@Override public AuthDataPair decrypt(String encrypted, PrivateKey privateKey) { try { RSADecrypter decrypter = new RSADecrypter(privateKey); JWEObject object = JWEObject.parse(encrypted); object.decrypt(decrypter); return objectMapper.readValue(object.getPayload().toString(), AuthDataPair.class); } catch (IOException | ParseException | JOSEException e) { throw new SecurityException("Error decrypting auth tokens", e); } } }
RSADecrypter decrypter = new RSADecrypter((RSAKey) jwk); decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance()); decrypters.put(id, decrypter); } else {
final SecretKey randomCEK = ContentCryptoProvider.generateCEK(header.getEncryptionMethod(), getJCAContext().getSecureRandom()); cek = RSA1_5.decryptCEK(privateKey, encryptedKey.decode(), keyLength, getJCAContext().getKeyEncryptionProvider()); cek = RSA_OAEP.decryptCEK(privateKey, encryptedKey.decode(), getJCAContext().getKeyEncryptionProvider()); cek = RSA_OAEP_256.decryptCEK(privateKey, encryptedKey.decode(), getJCAContext().getKeyEncryptionProvider()); return ContentCryptoProvider.decrypt(header, encryptedKey, iv, cipherText, authTag, cek, getJCAContext());
@Override protected JWEDecrypter buildDecrypter() { CommonHelper.assertNotNull("privateKey", privateKey); return new RSADecrypter(this.privateKey); }
private JWEDecrypter getDecrypter() throws JOSEException, KrbException { if (decryptionKey instanceof RSAPrivateKey) { return new RSADecrypter((RSAPrivateKey) decryptionKey); } else if (decryptionKey instanceof byte[]) { return new DirectDecrypter((byte[]) decryptionKey); } throw new KrbException("An unknown decryption key was specified"); }
private JWEDecrypter getDecrypter() throws JOSEException, KrbException { if (decryptionKey instanceof RSAPrivateKey) { return new RSADecrypter((RSAPrivateKey) decryptionKey); } else if (decryptionKey instanceof byte[]) { return new DirectDecrypter((byte[]) decryptionKey); } throw new KrbException("An unknown decryption key was specified"); }
private static Payload getDecryptedPayload(String encryptedJwePayload, PrivateKey privateKey) { if (!StringUtils.isNotBlank(encryptedJwePayload)) { log.error("Response body should not be null."); throw new SDKConversionException("Response body should not be null."); } if (null == privateKey) { log.error("Private key should not be null."); throw new SDKConversionException("Private key should not be null."); } try { JWEDecrypter jweDecrypter = new RSADecrypter(privateKey); JWEObject jweObject = JWEObject.parse(encryptedJwePayload); jweObject.decrypt(jweDecrypter); return jweObject.getPayload(); } catch (ParseException | JOSEException parseException) { log.error("Exception occurred during decryption: {}", parseException); throw new SDKConversionException("Exception occurred during decryption."); } } }
if (encryptedJWT != null) { RSAPrivateKey rsaPrivateKey = getPrivateKey(tenantDomain); RSADecrypter decrypter = new RSADecrypter(rsaPrivateKey); try { encryptedJWT.decrypt(decrypter);
private boolean testDecryptNimbusJoseJwt(String jwe) { try { EncryptedJWT encryptedJwt = EncryptedJWT.parse(jwe); //EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptWithGluu()); //EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptWithNimbus()); JWK jwk = JWK.parse(recipientJwkJson); RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey(); JWEDecrypter decrypter = new RSADecrypter(rsaPrivateKey); decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance()); encryptedJwt.decrypt(decrypter); final String decryptedPayload = new String(Base64Util.base64urldecode(encryptedJwt.getPayload().toString())); System.out.println("Nimbusds decrypt succeed: " + decryptedPayload); if (decryptedPayload.equals(PAYLOAD)) { return true; } } catch (Exception e) { System.out.println("Nimbusds decrypt failed: " + e.getMessage()); e.printStackTrace(); } return false; }
encryptedJWT = EncryptedJWT.parse(requestObject); RSAPrivateKey rsaPrivateKey = getRSAPrivateKey(oAuth2Parameters); RSADecrypter decrypter = new RSADecrypter(rsaPrivateKey); encryptedJWT.decrypt(decrypter);
decrypter = new RSADecrypter(rsaPrivateKey);
@Override public Map<String, Object> getJsonPayload(String token, boolean encrypted) throws TokenException { if (StringUtils.isEmpty(token)) { throw new TokenException("null or empty token"); } if (encrypted) { EncryptedJWT jwt = null; try { jwt = EncryptedJWT.parse(token); RSADecrypter decrypter = new RSADecrypter(keyProvider.getPrivateKey().getKey()); jwt.decrypt(decrypter); } catch (JOSEException | ParseException e) { throw new TokenDecryptionException("Invalid token", e); } return getJSONObject(jwt, encrypted); } try { JWSObject jws = JWSObject.parse(token); JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) keyProvider.getDefaultPublicKey()); if (!jws.verify(verifier)) { throw new TokenException("ERROR: Fradulent token"); } return getJSONObject(jws, encrypted); } catch (TokenException | ParseException | JOSEException e) { throw new TokenException("Error: Fradulent token, unrecognized signature", e); } }