EncryptedJWT jwt = new EncryptedJWT(new JWEHeader(alg, enc), claims.build()); uriBuilder.addParameter("request", jwt.serialize());
if (!encryptedJWT.getState().equals(State.DECRYPTED)) { throw new InvalidClientException("Unable to decrypt the request object"); request.setClientId(encryptedJWT.getJWTClaimsSet().getStringClaim(CLIENT_ID));
EncryptedJWT jwt = new EncryptedJWT(header, builder.build()); RSAEncrypter encrypter = new RSAEncrypter((RSAPublicKey) keyProvider.getDefaultPublicKey()); try { jwt.encrypt(encrypter); } catch (JOSEException e) { throw new RuntimeException("Failed to generate encrypted token", e); return jwt.serialize(); } else { RSAPrivateKeyHolder privateKey = keyProvider.getPrivateKey();
RSADecrypter decrypter = new RSADecrypter(rsaPrivateKey); try { encryptedJWT.decrypt(decrypter); } catch (JOSEException e) { throw new IdentityOAuth2Exception("Error while decrypting the encrypted JWT.", e); if (encryptedJWT.getPayload() != null) { payload = encryptedJWT.getPayload().toString(); } else { throw new IdentityOAuth2Exception("Empty payload in the encrypted JWT."); try { claimsSet = encryptedJWT.getJWTClaimsSet(); if (log.isDebugEnabled()) { log.debug("The encrypted JWT is not signed. Obtained the claim set of the encrypted JWT.");
private boolean testDecryptNimbusJoseJwt(String jwe) { try { EncryptedJWT encryptedJwt = EncryptedJWT.parse(jwe); //EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptWithGluu()); //EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptWithNimbus()); JWK jwk = JWK.parse(recipientJwkJson); RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey(); JWEDecrypter decrypter = new RSADecrypter(rsaPrivateKey); decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance()); encryptedJwt.decrypt(decrypter); final String decryptedPayload = new String(Base64Util.base64urldecode(encryptedJwt.getPayload().toString())); System.out.println("Nimbusds decrypt succeed: " + decryptedPayload); if (decryptedPayload.equals(PAYLOAD)) { return true; } } catch (Exception e) { System.out.println("Nimbusds decrypt failed: " + e.getMessage()); e.printStackTrace(); } return false; }
encryptedJWT = EncryptedJWT.parse(requestObject); RSAPrivateKey rsaPrivateKey = getRSAPrivateKey(oAuth2Parameters); RSADecrypter decrypter = new RSADecrypter(rsaPrivateKey); encryptedJWT.decrypt(decrypter); return jweObject.getPayload().toString(); } else { return new PlainJWT((JWTClaimsSet) encryptedJWT.getJWTClaimsSet()).serialize();
List<? extends Key> keyCandidates = getJWEKeySelector().selectJWEKeys(encryptedJWT.getHeader(), context); JWEDecrypter decrypter = getJWEDecrypterFactory().createJWEDecrypter(encryptedJWT.getHeader(), it.next()); encryptedJWT.decrypt(decrypter); if ("JWT".equalsIgnoreCase(encryptedJWT.getHeader().getContentType())) { SignedJWT signedJWTPayload = encryptedJWT.getPayload().toSignedJWT();
idToken = new EncryptedJWT(new JWEHeader(client.getIdTokenEncryptedResponseAlg(), client.getIdTokenEncryptedResponseEnc()), idClaims.build());
EncryptedJWT encryptedJWT = (EncryptedJWT) jwt; decryptEncryptedJWT(encryptedJWT); SignedJWT signedJWT = encryptedJWT.getPayload().toSignedJWT(); if (signedJWT != null) { boolean success = verifySignedJWT(signedJWT) && verifyToken(signedJWT); try { if (verifyToken(encryptedJWT)) { return new JwtAuthToken(encryptedJWT.getJWTClaimsSet()); } else { return null;
headerBuilder.x509CertThumbprint(new Base64URL(thumbPrint)); JWEHeader header = headerBuilder.build(); EncryptedJWT encryptedJWT = new EncryptedJWT(header, jwtClaimsSet); encryptedJWT.encrypt(encrypter);
@Override public Map<String, Object> getJsonPayload(String token, boolean encrypted) throws TokenException { if (StringUtils.isEmpty(token)) { throw new TokenException("null or empty token"); } if (encrypted) { EncryptedJWT jwt = null; try { jwt = EncryptedJWT.parse(token); RSADecrypter decrypter = new RSADecrypter(keyProvider.getPrivateKey().getKey()); jwt.decrypt(decrypter); } catch (JOSEException | ParseException e) { throw new TokenDecryptionException("Invalid token", e); } return getJSONObject(jwt, encrypted); } try { JWSObject jws = JWSObject.parse(token); JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) keyProvider.getDefaultPublicKey()); if (!jws.verify(verifier)) { throw new TokenException("ERROR: Fradulent token"); } return getJSONObject(jws, encrypted); } catch (TokenException | ParseException | JOSEException e) { throw new TokenException("Error: Fradulent token, unrecognized signature", e); } }
/** * Decrypt the Encrypted JWT * * @throws java.io.IOException e * @param encryptedJWT an encrypted JWT */ public void decryptEncryptedJWT(EncryptedJWT encryptedJWT) throws IOException { try { JWEDecrypter decrypter = getDecrypter(); encryptedJWT.decrypt(decrypter); } catch (JOSEException | KrbException e) { throw new IOException("Failed to decrypt the encrypted JWT", e); } }
final JWEHeader header = encryptedJWT.getHeader(); final JWEAlgorithm algorithm = header.getAlgorithm(); final EncryptionMethod method = header.getEncryptionMethod(); try { config.decrypt(encryptedJWT); signedJWT = encryptedJWT.getPayload().toSignedJWT(); if (signedJWT != null) { jwt = signedJWT;
@Override public JWTClaimsSet getJWTClaimsSet() throws ParseException { Payload payload = getPayload(); if (payload == null) { return null; } JSONObject json = payload.toJSONObject(); if (json == null) { throw new ParseException("Payload of JWE object is not a valid JSON object", 0); } return JWTClaimsSet.parse(json); }
private EncryptedJWT getEncryptedJWT(String idToken) { try { return EncryptedJWT.parse(idToken); } catch (ParseException e) { if (log.isDebugEnabled()) { log.debug("Error while parsing the assertion. The assertion is not encrypted."); } return null; } }
EncryptedJWT encryptedJwt = new EncryptedJWT(header, jwt.getJWTClaimsSet()); encryptedJwt.encrypt(buildEncrypter()); return encryptedJwt.serialize(); } catch (final JOSEException | ParseException e) { throw new TechnicalException(e);
/** * Parses an encrypted JSON Web Token (JWT) from the specified string in * compact format. * * @param s The string to parse. Must not be {@code null}. * * @return The encrypted JWT. * * @throws ParseException If the string couldn't be parsed to a valid * encrypted JWT. */ public static EncryptedJWT parse(final String s) throws ParseException { Base64URL[] parts = JOSEObject.split(s); if (parts.length != 5) { throw new ParseException("Unexpected number of Base64URL parts, must be five", 0); } return new EncryptedJWT(parts[0], parts[1], parts[2], parts[3], parts[4]); } }
EncryptedJWT encryptedJWT = (EncryptedJWT) jwt; decryptEncryptedJWT(encryptedJWT); SignedJWT signedJWT = encryptedJWT.getPayload().toSignedJWT(); if (signedJWT != null) { boolean success = verifySignedJWT(signedJWT) && verifyToken(signedJWT); try { if (verifyToken(encryptedJWT)) { return new JwtAuthToken(encryptedJWT.getJWTClaimsSet()); } else { return null;
/** * Decrypt the Encrypted JWT * * @throws java.io.IOException e * @param encryptedJWT an encrypted JWT */ public void decryptEncryptedJWT(EncryptedJWT encryptedJWT) throws IOException { try { JWEDecrypter decrypter = getDecrypter(); encryptedJWT.decrypt(decrypter); } catch (JOSEException | KrbException e) { throw new IOException("Failed to decrypt the encrypted JWT", e); } }
return SignedJWT.parse(s); } else if (alg instanceof JWEAlgorithm) { return EncryptedJWT.parse(s); } else { throw new AssertionError("Unexpected algorithm type: " + alg);