Package com.nimbusds.jose

Examples of com.nimbusds.jose.EncryptionMethod


    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(header.toBase64URL().toString());

    // Decrypt the cipher text according to the JWE enc
    EncryptionMethod enc = header.getEncryptionMethod();

    byte[] plainText;

    if (enc.equals(EncryptionMethod.A128CBC_HS256) || enc.equals(EncryptionMethod.A192CBC_HS384) || enc.equals(EncryptionMethod.A256CBC_HS512)) {

      plainText = AESCBC.decryptAuthenticated(getKey(), iv.decode(), cipherText.decode(), aad, authTag.decode(), contentEncryptionProvider, macProvider);

    } else if (enc.equals(EncryptionMethod.A128GCM) || enc.equals(EncryptionMethod.A192GCM) || enc.equals(EncryptionMethod.A256GCM)) {

      plainText = AESGCM.decrypt(getKey(), iv.decode(), cipherText.decode(), aad, authTag.decode(), contentEncryptionProvider);

    } else {
View Full Code Here


  @Override
  public JWECryptoParts encrypt(final JWEHeader header, final byte[] bytes)
    throws JOSEException {

    final JWEAlgorithm alg = header.getAlgorithm();
    final EncryptionMethod enc = header.getEncryptionMethod();

    // Generate and encrypt the CEK according to the enc method
    final SecureRandom randomGen = getSecureRandom();
    final SecretKey cek = AES.generateKey(enc.cekBitLength(), randomGen);
    byte[] keyIV;

    final AuthenticatedCipherText authCiphCEK;

    AlgFamily algFamily;

    Base64URL encryptedKey; // The second JWE part

    if (alg.equals(JWEAlgorithm.A128KW)) {

      if(kek.getEncoded().length != 16){
        throw new JOSEException("The Key Encryption Key (KEK) length must be 128 bits for A128KW encryption");
      }
      algFamily = AlgFamily.AESKW;

    } else if (alg.equals(JWEAlgorithm.A192KW)) {

      if(kek.getEncoded().length != 24){
        throw new JOSEException("The Key Encryption Key (KEK) length must be 192 bits for A192KW encryption");
      }
      algFamily = AlgFamily.AESKW;

    } else if (alg.equals(JWEAlgorithm.A256KW)) {

      if (kek.getEncoded().length != 32) {
        throw new JOSEException("The Key Encryption Key (KEK) length must be 256 bits for A256KW encryption");
      }
      algFamily = AlgFamily.AESKW;

    } else if (alg.equals(JWEAlgorithm.A128GCMKW)) {

      if(kek.getEncoded().length != 16){
        throw new JOSEException("The Key Encryption Key (KEK) length must be 128 bits for A128GCMKW encryption");
      }
      algFamily = AlgFamily.AESGCMKW;

    } else if (alg.equals(JWEAlgorithm.A192GCMKW)) {

      if(kek.getEncoded().length != 24){
        throw new JOSEException("The Key Encryption Key (KEK) length must be 192 bits for A192GCMKW encryption");
      }
      algFamily = AlgFamily.AESGCMKW;

    } else if (alg.equals(JWEAlgorithm.A256GCMKW)) {

      if(kek.getEncoded().length != 32){
        throw new JOSEException("The Key Encryption Key (KEK) length must be 256 bits for A256GCMKW encryption");
      }
      algFamily = AlgFamily.AESGCMKW;

    } else {

      throw new JOSEException("Unsupported JWE algorithm, must be A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW orA256GCMKW");
    }

    // We need to work on the header
    JWEHeader modifiableHeader;

    switch (algFamily) {

      case AESKW:
        encryptedKey = Base64URL.encode(AESKW.encryptCEK(cek, kek));
        modifiableHeader = header; // simply copy ref
        break;

      case AESGCMKW:
        keyIV = AESGCM.generateIV(randomGen);
        authCiphCEK = AESGCMKW.encryptCEK(cek, keyIV, kek, keyEncryptionProvider);
        encryptedKey = Base64URL.encode(authCiphCEK.getCipherText());

        // Add iv and tag to the header
        modifiableHeader = new JWEHeader.Builder(header).
          iv(Base64URL.encode(keyIV)).
          authTag(Base64URL.encode(authCiphCEK.getAuthenticationTag())).
          build();
        break;

      default:
        // This should never happen
        throw new JOSEException("Unsupported JWE algorithm, must be A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW orA256GCMKW");
    }

    // Apply compression if instructed
    byte[] plainText = DeflateHelper.applyCompression(modifiableHeader, bytes);

    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(modifiableHeader.toBase64URL().toString());

    // Encrypt the plain text according to the JWE enc
    byte[] iv;
    AuthenticatedCipherText authCipherText;

    if (enc.equals(EncryptionMethod.A128CBC_HS256) ||
        enc.equals(EncryptionMethod.A192CBC_HS384) ||
        enc.equals(EncryptionMethod.A256CBC_HS512)   ) {

      iv = AESCBC.generateIV(randomGen);

      authCipherText = AESCBC.encryptAuthenticated(
        cek, iv, plainText, aad,
        contentEncryptionProvider, macProvider);

    } else if (enc.equals(EncryptionMethod.A128GCM) ||
         enc.equals(EncryptionMethod.A192GCM) ||
         enc.equals(EncryptionMethod.A256GCM)    ) {

      iv = AESGCM.generateIV(randomGen);

      authCipherText = AESGCM.encrypt(
        cek, iv, plainText, aad,
        contentEncryptionProvider);

    } else if (enc.equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) ||
         enc.equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)    ) {

      iv = AESCBC.generateIV(randomGen);

      authCipherText = AESCBC.encryptWithConcatKDF(
        modifiableHeader, cek, encryptedKey, iv, plainText,
View Full Code Here

      op.requestObjectJWEEncs = new ArrayList<>();

      for (String v: JSONObjectUtils.getStringArray(jsonObject, "request_object_encryption_enc_values_supported")) {

        if (v != null)
          op.requestObjectJWEEncs.add(new EncryptionMethod(v));
      }
    }
   
   
    // ID token

    if (jsonObject.containsKey("id_token_signing_alg_values_supported")) {

      op.idTokenJWSAlgs = new ArrayList<>();

      for (String v: JSONObjectUtils.getStringArray(jsonObject, "id_token_signing_alg_values_supported")) {

        if (v != null)
          op.idTokenJWSAlgs.add(new JWSAlgorithm(v));
      }
    }


    if (jsonObject.containsKey("id_token_encryption_alg_values_supported")) {

      op.idTokenJWEAlgs = new ArrayList<>();

      for (String v: JSONObjectUtils.getStringArray(jsonObject, "id_token_encryption_alg_values_supported")) {

        if (v != null)
          op.idTokenJWEAlgs.add(new JWEAlgorithm(v));
      }
    }


    if (jsonObject.containsKey("id_token_encryption_enc_values_supported")) {

      op.idTokenJWEEncs = new ArrayList<>();

      for (String v: JSONObjectUtils.getStringArray(jsonObject, "id_token_encryption_enc_values_supported")) {

        if (v != null)
          op.idTokenJWEEncs.add(new EncryptionMethod(v));
      }
    }

    // UserInfo

    if (jsonObject.containsKey("userinfo_signing_alg_values_supported")) {

      op.userInfoJWSAlgs = new ArrayList<>();

      for (String v: JSONObjectUtils.getStringArray(jsonObject, "userinfo_signing_alg_values_supported")) {

        if (v != null)
          op.userInfoJWSAlgs.add(new JWSAlgorithm(v));
      }
    }


    if (jsonObject.containsKey("userinfo_encryption_alg_values_supported")) {

      op.userInfoJWEAlgs = new ArrayList<>();

      for (String v: JSONObjectUtils.getStringArray(jsonObject, "userinfo_encryption_alg_values_supported")) {

        if (v != null)
          op.userInfoJWEAlgs.add(new JWEAlgorithm(v));
      }
    }


    if (jsonObject.containsKey("userinfo_encryption_enc_values_supported")) {

      op.userInfoJWEEncs = new ArrayList<>();

      for (String v: JSONObjectUtils.getStringArray(jsonObject, "userinfo_encryption_enc_values_supported")) {

          if (v != null)
            op.userInfoJWEEncs.add(new EncryptionMethod(v));
      }
    }

   
    // Misc
View Full Code Here

      oidcFields.remove("request_object_encryption_alg");
    }

    if (jsonObject.containsKey("request_object_encryption_enc")) {
      metadata.setRequestObjectJWEEnc(new EncryptionMethod(
        JSONObjectUtils.getString(jsonObject, "request_object_encryption_enc")));

      oidcFields.remove("request_object_encryption_enc");
    }

    if (jsonObject.containsKey("token_endpoint_auth_signing_alg")) {
      metadata.setTokenEndpointAuthJWSAlg(new JWSAlgorithm(
        JSONObjectUtils.getString(jsonObject, "token_endpoint_auth_signing_alg")));

      oidcFields.remove("token_endpoint_auth_signing_alg");
    }

    if (jsonObject.containsKey("id_token_signed_response_alg")) {
      metadata.setIDTokenJWSAlg(new JWSAlgorithm(
        JSONObjectUtils.getString(jsonObject, "id_token_signed_response_alg")));

      oidcFields.remove("id_token_signed_response_alg");
    }

    if (jsonObject.containsKey("id_token_encrypted_response_alg")) {
      metadata.setIDTokenJWEAlg(new JWEAlgorithm(
        JSONObjectUtils.getString(jsonObject, "id_token_encrypted_response_alg")));

      oidcFields.remove("id_token_encrypted_response_alg");
    }

    if (jsonObject.containsKey("id_token_encrypted_response_enc")) {
      metadata.setIDTokenJWEEnc(new EncryptionMethod(
        JSONObjectUtils.getString(jsonObject, "id_token_encrypted_response_enc")));

      oidcFields.remove("id_token_encrypted_response_enc");
    }

    if (jsonObject.containsKey("userinfo_signed_response_alg")) {
      metadata.setUserInfoJWSAlg(new JWSAlgorithm(
        JSONObjectUtils.getString(jsonObject, "userinfo_signed_response_alg")));

      oidcFields.remove("userinfo_signed_response_alg");
    }

    if (jsonObject.containsKey("userinfo_encrypted_response_alg")) {
      metadata.setUserInfoJWEAlg(new JWEAlgorithm(
        JSONObjectUtils.getString(jsonObject, "userinfo_encrypted_response_alg")));

      oidcFields.remove("userinfo_encrypted_response_alg");
    }

    if (jsonObject.containsKey("userinfo_encrypted_response_enc")) {
      metadata.setUserInfoJWEEnc(new EncryptionMethod(
        JSONObjectUtils.getString(jsonObject, "userinfo_encrypted_response_enc")));

      oidcFields.remove("userinfo_encrypted_response_enc");
    }
View Full Code Here

  @Override
  public JWECryptoParts encrypt(final JWEHeader header, final byte[] bytes)
    throws JOSEException {

    final JWEAlgorithm alg = header.getAlgorithm();
    final EncryptionMethod enc = header.getEncryptionMethod();

    // Generate and encrypt the CEK according to the enc method
    final SecureRandom randomGen = getSecureRandom();
    final SecretKey cek = AES.generateKey(enc.cekBitLength(), randomGen);

    Base64URL encryptedKey; // The second JWE part

    if (alg.equals(JWEAlgorithm.RSA1_5)) {

      encryptedKey = Base64URL.encode(RSA1_5.encryptCEK(publicKey, cek, keyEncryptionProvider));

    } else if (alg.equals(JWEAlgorithm.RSA_OAEP)) {

      encryptedKey = Base64URL.encode(RSA_OAEP.encryptCEK(publicKey, cek, keyEncryptionProvider));

    } else if (alg.equals(JWEAlgorithm.RSA_OAEP_256)) {
     
      encryptedKey = Base64URL.encode(RSA_OAEP_256.encryptCEK(publicKey, cek, keyEncryptionProvider));
     
    } else {

      throw new JOSEException("Unsupported JWE algorithm, must be RSA1_5, RSA-OAEP, or RSA-OAEP-256");
    }


    // Apply compression if instructed
    byte[] plainText = DeflateHelper.applyCompression(header, bytes);

    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(header.toBase64URL().toString());

    // Encrypt the plain text according to the JWE enc
    byte[] iv;
    AuthenticatedCipherText authCipherText;
   
    if (enc.equals(EncryptionMethod.A128CBC_HS256) ||
        enc.equals(EncryptionMethod.A192CBC_HS384) ||
        enc.equals(EncryptionMethod.A256CBC_HS512)    ) {

      iv = AESCBC.generateIV(randomGen);

      authCipherText = AESCBC.encryptAuthenticated(
        cek, iv, plainText, aad,
        contentEncryptionProvider, macProvider);

    } else if (enc.equals(EncryptionMethod.A128GCM) ||
         enc.equals(EncryptionMethod.A192GCM) ||
         enc.equals(EncryptionMethod.A256GCM)    ) {

      iv = AESGCM.generateIV(randomGen);

      authCipherText = AESGCM.encrypt(
        cek, iv, plainText, aad,
        contentEncryptionProvider);

    } else if (enc.equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) ||
         enc.equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)    ) {

      iv = AESCBC.generateIV(randomGen);

      authCipherText = AESCBC.encryptWithConcatKDF(
        header, cek, encryptedKey, iv, plainText,
View Full Code Here

      throw new JOSEException("Unsupported JWE algorithm, must be \"dir\"");
    }

    // Check key length matches matches encryption method
    EncryptionMethod enc = readOnlyJWEHeader.getEncryptionMethod();

    if (enc.cekBitLength() != getKey().getEncoded().length * 8) {

      throw new JOSEException("The Content Encryption Key (CEK) length must be " + enc.cekBitLength() + " bits for " + enc + " encryption");
    }

    final Base64URL encryptedKey = null; // The second JWE part


    // Apply compression if instructed
    byte[] plainText = DeflateHelper.applyCompression(readOnlyJWEHeader, bytes);


    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(readOnlyJWEHeader.toBase64URL().toString());
   

    // Encrypt the plain text according to the JWE enc
    byte[] iv;
    AuthenticatedCipherText authCipherText;
    SecureRandom randomGen = getSecureRandom();

    if (enc.equals(EncryptionMethod.A128CBC_HS256) || enc.equals(EncryptionMethod.A192CBC_HS384) || enc.equals(EncryptionMethod.A256CBC_HS512)) {

      iv = AESCBC.generateIV(randomGen);

      authCipherText = AESCBC.encryptAuthenticated(getKey(), iv, plainText, aad, contentEncryptionProvider, macProvider);

    } else if (enc.equals(EncryptionMethod.A128GCM) || enc.equals(EncryptionMethod.A192GCM) || enc.equals(EncryptionMethod.A256GCM)) {

      iv = AESGCM.generateIV(randomGen);

      authCipherText = AESGCM.encrypt(getKey(), iv, plainText, aad, contentEncryptionProvider);

View Full Code Here

    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(header.toBase64URL().toString());

    // Decrypt the cipher text according to the JWE enc
    EncryptionMethod enc = header.getEncryptionMethod();

    byte[] plainText;

    if (enc.equals(EncryptionMethod.A128CBC_HS256) ||
        enc.equals(EncryptionMethod.A192CBC_HS384) ||
        enc.equals(EncryptionMethod.A256CBC_HS512)    ) {

      plainText = AESCBC.decryptAuthenticated(
        cek,
        iv.decode(),
        cipherText.decode(),
        aad,
        authTag.decode(),
        contentEncryptionProvider,
        macProvider);

    } else if (enc.equals(EncryptionMethod.A128GCM) ||
         enc.equals(EncryptionMethod.A192GCM) ||
         enc.equals(EncryptionMethod.A256GCM)    ) {

      plainText = AESGCM.decrypt(
        cek,
        iv.decode(),
        cipherText.decode(),
        aad,
        authTag.decode(),
        contentEncryptionProvider);

    } else if (enc.equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) ||
         enc.equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)    ) {

      plainText = AESCBC.decryptWithConcatKDF(
        header,
        cek,
        encryptedKey,
View Full Code Here

    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(header.toBase64URL().toString());

    // Decrypt the cipher text according to the JWE enc
    EncryptionMethod enc = header.getEncryptionMethod();

    byte[] plainText;

    if (enc.equals(EncryptionMethod.A128CBC_HS256) ||
      enc.equals(EncryptionMethod.A192CBC_HS384) ||
      enc.equals(EncryptionMethod.A256CBC_HS512)) {

      plainText = AESCBC.decryptAuthenticated(
        cek,
        iv.decode(),
        cipherText.decode(),
        aad,
        authTag.decode(),
        contentEncryptionProvider,
        macProvider);

    } else if (enc.equals(EncryptionMethod.A128GCM) ||
      enc.equals(EncryptionMethod.A192GCM) ||
      enc.equals(EncryptionMethod.A256GCM)) {

      plainText = AESGCM.decrypt(
        cek,
        iv.decode(),
        cipherText.decode(),
        aad,
        authTag.decode(),
        contentEncryptionProvider);

    } else if (enc.equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) ||
      enc.equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)) {

      plainText = AESCBC.decryptWithConcatKDF(
        header,
        cek,
        encryptedKey,
View Full Code Here

    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(header.toBase64URL().toString());

    // Decrypt the cipher text according to the JWE enc
    EncryptionMethod enc = header.getEncryptionMethod();

    byte[] plainText;

    if (enc.equals(EncryptionMethod.A128CBC_HS256) || enc.equals(EncryptionMethod.A192CBC_HS384) || enc.equals(EncryptionMethod.A256CBC_HS512)) {

      plainText = AESCBC.decryptAuthenticated(getKey(), iv.decode(), cipherText.decode(), aad, authTag.decode(), contentEncryptionProvider, macProvider);

    } else if (enc.equals(EncryptionMethod.A128GCM) || enc.equals(EncryptionMethod.A192GCM) || enc.equals(EncryptionMethod.A256GCM)) {

      plainText = AESGCM.decrypt(getKey(), iv.decode(), cipherText.decode(), aad, authTag.decode(), contentEncryptionProvider);

    } else {
View Full Code Here

    // Compose the AAD
    byte[] aad = StringUtils.toByteArray(header.toBase64URL().toString());

    // Decrypt the cipher text according to the JWE enc
    EncryptionMethod enc = header.getEncryptionMethod();

    byte[] plainText;

    if (enc.equals(EncryptionMethod.A128CBC_HS256) ||
        enc.equals(EncryptionMethod.A192CBC_HS384) ||
        enc.equals(EncryptionMethod.A256CBC_HS512)    ) {

      plainText = AESCBC.decryptAuthenticated(
        cek,
        iv.decode(),
        cipherText.decode(),
        aad,
        authTag.decode(),
        contentEncryptionProvider,
        macProvider);

    } else if (enc.equals(EncryptionMethod.A128GCM) ||
         enc.equals(EncryptionMethod.A192GCM) ||
         enc.equals(EncryptionMethod.A256GCM)    ) {

      plainText = AESGCM.decrypt(
        cek,
        iv.decode(),
        cipherText.decode(),
        aad,
        authTag.decode(),
        contentEncryptionProvider);

    } else if (enc.equals(EncryptionMethod.A128CBC_HS256_DEPRECATED) ||
         enc.equals(EncryptionMethod.A256CBC_HS512_DEPRECATED)    ) {

      plainText = AESCBC.decryptWithConcatKDF(
        header,
        cek,
        encryptedKey,
View Full Code Here

TOP

Related Classes of com.nimbusds.jose.EncryptionMethod

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.