updated encryption to sign using int value rather than alg

pull/105/head
Mike Derryberry 2012-07-06 09:12:43 -04:00
parent cd222ad66e
commit 025f7f3d66
5 changed files with 128 additions and 17 deletions

View File

@ -70,6 +70,46 @@ public class JweHeader extends JwtHeader{
super.loadFromJsonObject(pass);
}
public String getIntegrity() {
return INTEGRITY;
}
public String getInitializationVector() {
return INITIALIZATION_VECTOR;
}
public String getEphemeralPublicKey() {
return EPHEMERAL_PUBLIC_KEY;
}
public String getCompressionAlgorithm() {
return COMPRESSION_ALGORITHM;
}
public String getJsonSetUrl() {
return JSON_SET_URL;
}
public String getJsonWebKey() {
return JSON_WEB_KEY;
}
public String getX509Url() {
return X509_URL;
}
public String getX509CertificateThumbprint() {
return X509_CERTIFICATE_THUMBPRINT;
}
public String getX509CertificateChain() {
return X509_CERTIFICATE_CHAIN;
}
public String getKeyId() {
return KEY_ID;
}
public void setIv(String iv) {
setClaim(INITIALIZATION_VECTOR, iv);
}

View File

@ -5,11 +5,11 @@ import org.mitre.jwe.model.Jwe;
import org.mitre.jwt.encryption.AbstractJweDecrypter;
import org.mitre.jwt.model.JwtHeader;
public class RsaDecrypter extends AbstractJweDecrypter {
public class Decrypter extends AbstractJweDecrypter {
private Jwe jwe;
public RsaDecrypter(Jwe jwe) {
public Decrypter(Jwe jwe) {
setJwe(jwe);
}
@ -29,10 +29,20 @@ public class RsaDecrypter extends AbstractJweDecrypter {
String alg = jwe.getHeader().getAlgorithm();
if(alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")) {
//Base 64 decode each part of the jwe
String decodedHeader = new String(Base64.decodeBase64(jwe.getHeader().toString()));
JwtHeader unencryptedHeader = new JwtHeader(decodedHeader);
String decodedEncryptionKey = new String(Base64.decodeBase64(jwe.getEncryptedKey().toString()));
jwe.setEncryptedKey(decodedEncryptionKey.getBytes());
String decodedCiphertext = new String(Base64.decodeBase64(jwe.getCiphertext().toString()));
jwe.setCiphertext(decodedCiphertext.getBytes());
String decodedSig = new String(Base64.decodeBase64(jwe.getSignature()));
//create new jwe using the decoded header and signature, and decrypt the ciphertext and key
jwe.setHeader(unencryptedHeader);
jwe.setCiphertext(decryptCipherText(jwe).getBytes());
jwe.setEncryptedKey(decryptEncryptionKey(jwe));

View File

@ -6,9 +6,9 @@ import org.mitre.jwe.model.Jwe;
import org.mitre.jwe.model.JweHeader;
import org.mitre.jwt.encryption.AbstractJweEncrypter;
import org.mitre.jwt.model.JwtClaims;
import org.mitre.jwt.signer.impl.RsaSigner;
import org.mitre.jwt.signer.impl.HmacSigner;
public class RsaEncrypter extends AbstractJweEncrypter {
public class Encrypter extends AbstractJweEncrypter {
private Jwe jwe;
@ -18,7 +18,7 @@ public class RsaEncrypter extends AbstractJweEncrypter {
private String signature;
public RsaEncrypter(Jwe jwe) {
public Encrypter(Jwe jwe) {
setJwe(jwe);
setHeader(jwe.getHeader());
setClaims(jwe.getClaims());
@ -62,18 +62,28 @@ public class RsaEncrypter extends AbstractJweEncrypter {
public Jwe encryptAndSign(Jwe jwe) {
String alg = jwe.getHeader().getAlgorithm();
String iv = jwe.getHeader().getIntegrity();
if(alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")) {
jwe.setCiphertext(encryptClaims(jwe));
jwe.setEncryptedKey(encryptKey(jwe));
RsaSigner rsaSigner = new RsaSigner(); //TODO: Add parameters to RsaSigner. ie: keys from keystore (null at the moment)
try {
jwe = (Jwe) rsaSigner.sign(jwe);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
if(iv.equals("HS256") || iv.equals("HS384") || iv.equals("HS512")){
HmacSigner hmacSigner = new HmacSigner(); //TODO: Add parameters to RsaSigner. ie: keys from keystore (null at the moment)
try {
jwe = (Jwe) hmacSigner.sign(jwe);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
} else if(iv.equals("RS256") || iv.equals("RS384") || iv.equals("RS512")) {
throw new IllegalArgumentException("Integrity Value must use Hmac signing");
} else {
throw new IllegalArgumentException("Not a valid integrity value algorithm");
}
} else if(alg.equals("HS256") || alg.equals("HS384") || alg.equals("HS512")){
throw new IllegalArgumentException("Cannot use Hmac for encryption");

View File

@ -19,6 +19,7 @@ import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
@ -31,6 +32,11 @@ import org.mitre.jwt.signer.JwsAlgorithm;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
import com.google.common.base.Splitter;
import com.google.common.collect.Lists;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
/**
* JWT Signer using either the HMAC SHA-256, SHA-384, SHA-512 hash algorithm
*
@ -140,7 +146,16 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean {
*/
@Override
public String generateSignature(String signatureBase) throws NoSuchAlgorithmException {
afterPropertiesSet();
List<String> parts = Lists.newArrayList(Splitter.on(".").split(signatureBase));
if (parts.size() == 2) {
initializeMac();
}
else if (parts.size() == 3) {
initializeMacJwe(signatureBase);
}
if (passphrase == null) {
throw new IllegalArgumentException("Passphrase cannot be null");
}
@ -177,6 +192,30 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean {
public void setPassphrase(String passphrase) {
this.passphrase = passphrase;
}
public void initializeMac() {
try {
mac = Mac.getInstance(JwsAlgorithm.getByName(super.getAlgorithm()).getStandardName());
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
public void initializeMacJwe(String signatureBase) {
List<String> parts = Lists.newArrayList(Splitter.on(".").split(signatureBase));
String header = parts.get(0);
JsonParser parser = new JsonParser();
JsonObject object = (JsonObject) parser.parse(header);
try {
mac = Mac.getInstance(JwsAlgorithm.getByName(object.get("int").getAsString())
.getStandardName());
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
/*

View File

@ -36,6 +36,8 @@ import org.springframework.util.Assert;
import com.google.common.base.Splitter;
import com.google.common.collect.Lists;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
/**
* JWT Signer using either the RSA SHA-256, SHA-384, SHA-512 hash algorithm
@ -174,13 +176,13 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean {
public String generateSignature(String signatureBase) throws NoSuchAlgorithmException {
String sig = null;
try {
List<String> parts = Lists.newArrayList(Splitter.on(".").split(signatureBase));
if(parts.size() == 2) {
initializeSigner();
} catch (GeneralSecurityException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} else if (parts.size() == 3) {
initializeSignerJwe(signatureBase);
}
try {
signer.initSign(privateKey);
signer.update(signatureBase.getBytes("UTF-8"));
@ -236,6 +238,16 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean {
public void initializeSigner() throws NoSuchAlgorithmException{
signer = Signature.getInstance(JwsAlgorithm.getByName(super.getAlgorithm()).getStandardName());
}
public void initializeSignerJwe(String signatureBase) throws NoSuchAlgorithmException {
List<String> parts = Lists.newArrayList(Splitter.on(".").split(signatureBase));
String header = parts.get(0);
JsonParser parser = new JsonParser();
JsonObject object = (JsonObject) parser.parse(header);
signer = Signature.getInstance(JwsAlgorithm.getByName(object.get("int").getAsString()).getStandardName());
}
/*
* (non-Javadoc)