Package org.jboss.resteasy.jose.jwe.crypto

Source Code of org.jboss.resteasy.jose.jwe.crypto.DirectDecrypter

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
package org.jboss.resteasy.jose.jwe.crypto;


import org.jboss.resteasy.jose.Base64Url;
import org.jboss.resteasy.jose.jwe.Algorithm;
import org.jboss.resteasy.jose.jwe.EncryptionMethod;
import org.jboss.resteasy.jose.jwe.JWEHeader;

import javax.crypto.SecretKey;
import java.nio.charset.Charset;


/**
* Direct decrypter with a
* shared symmetric key. This class is thread-safe.
* <p/>
* <p>Supports the following JWE algorithms:
* <p/>
* <ul>
* <li>DIR
* </ul>
* <p/>
* <p>Supports the following encryption methods:
* <p/>
* <ul>
* <li>A128CBC_HS256
* <li>A256CBC_HS512
* <li>A128GCM
* <li>A256GCM
* </ul>
*
* @author Vladimir Dzhuvinov
* @version $version$ (2013-05-29)
*/
public class DirectDecrypter
{
   public static byte[] decrypt(final SecretKey key,
                                final JWEHeader readOnlyJWEHeader,
                                final String encodedHeader,
                                final String encryptedKey,
                                final String encodedIv,
                                final String encodedCipherText,
                                final String encodedAuthTag
                               )
   {

      // Validate required JWE parts
      if (encryptedKey != null)
      {

         throw new RuntimeException("Unexpected encrypted key, must be omitted");
      }

      if (encodedIv == null)
      {

         throw new RuntimeException("The initialization vector (IV) must not be null");
      }

      if (encodedAuthTag == null)
      {

         throw new RuntimeException("The authentication tag must not be null");
      }


      Algorithm alg = readOnlyJWEHeader.getAlgorithm();

      if (!alg.equals(Algorithm.dir))
      {

         throw new RuntimeException("Unsupported algorithm, must be \"dir\"");
      }

      // Compose the AAD
      byte[] aad =  encodedHeader.getBytes(Charset.forName("UTF-8"));
      byte[] iv = Base64Url.decode(encodedIv);
      byte[] cipherText = Base64Url.decode(encodedCipherText);
      byte[] authTag = Base64Url.decode(encodedAuthTag);

      // Decrypt the cipher text according to the JWE enc
      EncryptionMethod enc = readOnlyJWEHeader.getEncryptionMethod();

      byte[] plainText;

      if (enc.equals(EncryptionMethod.A128CBC_HS256) || enc.equals(EncryptionMethod.A256CBC_HS512))
      {

         plainText = AESCBC.decryptAuthenticated(key, iv, cipherText, aad, authTag);

      }
      else if (enc.equals(EncryptionMethod.A128GCM) || enc.equals(EncryptionMethod.A256GCM))
      {

         plainText = AESGCM.decrypt(key, iv, cipherText, aad, authTag);

      }
      else
      {

         throw new RuntimeException("Unsupported encryption method, must be A128CBC_HS256, A256CBC_HS512, A128GCM or A128GCM");
      }


      // Apply decompression if requested
      return DeflateHelper.applyDecompression(readOnlyJWEHeader.getCompressionAlgorithm(), plainText);
   }
}
TOP

Related Classes of org.jboss.resteasy.jose.jwe.crypto.DirectDecrypter

  • org.jboss.resteasy.jose.jwe.Algorithm
  • org.jboss.resteasy.jose.jwe.EncryptionMethod
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.