diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/JwtEncryptionAndDecryptionService.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/JwtEncryptionAndDecryptionService.java index c96e25dcb..4807bf4d8 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/JwtEncryptionAndDecryptionService.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/JwtEncryptionAndDecryptionService.java @@ -20,8 +20,8 @@ import java.util.Collection; import java.util.Map; import com.nimbusds.jose.JWEAlgorithm; +import com.nimbusds.jose.JWEObject; import com.nimbusds.jose.jwk.JWK; -import com.nimbusds.jwt.EncryptedJWT; /** * @author wkim @@ -33,13 +33,13 @@ public interface JwtEncryptionAndDecryptionService { * Encrypts the JWT in place with the default encrypter. * @param jwt */ - public void encryptJwt(EncryptedJWT jwt); + public void encryptJwt(JWEObject jwt); /** * Decrypts the JWT in place with the default decrypter. * @param jwt */ - public void decryptJwt(EncryptedJWT jwt); + public void decryptJwt(JWEObject jwt); /** * Get all public keys for this service, mapped by their Key ID diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJwtEncryptionAndDecryptionService.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJwtEncryptionAndDecryptionService.java index cff760a23..cd2015e47 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJwtEncryptionAndDecryptionService.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJwtEncryptionAndDecryptionService.java @@ -36,6 +36,7 @@ import com.nimbusds.jose.JOSEException; import com.nimbusds.jose.JWEAlgorithm; import com.nimbusds.jose.JWEDecrypter; import com.nimbusds.jose.JWEEncrypter; +import com.nimbusds.jose.JWEObject; import com.nimbusds.jose.crypto.DirectDecrypter; import com.nimbusds.jose.crypto.DirectEncrypter; import com.nimbusds.jose.crypto.RSADecrypter; @@ -43,7 +44,6 @@ import com.nimbusds.jose.crypto.RSAEncrypter; import com.nimbusds.jose.jwk.JWK; import com.nimbusds.jose.jwk.OctetSequenceKey; import com.nimbusds.jose.jwk.RSAKey; -import com.nimbusds.jwt.EncryptedJWT; /** * @author wkim @@ -142,7 +142,7 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn * @see org.mitre.jwt.encryption.service.JwtEncryptionAndDecryptionService#encryptJwt(com.nimbusds.jwt.EncryptedJWT) */ @Override - public void encryptJwt(EncryptedJWT jwt) { + public void encryptJwt(JWEObject jwt) { if (getDefaultEncryptionKeyId() == null) { throw new IllegalStateException("Tried to call default encryption with no default encrypter ID set"); } @@ -162,7 +162,7 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn * @see org.mitre.jwt.encryption.service.JwtEncryptionAndDecryptionService#decryptJwt(com.nimbusds.jwt.EncryptedJWT) */ @Override - public void decryptJwt(EncryptedJWT jwt) { + public void decryptJwt(JWEObject jwt) { if (getDefaultDecryptionKeyId() == null) { throw new IllegalStateException("Tried to call default decryption with no default decrypter ID set"); } diff --git a/openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJwtEncryptionAndDecryptionService.java b/openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJwtEncryptionAndDecryptionService.java index 509c299a0..a42898e21 100644 --- a/openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJwtEncryptionAndDecryptionService.java +++ b/openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJwtEncryptionAndDecryptionService.java @@ -16,8 +16,9 @@ ******************************************************************************/ package org.mitre.jwt.encryption.service.impl; +import static org.hamcrest.CoreMatchers.nullValue; import static org.junit.Assert.assertEquals; -import static org.junit.Assert.fail; +import static org.junit.Assert.assertThat; import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; @@ -32,8 +33,8 @@ import com.nimbusds.jose.EncryptionMethod; import com.nimbusds.jose.JOSEException; import com.nimbusds.jose.JWEAlgorithm; import com.nimbusds.jose.JWEHeader; +import com.nimbusds.jose.JWEObject; import com.nimbusds.jose.jwk.JWK; -import com.nimbusds.jose.jwk.OctetSequenceKey; import com.nimbusds.jose.jwk.RSAKey; import com.nimbusds.jose.jwk.Use; import com.nimbusds.jose.util.Base64URL; @@ -47,12 +48,25 @@ import com.nimbusds.jwt.ReadOnlyJWTClaimsSet; */ public class TestDefaultJwtEncryptionAndDecryptionService { + private String plainText = "The true sign of intelligence is not knowledge but imagination."; + private String issuer = "www.example.net"; private String subject = "example_user"; - private JWTClaimsSet claimsSet = new JWTClaimsSet(); - // Example keys taken from Mike Jones's draft-ietf-jose-json-web-encryption-14 appendix examples + // Example data taken from Mike Jones's draft-ietf-jose-json-web-encryption-14 appendix examples + private String compactSerializedJwe = "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ." + + "OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe" + + "ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb" + + "Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV" + + "mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8" + + "1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi" + + "6UklfCpIMfIjf7iGdXKHzg." + + "48V1_ALb6US04U3b." + + "5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6ji" + + "SdiwkIr3ajwQzaBtQD_A." + + "XFBoMYUZodetZdvTiFvSkQ"; + private String RSAkid = "rsa321"; private JWK RSAjwk = new RSAKey(new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" + "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" + @@ -90,6 +104,21 @@ public class TestDefaultJwtEncryptionAndDecryptionService { claimsSet.setSubject(subject); } + @Test + public void decrypt_RSA() throws ParseException { + + service.setDefaultDecryptionKeyId(RSAkid); + service.setDefaultEncryptionKeyId(RSAkid); + + JWEObject jwt = JWEObject.parse(compactSerializedJwe); + + assertThat(jwt.getPayload(), nullValue()); + + service.decryptJwt(jwt); + + assertEquals(plainText, jwt.getPayload().toString()); + } + @Test public void encryptThenDecrypt_RSA() throws ParseException { @@ -101,10 +130,13 @@ public class TestDefaultJwtEncryptionAndDecryptionService { EncryptedJWT jwt = new EncryptedJWT(header, claimsSet); service.encryptJwt(jwt); - // TODO test intermediate crypto parts? - service.decryptJwt(jwt); + String serialized = jwt.serialize(); - ReadOnlyJWTClaimsSet resultClaims = jwt.getJWTClaimsSet(); + EncryptedJWT encryptedJwt = EncryptedJWT.parse(serialized); + assertThat(encryptedJwt.getJWTClaimsSet(), nullValue()); + service.decryptJwt(encryptedJwt); + + ReadOnlyJWTClaimsSet resultClaims = encryptedJwt.getJWTClaimsSet(); assertEquals(claimsSet.getIssuer(), resultClaims.getIssuer()); assertEquals(claimsSet.getSubject(), resultClaims.getSubject());