From cee44de3d17283519350227adfad4ea140158b19 Mon Sep 17 00:00:00 2001 From: Mike Derryberry Date: Thu, 28 Jun 2012 11:21:03 -0400 Subject: [PATCH] updated encryption class to include AbstractJwtEncrypter --- .../jwt/encryption/AbstractJweDecrypter.java | 29 +++ .../jwt/encryption/AbstractJweEncrypter.java | 164 +++++++++++++---- .../jwt/encryption/IntegrityProtection.java | 5 - .../mitre/jwt/encryption/JwtDecrypter.java | 13 +- .../mitre/jwt/encryption/JwtEncrypter.java | 2 +- .../jwt/encryption/impl/RsaDecrypter.java | 20 +-- .../jwt/encryption/impl/RsaEncrypter.java | 166 +++--------------- .../jwt/encryption/impl/RsaJwtDecrypter.java | 56 ------ 8 files changed, 204 insertions(+), 251 deletions(-) create mode 100644 openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweDecrypter.java delete mode 100644 openid-connect-common/src/main/java/org/mitre/jwt/encryption/IntegrityProtection.java delete mode 100644 openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtDecrypter.java diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweDecrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweDecrypter.java new file mode 100644 index 000000000..c79a198ff --- /dev/null +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweDecrypter.java @@ -0,0 +1,29 @@ +package org.mitre.jwt.encryption; + +import org.mitre.jwe.model.Jwe; +import org.mitre.jwt.encryption.impl.RsaDecrypter; + + +public abstract class AbstractJweDecrypter implements JwtDecrypter { + + @Override + public Jwe decrypt(Jwe jwe) { + String alg = jwe.getHeader().getAlgorithm(); + if(alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")) { + + RsaDecrypter decrypter = new RsaDecrypter(jwe); + jwe.setCiphertext(decrypter.decryptCipherText(jwe).getBytes()); //TODO: When decrypting, should it return a jwe or jwt? + jwe.setEncryptedKey(decrypter.decryptEncryptionKey(jwe)); + + } else if(alg.equals("HS256") || alg.equals("HS384") || alg.equals("HS512")){ + + throw new IllegalArgumentException("Cannot use Hmac for decryption"); + + } else { + throw new IllegalArgumentException("Not a valid decrypting algorithm"); + } + + return jwe; + } + +} diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweEncrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweEncrypter.java index d0a8ac835..e0fe293c9 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweEncrypter.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweEncrypter.java @@ -1,41 +1,145 @@ package org.mitre.jwt.encryption; +import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; import org.mitre.jwe.model.Jwe; -import org.mitre.jwt.signer.impl.HmacSigner; -import org.mitre.jwt.signer.impl.RsaSigner; +import org.mitre.jwe.model.JweHeader; +import org.mitre.jwt.model.JwtClaims; + public abstract class AbstractJweEncrypter implements JwtEncrypter { - - @Override - public Jwe encrypt(Jwe jwe) { - - jwe.setCiphertext(encryptClaims(jwe)); - jwe.setEncryptedKey(encryptKey(jwe)); - - String alg = jwe.getHeader().getAlgorithm(); - if(alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")) { - RsaSigner rsaSigner = new RsaSigner(); - try { - jwe = (Jwe) rsaSigner.sign(jwe); - } catch (NoSuchAlgorithmException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } else if(alg.equals("HS256") || alg.equals("HS384") || alg.equals("HS512")){ - HmacSigner hmacSigner = new HmacSigner(); - try { - jwe = (Jwe) hmacSigner.sign(jwe); - } catch (NoSuchAlgorithmException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } else { - throw new IllegalArgumentException("Not a valid signing algorithm"); - } - + + private Jwe jwe; + + private JweHeader header; + + private JwtClaims claims; + + private String signature; + + private byte[] encryptedKey; + + private byte[] cipherText; + + public Jwe getJwe() { return jwe; } + public void setJwe(Jwe jwe) { + this.jwe = jwe; + } + + public byte[] getEncryptecKey() { + return encryptedKey; + } + + public void setEncryptedKey(byte[] encryptedKey) { + this.encryptedKey = encryptedKey; + } + + public JweHeader getHeader() { + return header; + } + + public void setHeader(JweHeader header) { + this.header = header; + } + + public JwtClaims getClaims() { + return claims; + } + + public void setClaims(JwtClaims claims) { + this.claims = claims; + } + + public String getSignature() { + return signature; + } + + public void setSignature(String signature) { + this.signature = signature; + } + + public byte[] getCipherText() { + return cipherText; + } + + public void setCipherText(byte[] cipherText) { + this.cipherText = cipherText; + } + + + public byte[] encryptKey(Jwe jwe){ + + RSAPublicKey publicKey = null; // TODO: placeholder + RSAPrivateKey privateKey = null; + + Cipher cipher; + try { + cipher = Cipher.getInstance("RSA"); + cipher.init(Cipher.ENCRYPT_MODE, publicKey); + encryptedKey = cipher.doFinal(privateKey.getEncoded()); + + } catch (NoSuchAlgorithmException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (NoSuchPaddingException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (InvalidKeyException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (IllegalBlockSizeException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (BadPaddingException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + return encryptedKey; + + } + + public byte[] encryptClaims(Jwe jwe) { + + RSAPublicKey publicKey = null; // TODO: placeholder + + Cipher cipher; + try { + cipher = Cipher.getInstance("RSA"); + cipher.init(Cipher.ENCRYPT_MODE, publicKey); + cipherText = cipher.doFinal(claims.toString().getBytes()); + + } catch (NoSuchAlgorithmException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (NoSuchPaddingException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (InvalidKeyException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (IllegalBlockSizeException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (BadPaddingException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + return cipherText; + + } + + } diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/IntegrityProtection.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/IntegrityProtection.java deleted file mode 100644 index c32dc591c..000000000 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/IntegrityProtection.java +++ /dev/null @@ -1,5 +0,0 @@ -package org.mitre.jwt.encryption; - -public class IntegrityProtection { - -} diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtDecrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtDecrypter.java index 11502b61f..2038f9a97 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtDecrypter.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtDecrypter.java @@ -1,11 +1,14 @@ package org.mitre.jwt.encryption; -import org.mitre.jwt.model.Jwt; +import org.mitre.jwe.model.Jwe; -public class JwtDecrypter { +public interface JwtDecrypter { + + public Jwe decrypt(Jwe jwe); + + public String decryptCipherText(Jwe jwe); + + public byte[] decryptEncryptionKey(Jwe jwe); - public JwtDecrypter(Jwt jwt) { - - } } diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtEncrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtEncrypter.java index 06fcdc184..28e5fb134 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtEncrypter.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtEncrypter.java @@ -9,6 +9,6 @@ public interface JwtEncrypter { public byte[] encryptClaims(Jwe jwe); - public Jwe encrypt(Jwe jwe); + public Jwe encryptAndSign(Jwe jwe); } diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaDecrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaDecrypter.java index 0da26e270..360572066 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaDecrypter.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaDecrypter.java @@ -11,9 +11,9 @@ import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import org.mitre.jwe.model.Jwe; -import org.mitre.jwt.model.JwtClaims; +import org.mitre.jwt.encryption.AbstractJweDecrypter; -public class RsaDecrypter { +public class RsaDecrypter extends AbstractJweDecrypter { private Jwe jwe; @@ -48,8 +48,9 @@ public class RsaDecrypter { public void setPublicKey(PublicKey publicKey) { this.publicKey = publicKey; } - - public String decryptCipherText() { + + @Override + public String decryptCipherText(Jwe jwe) { Cipher cipher; String clearTextString = null; try { @@ -80,7 +81,8 @@ public class RsaDecrypter { } - public byte[] decryptEncryptionKey() { + @Override + public byte[] decryptEncryptionKey(Jwe jwe) { Cipher cipher; byte[] unencryptedKey = null; @@ -109,13 +111,5 @@ public class RsaDecrypter { return unencryptedKey; } - - public Jwe decrypt(Jwe jwe) { - - jwe.setClaims(new JwtClaims(decryptCipherText())); - jwe.setEncryptedKey(decryptEncryptionKey()); - - return jwe; - } } diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaEncrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaEncrypter.java index 8e1afc2c3..5b49b6b3b 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaEncrypter.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaEncrypter.java @@ -1,34 +1,13 @@ package org.mitre.jwt.encryption.impl; -import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; import org.mitre.jwe.model.Jwe; -import org.mitre.jwe.model.JweHeader; import org.mitre.jwt.encryption.AbstractJweEncrypter; -import org.mitre.jwt.model.JwtClaims; +import org.mitre.jwt.signer.impl.RsaSigner; public class RsaEncrypter extends AbstractJweEncrypter { - private Jwe jwe; - - private JweHeader header; - - private JwtClaims claims; - - private String signature; - - private byte[] encryptedKey; - - private byte[] cipherText; - public RsaEncrypter(Jwe jwe) { setJwe(jwe); setHeader(jwe.getHeader()); @@ -36,126 +15,31 @@ public class RsaEncrypter extends AbstractJweEncrypter { setSignature(jwe.getSignature()); } - public Jwe getJwe() { + @Override + public Jwe encryptAndSign(Jwe jwe) { + + String alg = jwe.getHeader().getAlgorithm(); + if(alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")) { + + jwe.setCiphertext(encryptClaims(jwe)); + jwe.setEncryptedKey(encryptKey(jwe)); + + RsaSigner rsaSigner = new RsaSigner(); //TODO: Add parameters to RsaSigner. ie: keys from keystore (null at the moment) + try { + jwe = (Jwe) rsaSigner.sign(jwe); + } catch (NoSuchAlgorithmException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } else if(alg.equals("HS256") || alg.equals("HS384") || alg.equals("HS512")){ + + throw new IllegalArgumentException("Cannot use Hmac for encryption"); + + } else { + throw new IllegalArgumentException("Not a valid signing algorithm"); + } + return jwe; } - public void setJwe(Jwe jwe) { - this.jwe = jwe; - } - - public byte[] getEncryptecKey() { - return encryptedKey; - } - - public void setEncryptedKey(byte[] encryptedKey) { - this.encryptedKey = encryptedKey; - } - - public JweHeader getHeader() { - return header; - } - - public void setHeader(JweHeader header) { - this.header = header; - } - - public JwtClaims getClaims() { - return claims; - } - - public void setClaims(JwtClaims claims) { - this.claims = claims; - } - - public String getSignature() { - return signature; - } - - public void setSignature(String signature) { - this.signature = signature; - } - - public byte[] getCipherText() { - return cipherText; - } - - public void setCipherText(byte[] cipherText) { - this.cipherText = cipherText; - } - - @Override - public byte[] encryptKey(Jwe jwe){ - String alg = jwe.getHeader().getAlgorithm(); - RSAPublicKey publicKey = null; // TODO: placeholder - RSAPrivateKey privateKey = null; - - if(alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")) { - Cipher cipher; - try { - cipher = Cipher.getInstance("RSA"); - cipher.init(Cipher.ENCRYPT_MODE, publicKey); - encryptedKey = cipher.doFinal(privateKey.getEncoded()); - - } catch (NoSuchAlgorithmException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (NoSuchPaddingException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (InvalidKeyException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IllegalBlockSizeException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (BadPaddingException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - - } else { - throw new IllegalArgumentException("Not a valid algorithm for encryption"); - } - - return encryptedKey; - - } - - @Override - public byte[] encryptClaims(Jwe jwe) { - String alg = jwe.getHeader().getAlgorithm(); - RSAPublicKey publicKey = null; // TODO: placeholder - - if(alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")) { - Cipher cipher; - try { - cipher = Cipher.getInstance("RSA"); - cipher.init(Cipher.ENCRYPT_MODE, publicKey); - cipherText = cipher.doFinal(claims.toString().getBytes()); - - } catch (NoSuchAlgorithmException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (NoSuchPaddingException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (InvalidKeyException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IllegalBlockSizeException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (BadPaddingException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } else { - throw new IllegalArgumentException("Not a valid algorithm for encryption"); - } - - return cipherText; - - } - } diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtDecrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtDecrypter.java deleted file mode 100644 index 9a31d13c3..000000000 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtDecrypter.java +++ /dev/null @@ -1,56 +0,0 @@ -package org.mitre.jwt.encryption.impl; - -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.security.PublicKey; - -import javax.crypto.Cipher; -import javax.crypto.NoSuchPaddingException; - -public class RsaJwtDecrypter { - - PublicKey publicKey; - byte[] wrappedKey; - String algorithm; - - public RsaJwtDecrypter(String algorithm, PublicKey publicKey, byte[] wrappedKey){ - setPublicKey(publicKey); - setWrappedKey(wrappedKey); - setAlgorithm(algorithm); - } - - public PublicKey getPublicKey() { - return publicKey; - } - - public void setPublicKey(PublicKey publicKey) { - this.publicKey = publicKey; - } - - public byte[] getWrappedKey() { - return wrappedKey; - } - - public void setWrappedKey(byte[] wrappedKey) { - this.wrappedKey = wrappedKey; - } - - public String getAlgorithm() { - return algorithm; - } - - public void setAlgorithm(String algorithm) { - this.algorithm = algorithm; - } - - public Key keyDecrypter() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException { - - Cipher cipher = Cipher.getInstance("RSA"); - cipher.init(Cipher.UNWRAP_MODE, publicKey); - Key unwrappedKey = cipher.unwrap(wrappedKey, algorithm, Cipher.PRIVATE_KEY); - - return unwrappedKey; - } - -}