwe.getCompactSerialization();
// Do something with the JWE. Like send it to some other party over the clouds
// and through the interwebs.
System.out.println("JWE compact serialization: " + compactSerialization);
// That other party, the receiver, can then use JsonWebEncryption to decrypt the message.
JsonWebEncryption receiverJwe = new JsonWebEncryption();
// Set the compact serialization on new Json Web Encryption object
receiverJwe.setCompactSerialization(compactSerialization);
// Symmetric encryption, like we are doing here, requires that both parties have the same key.
// The key will have had to have been securely exchanged out-of-band somehow.
receiverJwe.setKey(jwk.getKey());
// Get the message that was encrypted in the JWE. This step performs the actual decryption steps.
String plaintext = receiverJwe.getPlaintextString();
// And do whatever you need to do with the clear text message.
System.out.println("plaintext: " + plaintext);
}
@Test
public void helloWorld() throws JoseException
{
Key key = new AesKey(ByteUtil.randomBytes(16));
JsonWebEncryption jwe = new JsonWebEncryption();
jwe.setPayload("Hello World!");
jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.A128KW);
jwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256);
jwe.setKey(key);
String serializedJwe = jwe.getCompactSerialization();
System.out.println("Serialized Encrypted JWE: " + serializedJwe);
jwe = new JsonWebEncryption();
jwe.setKey(key);
jwe.setCompactSerialization(serializedJwe);
System.out.println("Payload: " + jwe.getPayload());
}
}