org.keycloak.jose.jwe.JWE 連携図

公開メンバ関数
JWE	header (JWEHeader header)

String	getBase64Header () throws IOException

JWEKeyStorage	getKeyStorage ()

byte []	getInitializationVector ()

JWE	content (byte[] content)

byte []	getContent ()

byte []	getEncryptedContent ()

byte []	getAuthenticationTag ()

void	setEncryptedContentInfo (byte[] initializationVector, byte[] encryptedContent, byte[] authenticationTag)

String	encodeJwe () throws JWEException

JWE	verifyAndDecodeJwe (String jweStr) throws JWEException

静的公開メンバ関数
static String	encryptUTF8 (String password, String saltString, String payload)

static String	encrypt (String password, String saltString, byte[] payload)

static byte []	decrypt (String password, String saltString, String encodedJwe)

static String	decryptUTF8 (String password, String saltString, String encodedJwe)

関数
JWEHeader	getHeader ()

静的関数
	[static initializer]

非公開メンバ関数
String	getEncodedJweString ()

非公開変数類
JWEHeader	header

String	base64Header

JWEKeyStorage	keyStorage = new JWEKeyStorage()

String	base64Cek

byte []	initializationVector

byte []	content

byte []	encryptedContent

byte []	authenticationTag

詳解

著者: Marek Posolda

関数詳解

◆ [static initializer]()

org.keycloak.jose.jwe.JWE.[static initializer] ( )

inlinestaticpackage

◆ content()

JWE org.keycloak.jose.jwe.JWE.content ( byte [] content )

inline

                                        {
         this.content = content;
         return this;
     }

◆ decrypt()

static byte [] org.keycloak.jose.jwe.JWE.decrypt	(	String	password,
		String	saltString,
		String	encodedJwe
	)

inlinestatic

                                                                                         {
         try {
             byte[] salt = Base64.decode(saltString);
             SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
             KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 100, 128);
             SecretKey tmp = factory.generateSecret(spec);
             SecretKey aesKey = new SecretKeySpec(tmp.getEncoded(), "AES");
 
             JWE jwe = new JWE();
             jwe.getKeyStorage()
                     .setEncryptionKey(aesKey);
 
             jwe.verifyAndDecodeJwe(encodedJwe);
             return jwe.getContent();
         } catch (Exception e) {
             throw new RuntimeException(e);
         }
     }

◆ decryptUTF8()

static String org.keycloak.jose.jwe.JWE.decryptUTF8	(	String	password,
		String	saltString,
		String	encodedJwe
	)

inlinestatic

                                                                                             {
         byte[] payload = decrypt(password, saltString, encodedJwe);
         try {
             return new String(payload, "UTF-8");
         } catch (UnsupportedEncodingException e) {
             throw new RuntimeException(e);
         }
     }

◆ encodeJwe()

String org.keycloak.jose.jwe.JWE.encodeJwe ( ) throws JWEException

inline

                                                   {
         try {
             if (header == null) {
                 throw new IllegalStateException("Header must be set");
             }
             if (content == null) {
                 throw new IllegalStateException("Content must be set");
             }
 
             JWEAlgorithmProvider algorithmProvider = JWERegistry.getAlgProvider(header.getAlgorithm());
             if (algorithmProvider == null) {
                 throw new IllegalArgumentException("No provider for alg '" + header.getAlgorithm() + "'");
             }
 
             JWEEncryptionProvider encryptionProvider = JWERegistry.getEncProvider(header.getEncryptionAlgorithm());
             if (encryptionProvider == null) {
                 throw new IllegalArgumentException("No provider for enc '" + header.getAlgorithm() + "'");
             }
 
             keyStorage.setEncryptionProvider(encryptionProvider);
             keyStorage.getCEKKey(JWEKeyStorage.KeyUse.ENCRYPTION, true); // Will generate CEK if it's not already present
 
             byte[] encodedCEK = algorithmProvider.encodeCek(encryptionProvider, keyStorage, keyStorage.getEncryptionKey());
             base64Cek = Base64Url.encode(encodedCEK);
 
             encryptionProvider.encodeJwe(this);
 
             return getEncodedJweString();
         } catch (Exception e) {
             throw new JWEException(e);
         }
     }

◆ encrypt()

static String org.keycloak.jose.jwe.JWE.encrypt	(	String	password,
		String	saltString,
		byte []	payload
	)

inlinestatic

                                                                                      {
         try {
             byte[] salt = Base64.decode(saltString);
             SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
             KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 100, 128);
             SecretKey tmp = factory.generateSecret(spec);
             SecretKey aesKey = new SecretKeySpec(tmp.getEncoded(), "AES");
 
             JWEHeader jweHeader = new JWEHeader(JWEConstants.A128KW, JWEConstants.A128CBC_HS256, null);
             JWE jwe = new JWE()
                     .header(jweHeader)
                     .content(payload);
 
             jwe.getKeyStorage()
                     .setEncryptionKey(aesKey);
 
             return jwe.encodeJwe();
         } catch (Exception e) {
             throw new RuntimeException(e);
         }
     }

◆ encryptUTF8()

static String org.keycloak.jose.jwe.JWE.encryptUTF8	(	String	password,
		String	saltString,
		String	payload
	)

inlinestatic

                                                                                          {
         byte[] bytes = null;
         try {
             bytes = payload.getBytes("UTF-8");
         } catch (UnsupportedEncodingException e) {
             throw new RuntimeException(e);
         }
         return encrypt(password, saltString, bytes);
 
     }

◆ getAuthenticationTag()

byte [] org.keycloak.jose.jwe.JWE.getAuthenticationTag ( )

inline

                                          {
         return authenticationTag;
     }

◆ getBase64Header()

String org.keycloak.jose.jwe.JWE.getBase64Header ( ) throws IOException

inline

                                                        {
         if (base64Header == null && header != null) {
             byte[] contentBytes = JsonSerialization.writeValueAsBytes(header);
             base64Header = Base64Url.encode(contentBytes);
         }
         return base64Header;
     }

◆ getContent()

byte [] org.keycloak.jose.jwe.JWE.getContent ( )

inline

                                {
         return content;
     }

◆ getEncodedJweString()

String org.keycloak.jose.jwe.JWE.getEncodedJweString ( )

inlineprivate

                                          {
         StringBuilder builder = new StringBuilder();
         builder.append(base64Header).append(".")
                 .append(base64Cek).append(".")
                 .append(Base64Url.encode(initializationVector)).append(".")
                 .append(Base64Url.encode(encryptedContent)).append(".")
                 .append(Base64Url.encode(authenticationTag));
 
         return builder.toString();
     }

◆ getEncryptedContent()

byte [] org.keycloak.jose.jwe.JWE.getEncryptedContent ( )

inline

                                         {
         return encryptedContent;
     }

◆ getHeader()

JWEHeader org.keycloak.jose.jwe.JWE.getHeader ( )

inlinepackage

                           {
         if (header == null && base64Header != null) {
             try {
                 byte[] decodedHeader = Base64Url.decode(base64Header);
                 header = JsonSerialization.readValue(decodedHeader, JWEHeader.class);
             } catch (IOException ioe) {
                 throw new RuntimeException(ioe);
             }
         }
         return header;
     }

◆ getInitializationVector()

byte [] org.keycloak.jose.jwe.JWE.getInitializationVector ( )

inline

                                             {
         return initializationVector;
     }

◆ getKeyStorage()

JWEKeyStorage org.keycloak.jose.jwe.JWE.getKeyStorage ( )

inline

                                          {
         return keyStorage;
     }

◆ header()

JWE org.keycloak.jose.jwe.JWE.header ( JWEHeader header )

inline

                                         {
         this.header = header;
         this.base64Header = null;
         return this;
     }

◆ setEncryptedContentInfo()

void org.keycloak.jose.jwe.JWE.setEncryptedContentInfo	(	byte []	initializationVector,
		byte []	encryptedContent,
		byte []	authenticationTag
	)

inline

                                                                                                                         {
         this.initializationVector = initializationVector;
         this.encryptedContent = encryptedContent;
         this.authenticationTag = authenticationTag;
     }

◆ verifyAndDecodeJwe()

JWE org.keycloak.jose.jwe.JWE.verifyAndDecodeJwe ( String jweStr ) throws JWEException

inline

                                                                      {
         try {
             String[] parts = jweStr.split("\\.");
             if (parts.length != 5) {
                 throw new IllegalStateException("Not a JWE String");
             }
 
             this.base64Header = parts[0];
             this.base64Cek = parts[1];
             this.initializationVector = Base64Url.decode(parts[2]);
             this.encryptedContent = Base64Url.decode(parts[3]);
             this.authenticationTag = Base64Url.decode(parts[4]);
 
             this.header = getHeader();
             JWEAlgorithmProvider algorithmProvider = JWERegistry.getAlgProvider(header.getAlgorithm());
             if (algorithmProvider == null) {
                 throw new IllegalArgumentException("No provider for alg '" + header.getAlgorithm() + "'");
             }
 
             JWEEncryptionProvider encryptionProvider = JWERegistry.getEncProvider(header.getEncryptionAlgorithm());
             if (encryptionProvider == null) {
                 throw new IllegalArgumentException("No provider for enc '" + header.getAlgorithm() + "'");
             }
 
             keyStorage.setEncryptionProvider(encryptionProvider);
 
             byte[] decodedCek = algorithmProvider.decodeCek(Base64Url.decode(base64Cek), keyStorage.getEncryptionKey());
             keyStorage.setCEKBytes(decodedCek);
 
             encryptionProvider.verifyAndDecodeJwe(this);
 
             return this;
         } catch (Exception e) {
             throw new JWEException(e);
         }
     }

メンバ詳解

◆ authenticationTag

byte [] org.keycloak.jose.jwe.JWE.authenticationTag

private

◆ base64Cek

String org.keycloak.jose.jwe.JWE.base64Cek

private

◆ base64Header

String org.keycloak.jose.jwe.JWE.base64Header

private

◆ content

byte [] org.keycloak.jose.jwe.JWE.content

private

◆ encryptedContent

byte [] org.keycloak.jose.jwe.JWE.encryptedContent

private

◆ header

JWEHeader org.keycloak.jose.jwe.JWE.header

private

◆ initializationVector

byte [] org.keycloak.jose.jwe.JWE.initializationVector

private

◆ keyStorage

JWEKeyStorage org.keycloak.jose.jwe.JWE.keyStorage = new JWEKeyStorage()

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/jose/jwe/JWE.java

公開メンバ関数

静的公開メンバ関数

関数

静的関数

非公開メンバ関数

非公開変数類

詳解

関数詳解

◆ [static initializer]()

◆ content()

◆ decrypt()

◆ decryptUTF8()

◆ encodeJwe()

◆ encrypt()

◆ encryptUTF8()

◆ getAuthenticationTag()

◆ getBase64Header()

◆ getContent()

◆ getEncodedJweString()

◆ getEncryptedContent()

◆ getHeader()

◆ getInitializationVector()

◆ getKeyStorage()

◆ header()

◆ setEncryptedContentInfo()

◆ verifyAndDecodeJwe()

メンバ詳解

◆ authenticationTag

◆ base64Cek

◆ base64Header

◆ content

◆ encryptedContent

◆ header

◆ initializationVector

◆ keyStorage