github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

encryption completed, decryption WIP

Browse Source
pull/105/head
Mike Derryberry 13 years ago
parent cee44de3d1
commit 99a574d303
7 changed files with 181 additions and 156 deletions
Show Stats Download Patch File Download Diff File

3
openid-connect-common/pom.xml
Unescape View File

@ -20,6 +20,9 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xs
<version>1.0.0.BUILD-SNAPSHOT</version>
<artifactId>spring-security-oauth2</artifactId>
</dependency>
<dependency>
<artifactId></artifactId>
</dependency>
</dependencies>
<properties>
<java-version>1.6</java-version>

6
openid-connect-common/src/main/java/org/mitre/jwe/model/Jwe.java
Unescape View File

@ -66,6 +66,11 @@ public class Jwe extends Jwt {
this.signature = signature;
}
/**
* Return the canonical encoded string of this JWE, the header in Base64, a period ".", the encrypted key in Base64, a period ".",
* the ciphertext in Base64, a period ".", and the signature, or integrity value, in Base64.
*/
@Override
public String toString() {
return getSignatureBase() + "." + Strings.nullToEmpty(this.signature);
@ -105,6 +110,7 @@ public class Jwe extends Jwt {
String i64 = parts.get(3);
Jwe jwe = new Jwe(new JweHeader(h64), e64.getBytes(), c64.getBytes(), i64);
//Jwe jwe = new Jwe(new JweHeader(h64), e64.getBytes(), new ClaimSet(c64), i64);
return jwe;

110
openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweDecrypter.java
Unescape View File

@ -1,29 +1,111 @@
package org.mitre.jwt.encryption;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.mitre.jwe.model.Jwe;
import org.mitre.jwt.encryption.impl.RsaDecrypter;
public abstract class AbstractJweDecrypter implements JwtDecrypter {
private Jwe jwe;
private PrivateKey privateKey;
private PublicKey publicKey;
public Jwe getJwe() {
return jwe;
}
public void setJwe(Jwe jwe) {
this.jwe = jwe;
}
public PrivateKey getPrivateKey() {
return privateKey;
}
public void setPrivateKey(PrivateKey privateKey) {
this.privateKey = privateKey;
}
public PublicKey getPublicKey() {
return publicKey;
}
public void setPublicKey(PublicKey publicKey) {
this.publicKey = publicKey;
}
@Override
public Jwe decrypt(Jwe jwe) {
String alg = jwe.getHeader().getAlgorithm();
if(alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")) {
public String decryptCipherText(Jwe jwe) {
Cipher cipher;
String clearTextString = null;
try {
RsaDecrypter decrypter = new RsaDecrypter(jwe);
jwe.setCiphertext(decrypter.decryptCipherText(jwe).getBytes()); //TODO: When decrypting, should it return a jwe or jwt?
jwe.setEncryptedKey(decrypter.decryptEncryptionKey(jwe));
cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] clearText = cipher.doFinal(jwe.getCiphertext());
clearTextString = new String(clearText);
} else if(alg.equals("HS256") || alg.equals("HS384") || alg.equals("HS512")){
throw new IllegalArgumentException("Cannot use Hmac for decryption");
} else {
throw new IllegalArgumentException("Not a valid decrypting algorithm");
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (BadPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return jwe;
return clearTextString;
}
@Override
public byte[] decryptEncryptionKey(Jwe jwe) {
Cipher cipher;
byte[] unencryptedKey = null;
try {
cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);//TODO: Keys are null, get them from keystore. Placeholder
unencryptedKey = cipher.doFinal(jwe.getEncryptedKey());
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (BadPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return unencryptedKey;
}
}

57
openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweEncrypter.java
Unescape View File

@ -11,31 +11,19 @@ import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.mitre.jwe.model.Jwe;
import org.mitre.jwe.model.JweHeader;
import org.mitre.jwt.model.JwtClaims;
public abstract class AbstractJweEncrypter implements JwtEncrypter {
private Jwe jwe;
private JweHeader header;
private JwtClaims claims;
private String signature;
private byte[] encryptedKey;
private byte[] cipherText;
public Jwe getJwe() {
return jwe;
}
private RSAPublicKey publicKey;
private RSAPrivateKey privateKey;
public void setJwe(Jwe jwe) {
this.jwe = jwe;
}
public byte[] getEncryptecKey() {
return encryptedKey;
@ -44,31 +32,7 @@ public abstract class AbstractJweEncrypter implements JwtEncrypter {
public void setEncryptedKey(byte[] encryptedKey) {
this.encryptedKey = encryptedKey;
}
public JweHeader getHeader() {
return header;
}
public void setHeader(JweHeader header) {
this.header = header;
}
public JwtClaims getClaims() {
return claims;
}
public void setClaims(JwtClaims claims) {
this.claims = claims;
}
public String getSignature() {
return signature;
}
public void setSignature(String signature) {
this.signature = signature;
}
public byte[] getCipherText() {
return cipherText;
}
@ -79,10 +43,9 @@ public abstract class AbstractJweEncrypter implements JwtEncrypter {
public byte[] encryptKey(Jwe jwe){
RSAPublicKey publicKey = null; // TODO: placeholder
RSAPrivateKey privateKey = null;
//TODO:Get keys from keystore, currently null
Cipher cipher;
try {
cipher = Cipher.getInstance("RSA");
@ -112,13 +75,13 @@ public abstract class AbstractJweEncrypter implements JwtEncrypter {
public byte[] encryptClaims(Jwe jwe) {
RSAPublicKey publicKey = null; // TODO: placeholder
//TODO:Get keys from keystore, currently null
Cipher cipher;
try {
cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
cipherText = cipher.doFinal(claims.toString().getBytes());
cipherText = cipher.doFinal(jwe.getClaims().toString().getBytes());
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
@ -140,6 +103,8 @@ public abstract class AbstractJweEncrypter implements JwtEncrypter {
return cipherText;
}
public abstract Jwe encryptAndSign(Jwe jwe);
}

2
openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtDecrypter.java
Unescape View File

@ -4,7 +4,7 @@ import org.mitre.jwe.model.Jwe;
public interface JwtDecrypter {
public Jwe decrypt(Jwe jwe);
public Jwe decrypt(String encryptedJwe);
public String decryptCipherText(Jwe jwe);

116
openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaDecrypter.java
Unescape View File

@ -1,115 +1,41 @@
package org.mitre.jwt.encryption.impl;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.apache.commons.codec.binary.Base64;
import org.mitre.jwe.model.Jwe;
import org.mitre.jwt.encryption.AbstractJweDecrypter;
import org.mitre.jwt.model.JwtHeader;
public class RsaDecrypter extends AbstractJweDecrypter {
private Jwe jwe;
private PrivateKey privateKey;
private PublicKey publicKey;
public RsaDecrypter(Jwe jwe) {
setJwe(jwe);
}
public Jwe getJwe() {
return jwe;
}
public void setJwe(Jwe jwe) {
this.jwe = jwe;
}
public PrivateKey getPrivateKey() {
return privateKey;
}
public void setPrivateKey(PrivateKey privateKey) {
this.privateKey = privateKey;
}
public PublicKey getPublicKey() {
return publicKey;
}
public void setPublicKey(PublicKey publicKey) {
this.publicKey = publicKey;
}
@Override
public String decryptCipherText(Jwe jwe) {
Cipher cipher;
String clearTextString = null;
try {
cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] clearText = cipher.doFinal(jwe.getCiphertext());
clearTextString = new String(clearText);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (BadPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
public Jwe decrypt(String encryptedJwe) {
return clearTextString;
Jwe jwe = Jwe.parse(encryptedJwe);
}
@Override
public byte[] decryptEncryptionKey(Jwe jwe) {
Cipher cipher;
byte[] unencryptedKey = null;
try {
String alg = jwe.getHeader().getAlgorithm();
if(alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")) {
String decodedHeader = new String(Base64.decodeBase64(jwe.getHeader().toString()));
JwtHeader unencryptedHeader = new JwtHeader(decodedHeader);
String decodedSig = new String(Base64.decodeBase64(jwe.getSignature()));
jwe.setHeader(unencryptedHeader);
jwe.setCiphertext(decryptCipherText(jwe).getBytes());
jwe.setEncryptedKey(decryptEncryptionKey(jwe));
jwe.setSignature(decodedSig);
cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
unencryptedKey = cipher.doFinal(jwe.getEncryptedKey());
} else if(alg.equals("HS256") || alg.equals("HS384") || alg.equals("HS512")){
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (BadPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
throw new IllegalArgumentException("Cannot use Hmac for decryption");
} else {
throw new IllegalArgumentException("Not a valid decrypting algorithm");
}
return unencryptedKey;
return jwe;
}
}

43
openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaEncrypter.java
Unescape View File

@ -3,17 +3,60 @@ package org.mitre.jwt.encryption.impl;
import java.security.NoSuchAlgorithmException;
import org.mitre.jwe.model.Jwe;
import org.mitre.jwe.model.JweHeader;
import org.mitre.jwt.encryption.AbstractJweEncrypter;
import org.mitre.jwt.model.JwtClaims;
import org.mitre.jwt.signer.impl.RsaSigner;
public class RsaEncrypter extends AbstractJweEncrypter {
private Jwe jwe;
private JweHeader header;
private JwtClaims claims;
private String signature;
public RsaEncrypter(Jwe jwe) {
setJwe(jwe);
setHeader(jwe.getHeader());
setClaims(jwe.getClaims());
setSignature(jwe.getSignature());
}
public Jwe getJwe() {
return jwe;
}
public void setJwe(Jwe jwe) {
this.jwe = jwe;
}
public JweHeader getHeader() {
return header;
}
public void setHeader(JweHeader header) {
this.header = header;
}
public JwtClaims getClaims() {
return claims;
}
public void setClaims(JwtClaims claims) {
this.claims = claims;
}
public String getSignature() {
return signature;
}
public void setSignature(String signature) {
this.signature = signature;
}
@Override
public Jwe encryptAndSign(Jwe jwe) {

Write Preview
Loading…
Cancel
Save