github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added encrypter/decrypter for claims to get ciphertext

pull/105/head
Mike Derryberry 2012-06-27 09:47:10 -04:00
parent 33cc3fa899
commit e252951612
5 changed files with 177 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java
View File

@ -48,6 +48,9 @@ import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.StringUtils;
import org.apache.http.client.HttpClient; import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.impl.client.DefaultHttpClient;
import org.mitre.openid.connect.model.IdToken;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtHeader;
import org.mitre.jwt.signer.JwtSigner; import org.mitre.jwt.signer.JwtSigner;
import org.mitre.jwt.signer.impl.RsaSigner; import org.mitre.jwt.signer.impl.RsaSigner;
import org.mitre.jwt.signer.service.JwtSigningAndValidationService; import org.mitre.jwt.signer.service.JwtSigningAndValidationService;

26
openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtEncrypter.java
View File

@ -4,7 +4,10 @@ import java.security.Key;
import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey; import java.security.interfaces.RSAPublicKey;
import javax.crypto.Cipher;
import org.mitre.jwt.encryption.impl.HmacJwtEncrypter; import org.mitre.jwt.encryption.impl.HmacJwtEncrypter;
import org.mitre.jwt.encryption.impl.RsaJwtClaimsEncrypter;
import org.mitre.jwt.encryption.impl.RsaJwtEncrypter; import org.mitre.jwt.encryption.impl.RsaJwtEncrypter;
import org.mitre.jwt.model.EncryptedJwt; import org.mitre.jwt.model.EncryptedJwt;
import org.mitre.jwt.model.Jwt; import org.mitre.jwt.model.Jwt;
@ -23,6 +26,8 @@ public class JwtEncrypter {
private Key encryptedKey; private Key encryptedKey;
private byte[] cipherText;
public JwtEncrypter(Jwt jwt) { public JwtEncrypter(Jwt jwt) {
setJwt(jwt); setJwt(jwt);
header = jwt.getHeader(); header = jwt.getHeader();
@ -77,18 +82,35 @@ public class JwtEncrypter {
String passphrase = null; String passphrase = null;
if(alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")) { if(alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")) {
RsaJwtEncrypter rsaEncrypter = new RsaJwtEncrypter(alg, pubKey, privateKey); RsaJwtEncrypter rsaEncrypter = new RsaJwtEncrypter(pubKey, privateKey);
encryptedKey = rsaEncrypter.createEncryptedKey(); encryptedKey = rsaEncrypter.createEncryptedKey();
} else if (alg.equals("HS256") || alg.equals("HS384") || alg.equals("HS512")){ } else if (alg.equals("HS256") || alg.equals("HS384") || alg.equals("HS512")){
HmacJwtEncrypter hmacEncrypter = new HmacJwtEncrypter(alg, passphrase.getBytes()); HmacJwtEncrypter hmacEncrypter = new HmacJwtEncrypter(alg, passphrase.getBytes());
encryptedKey = hmacEncrypter.createEncryptedKey(); encryptedKey = hmacEncrypter.createEncryptedKey();
} else { } else {
throw new IllegalArgumentException("Not a valid signing method"); throw new IllegalArgumentException("Not a valid algorithm");
} }
return encryptedKey; return encryptedKey;
} }
public byte[] getCipherText(Jwt jwt) {
String alg = jwt.getHeader().getAlgorithm();
RSAPublicKey pubKey = null;
if(alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")) {
RsaJwtClaimsEncrypter claimsEncrypter = new RsaJwtClaimsEncrypter(jwt.getClaims(), pubKey);
cipherText = claimsEncrypter.createCipherText();
} else if (alg.equals("HS256") || alg.equals("HS384") || alg.equals("HS512")){
} else {
throw new IllegalArgumentException("Not a valid algorithm");
}
return cipherText;
}
public EncryptedJwt encryptJwt(Jwt jwt) { public EncryptedJwt encryptJwt(Jwt jwt) {

69
openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtClaimsDecrypter.java Normal file
View File

@ -0,0 +1,69 @@
package org.mitre.jwt.encryption.impl;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
public class RsaJwtClaimsDecrypter {
private byte[] cipherText;
private PrivateKey privateKey;
public RsaJwtClaimsDecrypter(byte[] cipherText, PrivateKey privateKey) {
setCipherText(cipherText);
setPrivateKey(privateKey);
}
public byte[] getCipherText() {
return cipherText;
}
public void setCipherText(byte[] cipherText) {
this.cipherText = cipherText;
}
public PrivateKey getPrivateKey() {
return privateKey;
}
public void setPrivateKey(PrivateKey privateKey) {
this.privateKey = privateKey;
}
public String decryptCipherText() {
Cipher cipher;
String clearTextString = null;
try {
cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] clearText = cipher.doFinal(cipherText);
clearTextString = new String(clearText);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (BadPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return clearTextString;
}
}

69
openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtClaimsEncrypter.java Normal file
View File

@ -0,0 +1,69 @@
package org.mitre.jwt.encryption.impl;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.mitre.jwt.model.JwtClaims;
public class RsaJwtClaimsEncrypter {
private JwtClaims claims;
private PublicKey publicKey;
public RsaJwtClaimsEncrypter(JwtClaims claims, PublicKey pubKey) {
setClaims(claims);
setPublicKey(pubKey);
}
public JwtClaims getClaims() {
return claims;
}
public void setClaims(JwtClaims claims) {
this.claims = claims;
}
public PublicKey getPublicKey() {
return publicKey;
}
public void setPublicKey(PublicKey publicKey) {
this.publicKey = publicKey;
}
public byte[] createCipherText() {
Cipher cipher;
byte[] cipherText = null;
try {
cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
cipherText = cipher.doFinal(claims.toString().getBytes());
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (BadPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return cipherText;
}
}

28
openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaJwtEncrypter.java
View File

@ -10,6 +10,7 @@ import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey; import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher; import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException; import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException; import javax.crypto.NoSuchPaddingException;
@ -19,10 +20,8 @@ public class RsaJwtEncrypter {
private PublicKey publicKey; private PublicKey publicKey;
private PrivateKey privateKey; private PrivateKey privateKey;
private String algorithm;
public RsaJwtEncrypter(String algorithm, RSAPublicKey pubKey, RSAPrivateKey privateKey){ public RsaJwtEncrypter(RSAPublicKey pubKey, RSAPrivateKey privateKey){
setAlgorithm(algorithm);
setPublicKey(pubKey); setPublicKey(pubKey);
setPrivateKey(privateKey); setPrivateKey(privateKey);
} }
@ -42,24 +41,16 @@ public class RsaJwtEncrypter {
public void setPrivateKey(PrivateKey privateKey) { public void setPrivateKey(PrivateKey privateKey) {
this.privateKey = privateKey; this.privateKey = privateKey;
} }
public String getAlgorithm() {
return algorithm;
}
public void setAlgorithm(String algorithm) {
this.algorithm = algorithm;
}
public Key createEncryptedKey() { public Key createEncryptedKey() {
Cipher cipher; Cipher cipher;
try { try {
cipher = Cipher.getInstance(algorithm); cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.WRAP_MODE, publicKey); cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] wrappedKey = cipher.wrap(privateKey); byte[] wrappedKey = cipher.doFinal(privateKey.getEncoded());
KeyFactory keyFactory = KeyFactory.getInstance(algorithm); KeyFactory keyFactory = KeyFactory.getInstance("RSA");
SecretKeySpec keySpec = new SecretKeySpec(wrappedKey, algorithm); SecretKeySpec keySpec = new SecretKeySpec(wrappedKey, "RSA");
privateKey = keyFactory.generatePrivate(keySpec); privateKey = keyFactory.generatePrivate(keySpec);
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
@ -77,9 +68,14 @@ public class RsaJwtEncrypter {
} catch (InvalidKeySpecException e) { } catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block // TODO Auto-generated catch block
e.printStackTrace(); e.printStackTrace();
} catch (BadPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} }
return privateKey; return privateKey;
} }
} }