added encrypter/decrypter for claims to get ciphertext
Mike Derryberry
parent
33cc3fa899
commit
e252951612
|
|
@ -48,6 +48,9 @@ import org.apache.commons.codec.binary.Base64;
|
|||
import org.apache.commons.lang.StringUtils;
|
||||
import org.apache.http.client.HttpClient;
|
||||
import org.apache.http.impl.client.DefaultHttpClient;
|
||||
import org.mitre.openid.connect.model.IdToken;
|
||||
import org.mitre.jwt.model.Jwt;
|
||||
import org.mitre.jwt.model.JwtHeader;
|
||||
import org.mitre.jwt.signer.JwtSigner;
|
||||
import org.mitre.jwt.signer.impl.RsaSigner;
|
||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
||||
|
|
|
|||
|
|
@ -4,7 +4,10 @@ import java.security.Key;
|
|||
import java.security.interfaces.RSAPrivateKey;
|
||||
import java.security.interfaces.RSAPublicKey;
|
||||
|
||||
import javax.crypto.Cipher;
|
||||
|
||||
import org.mitre.jwt.encryption.impl.HmacJwtEncrypter;
|
||||
import org.mitre.jwt.encryption.impl.RsaJwtClaimsEncrypter;
|
||||
import org.mitre.jwt.encryption.impl.RsaJwtEncrypter;
|
||||
import org.mitre.jwt.model.EncryptedJwt;
|
||||
import org.mitre.jwt.model.Jwt;
|
||||
|
|
@ -23,6 +26,8 @@ public class JwtEncrypter {
|
|||
|
||||
private Key encryptedKey;
|
||||
|
||||
private byte[] cipherText;
|
||||
|
||||
public JwtEncrypter(Jwt jwt) {
|
||||
setJwt(jwt);
|
||||
header = jwt.getHeader();
|
||||
|
|
@ -77,19 +82,36 @@ public class JwtEncrypter {
|
|||
String passphrase = null;
|
||||
|
||||
if(alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")) {
|
||||
RsaJwtEncrypter rsaEncrypter = new RsaJwtEncrypter(alg, pubKey, privateKey);
|
||||
RsaJwtEncrypter rsaEncrypter = new RsaJwtEncrypter(pubKey, privateKey);
|
||||
encryptedKey = rsaEncrypter.createEncryptedKey();
|
||||
} else if (alg.equals("HS256") || alg.equals("HS384") || alg.equals("HS512")){
|
||||
HmacJwtEncrypter hmacEncrypter = new HmacJwtEncrypter(alg, passphrase.getBytes());
|
||||
encryptedKey = hmacEncrypter.createEncryptedKey();
|
||||
} else {
|
||||
throw new IllegalArgumentException("Not a valid signing method");
|
||||
throw new IllegalArgumentException("Not a valid algorithm");
|
||||
}
|
||||
|
||||
return encryptedKey;
|
||||
|
||||
}
|
||||
|
||||
public byte[] getCipherText(Jwt jwt) {
|
||||
String alg = jwt.getHeader().getAlgorithm();
|
||||
RSAPublicKey pubKey = null;
|
||||
|
||||
if(alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")) {
|
||||
RsaJwtClaimsEncrypter claimsEncrypter = new RsaJwtClaimsEncrypter(jwt.getClaims(), pubKey);
|
||||
cipherText = claimsEncrypter.createCipherText();
|
||||
} else if (alg.equals("HS256") || alg.equals("HS384") || alg.equals("HS512")){
|
||||
|
||||
} else {
|
||||
throw new IllegalArgumentException("Not a valid algorithm");
|
||||
}
|
||||
|
||||
return cipherText;
|
||||
|
||||
}
|
||||
|
||||
public EncryptedJwt encryptJwt(Jwt jwt) {
|
||||
|
||||
//EncryptedJwt jwe = new EncryptedJwt(header, encryptedKey, claims, signature);
|
||||
|
|
|
|||
|
|
@ -0,0 +1,69 @@
|
|||
package org.mitre.jwt.encryption.impl;
|
||||
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.PrivateKey;
|
||||
|
||||
import javax.crypto.BadPaddingException;
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.IllegalBlockSizeException;
|
||||
import javax.crypto.NoSuchPaddingException;
|
||||
|
||||
public class RsaJwtClaimsDecrypter {
|
||||
|
||||
private byte[] cipherText;
|
||||
private PrivateKey privateKey;
|
||||
|
||||
public RsaJwtClaimsDecrypter(byte[] cipherText, PrivateKey privateKey) {
|
||||
setCipherText(cipherText);
|
||||
setPrivateKey(privateKey);
|
||||
}
|
||||
|
||||
public byte[] getCipherText() {
|
||||
return cipherText;
|
||||
}
|
||||
|
||||
public void setCipherText(byte[] cipherText) {
|
||||
this.cipherText = cipherText;
|
||||
}
|
||||
|
||||
public PrivateKey getPrivateKey() {
|
||||
return privateKey;
|
||||
}
|
||||
|
||||
public void setPrivateKey(PrivateKey privateKey) {
|
||||
this.privateKey = privateKey;
|
||||
}
|
||||
|
||||
public String decryptCipherText() {
|
||||
Cipher cipher;
|
||||
String clearTextString = null;
|
||||
try {
|
||||
|
||||
cipher = Cipher.getInstance("RSA");
|
||||
cipher.init(Cipher.DECRYPT_MODE, privateKey);
|
||||
byte[] clearText = cipher.doFinal(cipherText);
|
||||
clearTextString = new String(clearText);
|
||||
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
} catch (NoSuchPaddingException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
} catch (InvalidKeyException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
} catch (IllegalBlockSizeException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
} catch (BadPaddingException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
return clearTextString;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,69 @@
|
|||
package org.mitre.jwt.encryption.impl;
|
||||
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.PublicKey;
|
||||
|
||||
import javax.crypto.BadPaddingException;
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.IllegalBlockSizeException;
|
||||
import javax.crypto.NoSuchPaddingException;
|
||||
|
||||
import org.mitre.jwt.model.JwtClaims;
|
||||
|
||||
public class RsaJwtClaimsEncrypter {
|
||||
|
||||
private JwtClaims claims;
|
||||
private PublicKey publicKey;
|
||||
|
||||
public RsaJwtClaimsEncrypter(JwtClaims claims, PublicKey pubKey) {
|
||||
setClaims(claims);
|
||||
setPublicKey(pubKey);
|
||||
}
|
||||
|
||||
public JwtClaims getClaims() {
|
||||
return claims;
|
||||
}
|
||||
|
||||
public void setClaims(JwtClaims claims) {
|
||||
this.claims = claims;
|
||||
}
|
||||
|
||||
public PublicKey getPublicKey() {
|
||||
return publicKey;
|
||||
}
|
||||
|
||||
public void setPublicKey(PublicKey publicKey) {
|
||||
this.publicKey = publicKey;
|
||||
}
|
||||
|
||||
public byte[] createCipherText() {
|
||||
Cipher cipher;
|
||||
byte[] cipherText = null;
|
||||
try {
|
||||
cipher = Cipher.getInstance("RSA");
|
||||
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
|
||||
cipherText = cipher.doFinal(claims.toString().getBytes());
|
||||
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
} catch (NoSuchPaddingException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
} catch (InvalidKeyException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
} catch (IllegalBlockSizeException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
} catch (BadPaddingException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
return cipherText;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -10,6 +10,7 @@ import java.security.interfaces.RSAPrivateKey;
|
|||
import java.security.interfaces.RSAPublicKey;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
|
||||
import javax.crypto.BadPaddingException;
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.IllegalBlockSizeException;
|
||||
import javax.crypto.NoSuchPaddingException;
|
||||
|
|
@ -19,10 +20,8 @@ public class RsaJwtEncrypter {
|
|||
|
||||
private PublicKey publicKey;
|
||||
private PrivateKey privateKey;
|
||||
private String algorithm;
|
||||
|
||||
public RsaJwtEncrypter(String algorithm, RSAPublicKey pubKey, RSAPrivateKey privateKey){
|
||||
setAlgorithm(algorithm);
|
||||
public RsaJwtEncrypter(RSAPublicKey pubKey, RSAPrivateKey privateKey){
|
||||
setPublicKey(pubKey);
|
||||
setPrivateKey(privateKey);
|
||||
}
|
||||
|
|
@ -43,23 +42,15 @@ public class RsaJwtEncrypter {
|
|||
this.privateKey = privateKey;
|
||||
}
|
||||
|
||||
public String getAlgorithm() {
|
||||
return algorithm;
|
||||
}
|
||||
|
||||
public void setAlgorithm(String algorithm) {
|
||||
this.algorithm = algorithm;
|
||||
}
|
||||
|
||||
public Key createEncryptedKey() {
|
||||
Cipher cipher;
|
||||
try {
|
||||
cipher = Cipher.getInstance(algorithm);
|
||||
cipher.init(Cipher.WRAP_MODE, publicKey);
|
||||
byte[] wrappedKey = cipher.wrap(privateKey);
|
||||
cipher = Cipher.getInstance("RSA");
|
||||
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
|
||||
byte[] wrappedKey = cipher.doFinal(privateKey.getEncoded());
|
||||
|
||||
KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
|
||||
SecretKeySpec keySpec = new SecretKeySpec(wrappedKey, algorithm);
|
||||
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
|
||||
SecretKeySpec keySpec = new SecretKeySpec(wrappedKey, "RSA");
|
||||
privateKey = keyFactory.generatePrivate(keySpec);
|
||||
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
|
|
@ -77,9 +68,14 @@ public class RsaJwtEncrypter {
|
|||
} catch (InvalidKeySpecException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
} catch (BadPaddingException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
return privateKey;
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue