org.xdi.oxauth.model.jwe.JweDecrypterImpl クラス

org.xdi.oxauth.model.jwe.JweDecrypterImpl の継承関係図

org.xdi.oxauth.model.jwe.JweDecrypterImpl 連携図

公開メンバ関数
	JweDecrypterImpl (byte[] sharedSymmetricKey)
	JweDecrypterImpl (RSAPrivateKey rsaPrivateKey)
	JweDecrypterImpl (PrivateKey privateKey)
byte []	decryptEncryptionKey (String encodedEncryptedKey) throws InvalidJweException
String	decryptCipherText (String encodedCipherText, byte[] contentMasterKey, byte[] initializationVector, byte[] authenticationTag, byte[] additionalAuthenticatedData) throws InvalidJweException
KeyEncryptionAlgorithm	getKeyEncryptionAlgorithm ()
void	setKeyEncryptionAlgorithm (KeyEncryptionAlgorithm keyEncryptionAlgorithm)
BlockEncryptionAlgorithm	getBlockEncryptionAlgorithm ()
void	setBlockEncryptionAlgorithm (BlockEncryptionAlgorithm blockEncryptionAlgorithm)
Jwe	decrypt (String encryptedJwe) throws InvalidJweException

非公開変数類
PrivateKey	privateKey
RSAPrivateKey	rsaPrivateKey
byte []	sharedSymmetricKey

詳解

著者

Javier Rojas Blum

バージョン

July 31, 2016

構築子と解体子

JweDecrypterImpl() [1/3]

org.xdi.oxauth.model.jwe.JweDecrypterImpl.JweDecrypterImpl ( byte []  sharedSymmetricKey )

inline

                                                       {
        if (sharedSymmetricKey != null) {
            this.sharedSymmetricKey = sharedSymmetricKey.clone();
        }
    }

JweDecrypterImpl() [2/3]

org.xdi.oxauth.model.jwe.JweDecrypterImpl.JweDecrypterImpl ( RSAPrivateKey  rsaPrivateKey )

inline

                                                         {
        this.rsaPrivateKey = rsaPrivateKey;
    }

JweDecrypterImpl() [3/3]

org.xdi.oxauth.model.jwe.JweDecrypterImpl.JweDecrypterImpl ( PrivateKey  privateKey )

inline

                                                   {
        this.privateKey = privateKey;
    }

関数詳解

decrypt()

Jwe org.xdi.oxauth.model.jwe.AbstractJweDecrypter.decrypt ( String  encryptedJwe ) throws InvalidJweException

inlineinherited

org.xdi.oxauth.model.jwe.JweDecrypterを実装しています。

                                                                       {
        try {
            if (StringUtils.isBlank(encryptedJwe)) {
                return null;
            }

            String[] jweParts = encryptedJwe.split("\\.");
            if (jweParts.length != 5) {
                throw new InvalidJwtException("Invalid JWS format.");
            }

            String encodedHeader = jweParts[0];
            String encodedEncryptedKey = jweParts[1];
            String encodedInitializationVector = jweParts[2];
            String encodedCipherText = jweParts[3];
            String encodedIntegrityValue = jweParts[4];

            Jwe jwe = new Jwe();
            jwe.setEncodedHeader(encodedHeader);
            jwe.setEncodedEncryptedKey(encodedEncryptedKey);
            jwe.setEncodedInitializationVector(encodedInitializationVector);
            jwe.setEncodedCiphertext(encodedCipherText);
            jwe.setEncodedIntegrityValue(encodedIntegrityValue);

            jwe.setHeader(new JwtHeader(encodedHeader));

            keyEncryptionAlgorithm = KeyEncryptionAlgorithm.fromName(
                    jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
            blockEncryptionAlgorithm = BlockEncryptionAlgorithm.fromName(
                    jwe.getHeader().getClaimAsString(JwtHeaderName.ENCRYPTION_METHOD));

            byte[] contentMasterKey = decryptEncryptionKey(encodedEncryptedKey);
            byte[] initializationVector = Base64Util.base64urldecode(encodedInitializationVector);
            byte[] authenticationTag = Base64Util.base64urldecode(encodedIntegrityValue);
            byte[] additionalAuthenticatedData = jwe.getAdditionalAuthenticatedData().getBytes(Util.UTF8_STRING_ENCODING);

            String plainText = decryptCipherText(encodedCipherText, contentMasterKey, initializationVector,
                    authenticationTag, additionalAuthenticatedData);
            jwe.setClaims(new JwtClaims(plainText));

            return jwe;
        } catch (InvalidJwtException e) {
            throw new InvalidJweException(e);
        } catch (UnsupportedEncodingException e) {
            throw new InvalidJweException(e);
        }
    }

decryptCipherText()

String org.xdi.oxauth.model.jwe.JweDecrypterImpl.decryptCipherText ( String  encodedCipherText, byte []  contentMasterKey, byte []  initializationVector, byte []  authenticationTag, byte []  additionalAuthenticatedData  ) throws InvalidJweException

inline

                                                                                                                             {
        if (getBlockEncryptionAlgorithm() == null) {
            throw new InvalidJweException("The block encryption algorithm is null");
        }
        if (contentMasterKey == null) {
            throw new InvalidJweException("The content master key (CMK) is null");
        }
        if (initializationVector == null) {
            throw new InvalidJweException("The initialization vector is null");
        }
        if (authenticationTag == null) {
            throw new InvalidJweException("The authentication tag is null");
        }
        if (additionalAuthenticatedData == null) {
            throw new InvalidJweException("The additional authentication data is null");
        }

        try {
            if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128GCM
                    || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256GCM) {
                final int MAC_SIZE_BITS = 128;
                byte[] cipherText = Base64Util.base64urldecode(encodedCipherText);

                KeyParameter key = new KeyParameter(contentMasterKey);
                AEADParameters aeadParameters = new AEADParameters(key, MAC_SIZE_BITS, initializationVector, additionalAuthenticatedData);
                SecretKeySpec sks = new SecretKeySpec(contentMasterKey, "AES");

                BlockCipher blockCipher = new AESEngine();
                CipherParameters params = new KeyParameter(sks.getEncoded());
                blockCipher.init(false, params);
                GCMBlockCipher aGCMBlockCipher = new GCMBlockCipher(blockCipher);
                aGCMBlockCipher.init(false, aeadParameters);
                byte[] input = new byte[cipherText.length + authenticationTag.length];
                System.arraycopy(cipherText, 0, input, 0, cipherText.length);
                System.arraycopy(authenticationTag, 0, input, cipherText.length, authenticationTag.length);
                int len = aGCMBlockCipher.getOutputSize(input.length);
                byte[] out = new byte[len];
                int outOff = aGCMBlockCipher.processBytes(input, 0, input.length, out, 0);
                aGCMBlockCipher.doFinal(out, outOff);

                String plaintext = new String(out, Charset.forName(Util.UTF8_STRING_ENCODING));

                return plaintext;
            } else if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128CBC_PLUS_HS256
                    || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256CBC_PLUS_HS512) {
                byte[] cipherText = Base64Util.base64urldecode(encodedCipherText);

                byte[] cek = KeyDerivationFunction.generateCek(contentMasterKey, getBlockEncryptionAlgorithm());
                Cipher cipher = Cipher.getInstance(getBlockEncryptionAlgorithm().getAlgorithm());
                IvParameterSpec ivParameter = new IvParameterSpec(initializationVector);
                cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(cek, "AES"), ivParameter);
                byte[] decodedPlainTextBytes = cipher.doFinal(cipherText);
                String decodedPlainText = new String(decodedPlainTextBytes, Charset.forName(Util.UTF8_STRING_ENCODING));

                // Integrity check
                String securedInputValue = new String(additionalAuthenticatedData, Charset.forName(Util.UTF8_STRING_ENCODING))
                        + "." + encodedCipherText;
                byte[] cik = KeyDerivationFunction.generateCik(contentMasterKey, getBlockEncryptionAlgorithm());
                SecretKey secretKey = new SecretKeySpec(cik, getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
                Mac mac = Mac.getInstance(getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
                mac.init(secretKey);
                byte[] integrityValue = mac.doFinal(securedInputValue.getBytes(Util.UTF8_STRING_ENCODING));
                if (!Arrays.equals(integrityValue, authenticationTag)) {
                    throw new InvalidJweException("The authentication tag is not valid");
                }

                return decodedPlainText;
            } else {
                throw new InvalidJweException("The block encryption algorithm is not supported");
            }
        } catch (InvalidCipherTextException e) {
            throw new InvalidJweException(e);
        } catch (NoSuchPaddingException e) {
            throw new InvalidJweException(e);
        } catch (BadPaddingException e) {
            throw new InvalidJweException(e);
        } catch (InvalidAlgorithmParameterException e) {
            throw new InvalidJweException(e);
        } catch (NoSuchAlgorithmException e) {
            throw new InvalidJweException(e);
        } catch (IllegalBlockSizeException e) {
            throw new InvalidJweException(e);
        } catch (UnsupportedEncodingException e) {
            throw new InvalidJweException(e);
        } catch (NoSuchProviderException e) {
            throw new InvalidJweException(e);
        } catch (InvalidKeyException e) {
            throw new InvalidJweException(e);
        } catch (InvalidParameterException e) {
            throw new InvalidJweException(e);
        }
    }

decryptEncryptionKey()

byte [] org.xdi.oxauth.model.jwe.JweDecrypterImpl.decryptEncryptionKey ( String  encodedEncryptedKey ) throws InvalidJweException

inline

                                                                                              {
        if (getKeyEncryptionAlgorithm() == null) {
            throw new InvalidJweException("The key encryption algorithm is null");
        }
        if (encodedEncryptedKey == null) {
            throw new InvalidJweException("The encoded encryption key is null");
        }

        try {
            if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA_OAEP
                    || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA1_5) {
                if (rsaPrivateKey == null && privateKey == null) {
                    throw new InvalidJweException("The RSA private key is null");
                }

                //Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm(), "BC");
                Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm());

                if (rsaPrivateKey != null) {
                    KeyFactory keyFactory = KeyFactory.getInstance(getKeyEncryptionAlgorithm().getFamily(), "BC");
                    RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(rsaPrivateKey.getModulus(), rsaPrivateKey.getPrivateExponent());
                    java.security.interfaces.RSAPrivateKey privKey = (java.security.interfaces.RSAPrivateKey) keyFactory.generatePrivate(privKeySpec);
                    cipher.init(Cipher.DECRYPT_MODE, privKey);
                } else {
                    cipher.init(Cipher.DECRYPT_MODE, privateKey);
                }

                byte[] decryptedKey = cipher.doFinal(Base64Util.base64urldecode(encodedEncryptedKey));

                return decryptedKey;
            } else if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A128KW
                    || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A256KW) {
                if (sharedSymmetricKey == null) {
                    throw new InvalidJweException("The shared symmetric key is null");
                }
                if (sharedSymmetricKey.length != 16) { // 128 bit
                    MessageDigest sha = MessageDigest.getInstance("SHA-256");
                    sharedSymmetricKey = sha.digest(sharedSymmetricKey);
                    sharedSymmetricKey = Arrays.copyOf(sharedSymmetricKey, 16);
                }
                byte[] encryptedKey = Base64Util.base64urldecode(encodedEncryptedKey);
                SecretKeySpec keyEncryptionKey = new SecretKeySpec(sharedSymmetricKey, "AES");
                AESWrapEngine aesWrapEngine = new AESWrapEngine();
                CipherParameters params = new KeyParameter(keyEncryptionKey.getEncoded());
                aesWrapEngine.init(false, params);
                byte[] decryptedKey = aesWrapEngine.unwrap(encryptedKey, 0, encryptedKey.length);

                return decryptedKey;
            } else {
                throw new InvalidJweException("The key encryption algorithm is not supported");
            }
        } catch (NoSuchPaddingException e) {
            throw new InvalidJweException(e);
        } catch (NoSuchAlgorithmException e) {
            throw new InvalidJweException(e);
        } catch (IllegalBlockSizeException e) {
            throw new InvalidJweException(e);
        } catch (BadPaddingException e) {
            throw new InvalidJweException(e);
        } catch (NoSuchProviderException e) {
            throw new InvalidJweException(e);
        } catch (InvalidKeyException e) {
            throw new InvalidJweException(e);
        } catch (InvalidKeySpecException e) {
            throw new InvalidJweException(e);
        } catch (InvalidCipherTextException e) {
            throw new InvalidJweException(e);
        }
    }

getBlockEncryptionAlgorithm()

BlockEncryptionAlgorithm org.xdi.oxauth.model.jwe.AbstractJweDecrypter.getBlockEncryptionAlgorithm ( )

inlineinherited

org.xdi.oxauth.model.jwe.JweDecrypterを実装しています。

                                                                  {
        return blockEncryptionAlgorithm;
    }

getKeyEncryptionAlgorithm()

KeyEncryptionAlgorithm org.xdi.oxauth.model.jwe.AbstractJweDecrypter.getKeyEncryptionAlgorithm ( )

inlineinherited

org.xdi.oxauth.model.jwe.JweDecrypterを実装しています。

                                                              {
        return keyEncryptionAlgorithm;
    }

setBlockEncryptionAlgorithm()

void org.xdi.oxauth.model.jwe.AbstractJweDecrypter.setBlockEncryptionAlgorithm ( BlockEncryptionAlgorithm  blockEncryptionAlgorithm )

inlineinherited

org.xdi.oxauth.model.jwe.JweDecrypterを実装しています。

                                                                                               {
        this.blockEncryptionAlgorithm = blockEncryptionAlgorithm;
    }

setKeyEncryptionAlgorithm()

void org.xdi.oxauth.model.jwe.AbstractJweDecrypter.setKeyEncryptionAlgorithm ( KeyEncryptionAlgorithm  keyEncryptionAlgorithm )

inlineinherited

org.xdi.oxauth.model.jwe.JweDecrypterを実装しています。

                                                                                         {
        this.keyEncryptionAlgorithm = keyEncryptionAlgorithm;
    }

メンバ詳解

privateKey

PrivateKey org.xdi.oxauth.model.jwe.JweDecrypterImpl.privateKey

private

rsaPrivateKey

RSAPrivateKey org.xdi.oxauth.model.jwe.JweDecrypterImpl.rsaPrivateKey

private

sharedSymmetricKey

byte [] org.xdi.oxauth.model.jwe.JweDecrypterImpl.sharedSymmetricKey

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/gluu/src/oxAuth/Model/src/main/java/org/xdi/oxauth/model/jwe/JweDecrypterImpl.java