diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JweDecrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JweDecrypter.java index ec28cdd48..807791922 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JweDecrypter.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JweDecrypter.java @@ -2,7 +2,6 @@ package org.mitre.jwt.encryption; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; -import java.security.Key; import java.security.NoSuchAlgorithmException; import javax.crypto.BadPaddingException; @@ -13,11 +12,11 @@ import org.mitre.jwe.model.Jwe; public interface JweDecrypter { - public Jwe decrypt(String encryptedJwe, Key privateKey) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException; + public Jwe decrypt(String encryptedJwe) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException; public byte[] decryptCipherText(Jwe jwe, byte[] cek) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException; - public byte[] decryptEncryptionKey(Jwe jwe, Key privateKey) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException; + public byte[] decryptEncryptionKey(Jwe jwe) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException; } diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JweEncrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JweEncrypter.java index 0d80982e4..52c71ce03 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JweEncrypter.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JweEncrypter.java @@ -3,7 +3,6 @@ package org.mitre.jwt.encryption; import java.io.IOException; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; -import java.security.Key; import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; @@ -19,11 +18,11 @@ import com.google.gson.JsonSyntaxException; public interface JweEncrypter { - public byte[] encryptKey(Jwe jwe, byte[] cmk, Key publicKey) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException; + public byte[] encryptKey(Jwe jwe, byte[] cmk) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException; public byte[] encryptClaims(Jwe jwe, byte[] cik) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, InvalidKeySpecException; - public Jwe encryptAndSign(Jwe jwe, Key publicKey) throws NoSuchAlgorithmException, JsonIOException, JsonSyntaxException, IOException, InvalidKeyException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, InvalidKeySpecException; + public Jwe encryptAndSign(Jwe jwe) throws NoSuchAlgorithmException, JsonIOException, JsonSyntaxException, IOException, InvalidKeyException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, InvalidKeySpecException; public byte[] generateContentKey(byte[] cmk, int keyDataLen, byte[] type) throws NoSuchAlgorithmException; diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaDecrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaDecrypter.java index eebaa1731..0e8e73f26 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaDecrypter.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaDecrypter.java @@ -2,8 +2,9 @@ package org.mitre.jwt.encryption.impl; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; -import java.security.Key; import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; @@ -20,8 +21,11 @@ import org.mitre.jwt.encryption.JweAlgorithms; public class RsaDecrypter extends AbstractJweDecrypter { + private PublicKey publicKey; + private PrivateKey privateKey; + @Override - public Jwe decrypt(String encryptedJwe, Key privateKey) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException { + public Jwe decrypt(String encryptedJwe) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException { Jwe jwe = Jwe.parse(encryptedJwe); @@ -29,7 +33,7 @@ public class RsaDecrypter extends AbstractJweDecrypter { if(alg.equals("RSA1_5") || alg.equals("RSA-OAEP") || alg.equals("ECDH-ES") || alg.equals("A128KW") || alg.equals("A256KW")) { //decrypt to get cmk to be used for cek and cik - jwe.setEncryptedKey(decryptEncryptionKey(jwe, privateKey)); + jwe.setEncryptedKey(decryptEncryptionKey(jwe)); //generation of cek and cik byte[] contentEncryptionKey = null; @@ -75,11 +79,11 @@ public class RsaDecrypter extends AbstractJweDecrypter { } @Override - public byte[] decryptEncryptionKey(Jwe jwe, Key privateKey) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { + public byte[] decryptEncryptionKey(Jwe jwe) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { if(jwe.getHeader().getAlgorithm().equals("RSA1_5")){ Cipher cipher = Cipher.getInstance("RSA"); - cipher.init(Cipher.DECRYPT_MODE, privateKey); + cipher.init(Cipher.DECRYPT_MODE, getPrivateKey()); byte[] contentMasterKey = cipher.doFinal(jwe.getEncryptedKey()); return contentMasterKey; @@ -89,4 +93,20 @@ public class RsaDecrypter extends AbstractJweDecrypter { } + public PublicKey getPublicKey() { + return publicKey; + } + + public void setPublicKey(PublicKey publicKey) { + this.publicKey = publicKey; + } + + public PrivateKey getPrivateKey() { + return privateKey; + } + + public void setPrivateKey(PrivateKey privateKey) { + this.privateKey = privateKey; + } + } diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaEncrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaEncrypter.java index 6cf8a4db7..baa1d5b4e 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaEncrypter.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaEncrypter.java @@ -2,8 +2,9 @@ package org.mitre.jwt.encryption.impl; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; -import java.security.Key; import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; import java.security.spec.InvalidKeySpecException; import java.util.Random; @@ -21,8 +22,11 @@ import org.mitre.jwt.encryption.JweAlgorithms; import org.mitre.jwt.signer.impl.HmacSigner; public class RsaEncrypter extends AbstractJweEncrypter { + + private PublicKey publicKey; + private PrivateKey privateKey; - public Jwe encryptAndSign(Jwe jwe, Key publicKey) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, InvalidKeySpecException { + public Jwe encryptAndSign(Jwe jwe) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, InvalidKeySpecException { String alg = jwe.getHeader().getAlgorithm(); String integrityAlg = jwe.getHeader().getIntegrity(); @@ -48,7 +52,7 @@ public class RsaEncrypter extends AbstractJweEncrypter { //encrypt claims and cmk to get ciphertext and encrypted key jwe.setCiphertext(encryptClaims(jwe, contentEncryptionKey)); - jwe.setEncryptedKey(encryptKey(jwe, contentMasterKey, publicKey)); + jwe.setEncryptedKey(encryptKey(jwe, contentMasterKey)); //Signer must be hmac if(integrityAlg.equals("HS256") || integrityAlg.equals("HS384") || integrityAlg.equals("HS512")){ @@ -67,12 +71,12 @@ public class RsaEncrypter extends AbstractJweEncrypter { return jwe; } - public byte[] encryptKey(Jwe jwe, byte[] contentMasterKey, Key publicKey) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { + public byte[] encryptKey(Jwe jwe, byte[] contentMasterKey) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { if(jwe.getHeader().getAlgorithm().equals("RSA1_5")){ Cipher cipher = Cipher.getInstance("RSA"); - cipher.init(Cipher.ENCRYPT_MODE, publicKey); + cipher.init(Cipher.ENCRYPT_MODE, getPublicKey()); byte[] encryptedKey = cipher.doFinal(contentMasterKey); return encryptedKey; @@ -109,4 +113,20 @@ public class RsaEncrypter extends AbstractJweEncrypter { } } + + public PublicKey getPublicKey() { + return publicKey; + } + + public void setPublicKey(PublicKey publicKey) { + this.publicKey = publicKey; + } + + public PrivateKey getPrivateKey() { + return privateKey; + } + + public void setPrivateKey(PrivateKey privateKey) { + this.privateKey = privateKey; + } } diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/model/ClaimSet.java b/openid-connect-common/src/main/java/org/mitre/jwt/model/ClaimSet.java index 513d78594..9db157700 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/model/ClaimSet.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/model/ClaimSet.java @@ -37,6 +37,8 @@ import com.google.gson.JsonPrimitive; * */ public class ClaimSet { + + private String jsonString; // the LinkedHashMap preserves insertion order private Map claims = new LinkedHashMap(); @@ -94,6 +96,7 @@ public class ClaimSet { * Set an extension claim */ public void setClaim(String key, Object value) { + jsonString = null; claims.put(key, value); } @@ -101,6 +104,7 @@ public class ClaimSet { * Set a primitive claim */ public void setClaim(String key, JsonPrimitive prim) { + jsonString = null; if (prim == null) { // in case we get here with a primitive null claims.put(key, prim); @@ -111,6 +115,7 @@ public class ClaimSet { } else if (prim.isString()) { claims.put(key, prim.getAsString()); } + } /** @@ -203,4 +208,11 @@ public class ClaimSet { loadFromJsonObject(json); } + public String toString() { + if(jsonString == null) { + jsonString = this.getAsJsonObject().toString(); + } + return jsonString; + } + } diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/model/Jwt.java b/openid-connect-common/src/main/java/org/mitre/jwt/model/Jwt.java index ca0474b88..e40e54823 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/model/Jwt.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/model/Jwt.java @@ -22,7 +22,6 @@ import org.apache.commons.codec.binary.Base64; import com.google.common.base.Splitter; import com.google.common.base.Strings; import com.google.common.collect.Lists; -import com.google.gson.JsonObject; public class Jwt { @@ -124,11 +123,9 @@ public class Jwt { * The signature base of a JWT is the header in Base64, a period ".", and the claims in Base64. */ public String getSignatureBase() { - JsonObject h = header.getAsJsonObject(); - JsonObject c = claims.getAsJsonObject(); - - String h64 = new String(Base64.encodeBase64URLSafe(h.toString().getBytes())); - String c64 = new String(Base64.encodeBase64URLSafe(c.toString().getBytes())); + + String h64 = new String(Base64.encodeBase64URLSafe(header.toString().getBytes())); + String c64 = new String(Base64.encodeBase64URLSafe(claims.toString().getBytes())); return h64 + "." + c64; } diff --git a/openid-connect-common/src/test/java/org/mitre/jwe/encryption/impl/RsaEncrypterDecrypterTest.java b/openid-connect-common/src/test/java/org/mitre/jwe/encryption/impl/RsaEncrypterDecrypterTest.java index 8045516b5..f94b6e455 100644 --- a/openid-connect-common/src/test/java/org/mitre/jwe/encryption/impl/RsaEncrypterDecrypterTest.java +++ b/openid-connect-common/src/test/java/org/mitre/jwe/encryption/impl/RsaEncrypterDecrypterTest.java @@ -73,12 +73,16 @@ public class RsaEncrypterDecrypterTest { Jwe jwe = new Jwe(new JweHeader(jweHeaderObject), null, jwePlaintextString.getBytes(), null); //encrypt RsaEncrypter rsaEncrypter = new RsaEncrypter(); - jwe = rsaEncrypter.encryptAndSign(jwe, publicKey); + rsaEncrypter.setPublicKey(publicKey); + rsaEncrypter.setPrivateKey(privateKey); + jwe = rsaEncrypter.encryptAndSign(jwe); //decrypt RsaDecrypter rsaDecrypter = new RsaDecrypter(); + rsaDecrypter.setPublicKey(publicKey); + rsaDecrypter.setPrivateKey(privateKey); String encryptedJweString = jwe.toString(); - jwe = rsaDecrypter.decrypt(encryptedJweString, privateKey); + jwe = rsaDecrypter.decrypt(encryptedJweString); String jweDecryptedCleartext = new String(jwe.getCiphertext()); //test ALL THE THINGS