From e2529516129780cf474d06de58664295e6b6b611 Mon Sep 17 00:00:00 2001 From: Mike Derryberry Date: Wed, 27 Jun 2012 09:47:10 -0400 Subject: [PATCH] added encrypter/decrypter for claims to get ciphertext --- .../AbstractOIDCAuthenticationFilter.java | 3 + .../mitre/jwt/encryption/JwtEncrypter.java | 26 ++++++- .../impl/RsaJwtClaimsDecrypter.java | 69 +++++++++++++++++++ .../impl/RsaJwtClaimsEncrypter.java | 69 +++++++++++++++++++ .../jwt/encryption/impl/RsaJwtEncrypter.java | 28 ++++---- 5 files changed, 177 insertions(+), 18 deletions(-) create mode 100644 openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtClaimsDecrypter.java create mode 100644 openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtClaimsEncrypter.java diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java index 64ee7b232..8901a363c 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java @@ -48,6 +48,9 @@ import org.apache.commons.codec.binary.Base64; import org.apache.commons.lang.StringUtils; import org.apache.http.client.HttpClient; import org.apache.http.impl.client.DefaultHttpClient; +import org.mitre.openid.connect.model.IdToken; +import org.mitre.jwt.model.Jwt; +import org.mitre.jwt.model.JwtHeader; import org.mitre.jwt.signer.JwtSigner; import org.mitre.jwt.signer.impl.RsaSigner; import org.mitre.jwt.signer.service.JwtSigningAndValidationService; diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtEncrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtEncrypter.java index 57d3f2465..851664858 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtEncrypter.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtEncrypter.java @@ -4,7 +4,10 @@ import java.security.Key; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; +import javax.crypto.Cipher; + import org.mitre.jwt.encryption.impl.HmacJwtEncrypter; +import org.mitre.jwt.encryption.impl.RsaJwtClaimsEncrypter; import org.mitre.jwt.encryption.impl.RsaJwtEncrypter; import org.mitre.jwt.model.EncryptedJwt; import org.mitre.jwt.model.Jwt; @@ -23,6 +26,8 @@ public class JwtEncrypter { private Key encryptedKey; + private byte[] cipherText; + public JwtEncrypter(Jwt jwt) { setJwt(jwt); header = jwt.getHeader(); @@ -77,18 +82,35 @@ public class JwtEncrypter { String passphrase = null; if(alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")) { - RsaJwtEncrypter rsaEncrypter = new RsaJwtEncrypter(alg, pubKey, privateKey); + RsaJwtEncrypter rsaEncrypter = new RsaJwtEncrypter(pubKey, privateKey); encryptedKey = rsaEncrypter.createEncryptedKey(); } else if (alg.equals("HS256") || alg.equals("HS384") || alg.equals("HS512")){ HmacJwtEncrypter hmacEncrypter = new HmacJwtEncrypter(alg, passphrase.getBytes()); encryptedKey = hmacEncrypter.createEncryptedKey(); } else { - throw new IllegalArgumentException("Not a valid signing method"); + throw new IllegalArgumentException("Not a valid algorithm"); } return encryptedKey; } + + public byte[] getCipherText(Jwt jwt) { + String alg = jwt.getHeader().getAlgorithm(); + RSAPublicKey pubKey = null; + + if(alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")) { + RsaJwtClaimsEncrypter claimsEncrypter = new RsaJwtClaimsEncrypter(jwt.getClaims(), pubKey); + cipherText = claimsEncrypter.createCipherText(); + } else if (alg.equals("HS256") || alg.equals("HS384") || alg.equals("HS512")){ + + } else { + throw new IllegalArgumentException("Not a valid algorithm"); + } + + return cipherText; + + } public EncryptedJwt encryptJwt(Jwt jwt) { diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtClaimsDecrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtClaimsDecrypter.java new file mode 100644 index 000000000..02da7af94 --- /dev/null +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtClaimsDecrypter.java @@ -0,0 +1,69 @@ +package org.mitre.jwt.encryption.impl; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; + +public class RsaJwtClaimsDecrypter { + + private byte[] cipherText; + private PrivateKey privateKey; + + public RsaJwtClaimsDecrypter(byte[] cipherText, PrivateKey privateKey) { + setCipherText(cipherText); + setPrivateKey(privateKey); + } + + public byte[] getCipherText() { + return cipherText; + } + + public void setCipherText(byte[] cipherText) { + this.cipherText = cipherText; + } + + public PrivateKey getPrivateKey() { + return privateKey; + } + + public void setPrivateKey(PrivateKey privateKey) { + this.privateKey = privateKey; + } + + public String decryptCipherText() { + Cipher cipher; + String clearTextString = null; + try { + + cipher = Cipher.getInstance("RSA"); + cipher.init(Cipher.DECRYPT_MODE, privateKey); + byte[] clearText = cipher.doFinal(cipherText); + clearTextString = new String(clearText); + + } catch (NoSuchAlgorithmException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (NoSuchPaddingException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (InvalidKeyException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (IllegalBlockSizeException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (BadPaddingException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + return clearTextString; + + } + +} diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtClaimsEncrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtClaimsEncrypter.java new file mode 100644 index 000000000..640802908 --- /dev/null +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtClaimsEncrypter.java @@ -0,0 +1,69 @@ +package org.mitre.jwt.encryption.impl; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; + +import org.mitre.jwt.model.JwtClaims; + +public class RsaJwtClaimsEncrypter { + + private JwtClaims claims; + private PublicKey publicKey; + + public RsaJwtClaimsEncrypter(JwtClaims claims, PublicKey pubKey) { + setClaims(claims); + setPublicKey(pubKey); + } + + public JwtClaims getClaims() { + return claims; + } + + public void setClaims(JwtClaims claims) { + this.claims = claims; + } + + public PublicKey getPublicKey() { + return publicKey; + } + + public void setPublicKey(PublicKey publicKey) { + this.publicKey = publicKey; + } + + public byte[] createCipherText() { + Cipher cipher; + byte[] cipherText = null; + try { + cipher = Cipher.getInstance("RSA"); + cipher.init(Cipher.ENCRYPT_MODE, publicKey); + cipherText = cipher.doFinal(claims.toString().getBytes()); + + } catch (NoSuchAlgorithmException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (NoSuchPaddingException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (InvalidKeyException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (IllegalBlockSizeException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (BadPaddingException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + return cipherText; + + } + +} diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtEncrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtEncrypter.java index 403371227..7e412b6a7 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtEncrypter.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtEncrypter.java @@ -10,6 +10,7 @@ import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.InvalidKeySpecException; +import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; @@ -19,10 +20,8 @@ public class RsaJwtEncrypter { private PublicKey publicKey; private PrivateKey privateKey; - private String algorithm; - public RsaJwtEncrypter(String algorithm, RSAPublicKey pubKey, RSAPrivateKey privateKey){ - setAlgorithm(algorithm); + public RsaJwtEncrypter(RSAPublicKey pubKey, RSAPrivateKey privateKey){ setPublicKey(pubKey); setPrivateKey(privateKey); } @@ -42,24 +41,16 @@ public class RsaJwtEncrypter { public void setPrivateKey(PrivateKey privateKey) { this.privateKey = privateKey; } - - public String getAlgorithm() { - return algorithm; - } - - public void setAlgorithm(String algorithm) { - this.algorithm = algorithm; - } public Key createEncryptedKey() { Cipher cipher; try { - cipher = Cipher.getInstance(algorithm); - cipher.init(Cipher.WRAP_MODE, publicKey); - byte[] wrappedKey = cipher.wrap(privateKey); + cipher = Cipher.getInstance("RSA"); + cipher.init(Cipher.ENCRYPT_MODE, publicKey); + byte[] wrappedKey = cipher.doFinal(privateKey.getEncoded()); - KeyFactory keyFactory = KeyFactory.getInstance(algorithm); - SecretKeySpec keySpec = new SecretKeySpec(wrappedKey, algorithm); + KeyFactory keyFactory = KeyFactory.getInstance("RSA"); + SecretKeySpec keySpec = new SecretKeySpec(wrappedKey, "RSA"); privateKey = keyFactory.generatePrivate(keySpec); } catch (NoSuchAlgorithmException e) { @@ -77,9 +68,14 @@ public class RsaJwtEncrypter { } catch (InvalidKeySpecException e) { // TODO Auto-generated catch block e.printStackTrace(); + } catch (BadPaddingException e) { + // TODO Auto-generated catch block + e.printStackTrace(); } return privateKey; } + + }