DirectEncrypter encrypter = new DirectEncrypter((OctetSequenceKey) jwk); encrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance()); DirectDecrypter decrypter = new DirectDecrypter((OctetSequenceKey) jwk); decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
@Override protected JWEEncrypter buildEncrypter() { try { if (DirectDecrypter.SUPPORTED_ALGORITHMS.contains(algorithm)) { return new DirectEncrypter(this.secret); } else { return new AESEncrypter(this.secret); } } catch (final KeyLengthException e) { throw new TechnicalException(e); } }
@Override public JWECryptoParts encrypt(final JWEHeader header, final byte[] clearText) throws JOSEException { JWEAlgorithm alg = header.getAlgorithm(); if (! alg.equals(JWEAlgorithm.DIR)) { throw new JOSEException(AlgorithmSupportMessage.unsupportedJWEAlgorithm(alg, SUPPORTED_ALGORITHMS)); } // Check key length matches encryption method EncryptionMethod enc = header.getEncryptionMethod(); if (enc.cekBitLength() != ByteUtils.safeBitLength(getKey().getEncoded())) { throw new KeyLengthException(enc.cekBitLength(), enc); } final Base64URL encryptedKey = null; // The second JWE part return ContentCryptoProvider.encrypt(header, clearText, getKey(), encryptedKey, getJCAContext()); } }
private JWEEncrypter createEncryptor() throws KrbException, JOSEException { if (RSAEncrypter.SUPPORTED_ALGORITHMS.contains(jweAlgorithm)) { if (!(encryptionKey instanceof RSAPublicKey)) { throw new KrbException("An RSAPublicKey key must be specified for encryption"); } return new RSAEncrypter((RSAPublicKey) encryptionKey); } else if (DirectEncrypter.SUPPORTED_ALGORITHMS.contains(jweAlgorithm)) { if (!(encryptionKey instanceof byte[])) { throw new KrbException("A byte[] key must be specified for encryption"); } return new DirectEncrypter((byte[]) encryptionKey); } throw new KrbException("An unknown encryption algorithm was specified"); }
public LemonJweService(String secret) throws KeyLengthException { byte[] secretKey = secret.getBytes(); encrypter = new DirectEncrypter(secretKey); jwtProcessor = new DefaultJWTProcessor<SimpleSecurityContext>(); // The JWE key source JWKSource<SimpleSecurityContext> jweKeySource = new ImmutableSecret<SimpleSecurityContext>(secretKey); // Configure a key selector to handle the decryption phase JWEKeySelector<SimpleSecurityContext> jweKeySelector = new JWEDecryptionKeySelector<SimpleSecurityContext>(JWEAlgorithm.DIR, EncryptionMethod.A128CBC_HS256, jweKeySource); jwtProcessor.setJWEKeySelector(jweKeySelector); }
private JWEEncrypter createEncryptor() throws KrbException, JOSEException { if (RSAEncrypter.SUPPORTED_ALGORITHMS.contains(jweAlgorithm)) { if (!(encryptionKey instanceof RSAPublicKey)) { throw new KrbException("An RSAPublicKey key must be specified for encryption"); } return new RSAEncrypter((RSAPublicKey) encryptionKey); } else if (DirectEncrypter.SUPPORTED_ALGORITHMS.contains(jweAlgorithm)) { if (!(encryptionKey instanceof byte[])) { throw new KrbException("A byte[] key must be specified for encryption"); } return new DirectEncrypter((byte[]) encryptionKey); } throw new KrbException("An unknown encryption algorithm was specified"); }
private String encrypt(String plain, byte[] key) { Builder headerBuilder = new JWEHeader.Builder(JWEAlgorithm.DIR, EncryptionMethod.A128GCM); JWEObject jweObj = new JWEObject(headerBuilder.build(), new Payload(plain)); try { jweObj.encrypt(new DirectEncrypter(key)); } catch (JOSEException e) { throw new IllegalStateException(e); } return jweObj.serialize(); }
private String generateUserMainSecret(UserModel userModel, String secretAttrName, byte[] secretEncryptionPasswordPBKDF2) { String userMainSecretPlain = RandomStringUtils.randomGraph(16); Builder headerBuilder = new JWEHeader.Builder(JWEAlgorithm.DIR, EncryptionMethod.A128GCM); JWEObject jweObj = new JWEObject(headerBuilder.build(), new Payload(userMainSecretPlain)); try { jweObj.encrypt(new DirectEncrypter(secretEncryptionPasswordPBKDF2)); } catch (JOSEException e) { throw new IllegalStateException(e); } String customSecretAttr = jweObj.serialize(); userModel.setAttribute(secretAttrName, Arrays.asList(customSecretAttr)); return userMainSecretPlain; }
public static JWEEncrypter getEncrypter(Key key, JWEAlgorithm encAlgo, EncryptionMethod encMethod) throws UnsupportedEncAlgorithmException, UnsupportedKeyLengthException { if (key instanceof RSAPublicKey) return new RSAEncrypter((RSAPublicKey) key); if (key instanceof ECPublicKey) { try { return new ECDHEncrypter((ECPublicKey) key); } catch (JOSEException e) { throw new UnsupportedEncAlgorithmException(e.getMessage(), e); } } if (key instanceof SecretKey) { if (AESEncrypter.SUPPORTED_ALGORITHMS.contains(encAlgo) && AESEncrypter.SUPPORTED_ENCRYPTION_METHODS.contains(encMethod)) { try { return new AESEncrypter((SecretKey) key); } catch (KeyLengthException e) { throw new UnsupportedKeyLengthException(e.getMessage(), e); } } if (DirectEncrypter.SUPPORTED_ALGORITHMS.contains(encAlgo) && DirectEncrypter.SUPPORTED_ENCRYPTION_METHODS.contains(encMethod)) { try { return new DirectEncrypter((SecretKey) key); } catch (KeyLengthException e) { throw new UnsupportedKeyLengthException(e.getMessage(), e); } } } throw new UnsupportedEncAlgorithmException("Unknown Algorithm"); }
public static String serialize(JWTClaimsSet claimsSet, byte[] key) { try { // Create HMAC signer JWSSigner signer = new MACSigner(key); SignedJWT signedJWT = new SignedJWT(HEADER, claimsSet); // Apply the HMAC signedJWT.sign(signer); // Create JWE object with signed JWT as payload JWEObject jweObject = new JWEObject( JWE_HEADER, new Payload(signedJWT)); // Perform encryption jweObject.encrypt(new DirectEncrypter(key)); // Serialise to JWE compact form String jweString = jweObject.serialize(); return jweString; } catch (JOSEException e) { throw new IllegalStateException(e); } }
public String serialize(IdentityReference reference) throws Exception { // Create HMAC signer JWSSigner signer = new MACSigner(secretKey.getEncoded()); // Prepare JWT with claims set JWTClaimsSet claimsSet = new JWTClaimsSet.Builder() .subject(reference.getReference()) .issuer(reference.getSource()) .build(); SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet); // Apply the HMAC protection signedJWT.sign(signer); // Create JWE object with signed JWT as payload JWEObject jweObject = new JWEObject( new JWEHeader.Builder(JWEAlgorithm.DIR, EncryptionMethod.A256GCM) .contentType("JWT") // required to signal nested JWT .build(), new Payload(signedJWT)); // Perform encryption jweObject.encrypt(new DirectEncrypter(secretKey.getEncoded())); // Serialize to compact form return new String(Base64.getEncoder().encode(jweObject.serialize().getBytes())); }
public String serialize(IdentityReference reference) throws Exception { // Create HMAC signer JWSSigner signer = new MACSigner(secretKey.getEncoded()); // Prepare JWT with claims set JWTClaimsSet claimsSet = new JWTClaimsSet.Builder() .subject(reference.getReference()) .issuer(reference.getSource()) .build(); SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet); // Apply the HMAC protection signedJWT.sign(signer); // Create JWE object with signed JWT as payload JWEObject jweObject = new JWEObject( new JWEHeader.Builder(JWEAlgorithm.DIR, EncryptionMethod.A256GCM) .contentType("JWT") // required to signal nested JWT .build(), new Payload(signedJWT)); // Perform encryption jweObject.encrypt(new DirectEncrypter(secretKey.getEncoded())); // Serialize to compact form return new String(Base64.getEncoder().encode(jweObject.serialize().getBytes())); }
return new DirectEncrypter(octJWK); } catch (KeyLengthException e) { throw new UnsupportedKeyLengthException(e.getMessage(), e);