org.xdi.oxauth.model.jwe.JweEncrypterImpl クラス

org.xdi.oxauth.model.jwe.JweEncrypterImpl の継承関係図

org.xdi.oxauth.model.jwe.JweEncrypterImpl 連携図

公開メンバ関数
	JweEncrypterImpl (KeyEncryptionAlgorithm keyEncryptionAlgorithm, BlockEncryptionAlgorithm blockEncryptionAlgorithm, byte[] sharedSymmetricKey)
	JweEncrypterImpl (KeyEncryptionAlgorithm keyEncryptionAlgorithm, BlockEncryptionAlgorithm blockEncryptionAlgorithm, PublicKey publicKey)
String	generateEncryptedKey (byte[] contentMasterKey) throws InvalidJweException
Pair< String, String >	generateCipherTextAndIntegrityValue (byte[] contentMasterKey, byte[] initializationVector, byte[] additionalAuthenticatedData, byte[] plainText) throws InvalidJweException
KeyEncryptionAlgorithm	getKeyEncryptionAlgorithm ()
BlockEncryptionAlgorithm	getBlockEncryptionAlgorithm ()
Jwe	encrypt (Jwe jwe) throws InvalidJweException

非公開変数類
PublicKey	publicKey
byte []	sharedSymmetricKey

詳解

著者

Javier Rojas Blum

バージョン

August 17, 2016

構築子と解体子

JweEncrypterImpl() [1/2]

org.xdi.oxauth.model.jwe.JweEncrypterImpl.JweEncrypterImpl ( KeyEncryptionAlgorithm  keyEncryptionAlgorithm, BlockEncryptionAlgorithm  blockEncryptionAlgorithm, byte []  sharedSymmetricKey  )

inline

                                                                                                                                                         {
        super(keyEncryptionAlgorithm, blockEncryptionAlgorithm);
        if (sharedSymmetricKey != null) {
            this.sharedSymmetricKey = sharedSymmetricKey.clone();
        }
    }

JweEncrypterImpl() [2/2]

org.xdi.oxauth.model.jwe.JweEncrypterImpl.JweEncrypterImpl ( KeyEncryptionAlgorithm  keyEncryptionAlgorithm, BlockEncryptionAlgorithm  blockEncryptionAlgorithm, PublicKey  publicKey  )

inline

                                                                                                                                                   {
        super(keyEncryptionAlgorithm, blockEncryptionAlgorithm);
        this.publicKey = publicKey;
    }

関数詳解

encrypt()

Jwe org.xdi.oxauth.model.jwe.AbstractJweEncrypter.encrypt ( Jwe  jwe ) throws InvalidJweException

inlineinherited

org.xdi.oxauth.model.jwe.JweEncrypterを実装しています。

                                                           {
        try {
            jwe.setEncodedHeader(jwe.getHeader().toBase64JsonObject());

            byte[] contentMasterKey = new byte[blockEncryptionAlgorithm.getCmkLength() / 8];
            SecureRandom random = new SecureRandom();
            random.nextBytes(contentMasterKey);

            String encodedEncryptedKey = generateEncryptedKey(contentMasterKey);
            jwe.setEncodedEncryptedKey(encodedEncryptedKey);

            byte[] initializationVector = new byte[blockEncryptionAlgorithm.getInitVectorLength() / 8];
            random.nextBytes(initializationVector);
            String encodedInitializationVector = Base64Util.base64urlencode(initializationVector);
            jwe.setEncodedInitializationVector(encodedInitializationVector);

            Pair<String, String> result = generateCipherTextAndIntegrityValue(contentMasterKey, initializationVector,
                    jwe.getAdditionalAuthenticatedData().getBytes(Util.UTF8_STRING_ENCODING),
                    jwe.getClaims().toBase64JsonObject().getBytes(Util.UTF8_STRING_ENCODING));
            jwe.setEncodedCiphertext(result.getFirst());
            jwe.setEncodedIntegrityValue(result.getSecond());

            return jwe;
        } catch (InvalidJwtException e) {
            throw new InvalidJweException(e);
        } catch (UnsupportedEncodingException e) {
            throw new InvalidJweException(e);
        }
    }

generateCipherTextAndIntegrityValue()

Pair<String, String> org.xdi.oxauth.model.jwe.JweEncrypterImpl.generateCipherTextAndIntegrityValue ( byte []  contentMasterKey, byte []  initializationVector, byte []  additionalAuthenticatedData, byte []  plainText  ) throws InvalidJweException

inline

                                       {
        if (getBlockEncryptionAlgorithm() == null) {
            throw new InvalidJweException("The block encryption algorithm is null");
        }
        if (contentMasterKey == null) {
            throw new InvalidJweException("The content master key (CMK) is null");
        }
        if (initializationVector == null) {
            throw new InvalidJweException("The initialization vector is null");
        }
        if (additionalAuthenticatedData == null) {
            throw new InvalidJweException("The additional authentication data is null");
        }
        if (plainText == null) {
            throw new InvalidJweException("The plain text to encrypt is null");
        }

        try {
            if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128GCM
                    || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256GCM) {
                SecretKey secretKey = new SecretKeySpec(contentMasterKey, "AES");
                KeyParameter key = new KeyParameter(contentMasterKey);
                final int MAC_SIZE_BITS = 128;
                AEADParameters aeadParameters = new AEADParameters(key, MAC_SIZE_BITS, initializationVector,
                        additionalAuthenticatedData);

                final int macSize = aeadParameters.getMacSize() / 8;
                BlockCipher blockCipher = new AESEngine();
                CipherParameters params = new KeyParameter(secretKey.getEncoded());
                blockCipher.init(true, params);
                GCMBlockCipher aGCMBlockCipher = new GCMBlockCipher(blockCipher);
                aGCMBlockCipher.init(true, aeadParameters);
                int len = aGCMBlockCipher.getOutputSize(plainText.length);
                byte[] out = new byte[len];
                int outOff = aGCMBlockCipher.processBytes(plainText, 0, plainText.length, out, 0);
                outOff += aGCMBlockCipher.doFinal(out, outOff);
                byte[] cipherText = new byte[outOff - macSize];
                System.arraycopy(out, 0, cipherText, 0, cipherText.length);
                byte[] authenticationTag = new byte[macSize];
                System.arraycopy(out, outOff - macSize, authenticationTag, 0, authenticationTag.length);

                String encodedCipherText = Base64Util.base64urlencode(cipherText);
                String encodedAuthenticationTag = Base64Util.base64urlencode(authenticationTag);

                return new Pair<String, String>(encodedCipherText, encodedAuthenticationTag);
            } else if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128CBC_PLUS_HS256
                    || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256CBC_PLUS_HS512) {
                byte[] cek = KeyDerivationFunction.generateCek(contentMasterKey, getBlockEncryptionAlgorithm());
                IvParameterSpec parameters = new IvParameterSpec(initializationVector);
                Cipher cipher = Cipher.getInstance(getBlockEncryptionAlgorithm().getAlgorithm(), "BC");
                //Cipher cipher = Cipher.getInstance(getBlockEncryptionAlgorithm().getAlgorithm());
                SecretKeySpec secretKeySpec = new SecretKeySpec(cek, "AES");
                cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, parameters);
                byte[] cipherText = cipher.doFinal(plainText);

                String encodedCipherText = Base64Util.base64urlencode(cipherText);

                String securedInputValue = new String(additionalAuthenticatedData, Charset.forName(Util.UTF8_STRING_ENCODING))
                        + "." + encodedCipherText;

                byte[] cik = KeyDerivationFunction.generateCik(contentMasterKey, getBlockEncryptionAlgorithm());
                SecretKey secretKey = new SecretKeySpec(cik, getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
                Mac mac = Mac.getInstance(getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
                mac.init(secretKey);
                byte[] integrityValue = mac.doFinal(securedInputValue.getBytes(Util.UTF8_STRING_ENCODING));

                String encodedIntegrityValue = Base64Util.base64urlencode(integrityValue);

                return new Pair<String, String>(encodedCipherText, encodedIntegrityValue);
            } else {
                throw new InvalidJweException("The block encryption algorithm is not supported");
            }
        } catch (InvalidCipherTextException e) {
            throw new InvalidJweException(e);
        } catch (NoSuchAlgorithmException e) {
            throw new InvalidJweException(e);
        } catch (UnsupportedEncodingException e) {
            throw new InvalidJweException(e);
        } catch (NoSuchProviderException e) {
            throw new InvalidJweException(e);
        } catch (IllegalBlockSizeException e) {
            throw new InvalidJweException(e);
        } catch (InvalidKeyException e) {
            throw new InvalidJweException(e);
        } catch (BadPaddingException e) {
            throw new InvalidJweException(e);
        } catch (InvalidAlgorithmParameterException e) {
            throw new InvalidJweException(e);
        } catch (NoSuchPaddingException e) {
            throw new InvalidJweException(e);
        } catch (InvalidParameterException e) {
            throw new InvalidJweException(e);
        }
    }

generateEncryptedKey()

String org.xdi.oxauth.model.jwe.JweEncrypterImpl.generateEncryptedKey ( byte []  contentMasterKey ) throws InvalidJweException

inline

                                                                                           {
        if (getKeyEncryptionAlgorithm() == null) {
            throw new InvalidJweException("The key encryption algorithm is null");
        }
        if (contentMasterKey == null) {
            throw new InvalidJweException("The content master key (CMK) is null");
        }

        try {
            if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA_OAEP
                    || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA1_5) {
                if (publicKey != null) {
                    Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm(), "BC");
                    //Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm());

                    cipher.init(Cipher.ENCRYPT_MODE, publicKey);
                    byte[] encryptedKey = cipher.doFinal(contentMasterKey);

                    String encodedEncryptedKey = Base64Util.base64urlencode(encryptedKey);
                    return encodedEncryptedKey;
                } else {
                    throw new InvalidJweException("The RSA public key is null");
                }

            } else if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A128KW
                    || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A256KW) {
                if (sharedSymmetricKey == null) {
                    throw new InvalidJweException("The shared symmetric key is null");
                }
                if (sharedSymmetricKey.length != 16) { // 128 bit
                    MessageDigest sha = MessageDigest.getInstance("SHA-256");
                    sharedSymmetricKey = sha.digest(sharedSymmetricKey);
                    sharedSymmetricKey = Arrays.copyOf(sharedSymmetricKey, 16);
                }

                SecretKeySpec keyEncryptionKey = new SecretKeySpec(sharedSymmetricKey, "AES");
                AESWrapEngine aesWrapEngine = new AESWrapEngine();
                CipherParameters params = new KeyParameter(keyEncryptionKey.getEncoded());
                aesWrapEngine.init(true, params);
                byte[] wrappedKey = aesWrapEngine.wrap(contentMasterKey, 0, contentMasterKey.length);

                String encodedEncryptedKey = Base64Util.base64urlencode(wrappedKey);
                return encodedEncryptedKey;
            } else {
                throw new InvalidJweException("The key encryption algorithm is not supported");
            }
        } catch (NoSuchPaddingException e) {
            throw new InvalidJweException(e);
        } catch (NoSuchAlgorithmException e) {
            throw new InvalidJweException(e);
        } catch (IllegalBlockSizeException e) {
            throw new InvalidJweException(e);
        } catch (BadPaddingException e) {
            throw new InvalidJweException(e);
        } catch (InvalidKeyException e) {
            throw new InvalidJweException(e);
        } catch (NoSuchProviderException e) {
            throw new InvalidJweException(e);
        }
    }

getBlockEncryptionAlgorithm()

BlockEncryptionAlgorithm org.xdi.oxauth.model.jwe.AbstractJweEncrypter.getBlockEncryptionAlgorithm ( )

inlineinherited

                                                                  {
        return blockEncryptionAlgorithm;
    }

getKeyEncryptionAlgorithm()

KeyEncryptionAlgorithm org.xdi.oxauth.model.jwe.AbstractJweEncrypter.getKeyEncryptionAlgorithm ( )

inlineinherited

                                                              {
        return keyEncryptionAlgorithm;
    }

メンバ詳解

publicKey

PublicKey org.xdi.oxauth.model.jwe.JweEncrypterImpl.publicKey

private

sharedSymmetricKey

byte [] org.xdi.oxauth.model.jwe.JweEncrypterImpl.sharedSymmetricKey

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/gluu/src/oxAuth/Model/src/main/java/org/xdi/oxauth/model/jwe/JweEncrypterImpl.java