org.keycloak.jose.jwe.enc.AesCbcHmacShaEncryptionProvider.Aes256CbcHmacSha512Provider の継承関係図

org.keycloak.jose.jwe.enc.AesCbcHmacShaEncryptionProvider.Aes256CbcHmacSha512Provider 連携図

公開メンバ関数
int	getExpectedCEKLength ()

void	encodeJwe (JWE jwe) throws IOException, GeneralSecurityException

void	verifyAndDecodeJwe (JWE jwe) throws IOException, GeneralSecurityException

void	deserializeCEK (JWEKeyStorage keyStorage)

byte []	serializeCEK (JWEKeyStorage keyStorage)

限定公開メンバ関数
int	getExpectedAesKeyLength ()

String	getHmacShaAlgorithm ()

int	getAuthenticationTagLength ()

詳解

関数詳解

◆ deserializeCEK()

void org.keycloak.jose.jwe.enc.AesCbcHmacShaEncryptionProvider.deserializeCEK ( JWEKeyStorage keyStorage )

inlineinherited

org.keycloak.jose.jwe.enc.JWEEncryptionProviderを実装しています。

                                                          {
         byte[] cekBytes = keyStorage.getCekBytes();
 
         int cekLength = getExpectedCEKLength();
         byte[] cekMacKey = Arrays.copyOf(cekBytes, cekLength / 2);
         byte[] cekAesKey = Arrays.copyOfRange(cekBytes, cekLength / 2, cekLength);
 
         SecretKeySpec aesKey = new SecretKeySpec(cekAesKey, "AES");
         SecretKeySpec hmacKey = new SecretKeySpec(cekMacKey, "HMACSHA2");
 
         keyStorage.setCEKKey(aesKey, JWEKeyStorage.KeyUse.ENCRYPTION);
         keyStorage.setCEKKey(hmacKey, JWEKeyStorage.KeyUse.SIGNATURE);
     }

◆ encodeJwe()

void org.keycloak.jose.jwe.enc.AesCbcHmacShaEncryptionProvider.encodeJwe ( JWE jwe ) throws IOException, GeneralSecurityException

inlineinherited

org.keycloak.jose.jwe.enc.JWEEncryptionProviderを実装しています。

                                                                                 {
 
         byte[] contentBytes = jwe.getContent();
 
         byte[] initializationVector = JWEUtils.generateSecret(16);
 
         Key aesKey = jwe.getKeyStorage().getCEKKey(JWEKeyStorage.KeyUse.ENCRYPTION, false);
         if (aesKey == null) {
             throw new IllegalArgumentException("AES CEK key not present");
         }
 
         Key hmacShaKey = jwe.getKeyStorage().getCEKKey(JWEKeyStorage.KeyUse.SIGNATURE, false);
         if (hmacShaKey == null) {
             throw new IllegalArgumentException("HMAC CEK key not present");
         }
 
         int expectedAesKeyLength = getExpectedAesKeyLength();
         if (expectedAesKeyLength != aesKey.getEncoded().length) {
             throw new IllegalStateException("Length of aes key should be " + expectedAesKeyLength +", but was " + aesKey.getEncoded().length);
         }
 
         byte[] cipherBytes = encryptBytes(contentBytes, initializationVector, aesKey);
 
         byte[] aad = jwe.getBase64Header().getBytes("UTF-8");
         byte[] authenticationTag = computeAuthenticationTag(aad, initializationVector, cipherBytes, hmacShaKey);
 
         jwe.setEncryptedContentInfo(initializationVector, cipherBytes, authenticationTag);
     }

◆ getAuthenticationTagLength()

int org.keycloak.jose.jwe.enc.AesCbcHmacShaEncryptionProvider.Aes256CbcHmacSha512Provider.getAuthenticationTagLength ( )

inlineprotected

                                                    {
             return 32;
         }

◆ getExpectedAesKeyLength()

int org.keycloak.jose.jwe.enc.AesCbcHmacShaEncryptionProvider.Aes256CbcHmacSha512Provider.getExpectedAesKeyLength ( )

inlineprotected

                                                 {
             return 32;
         }

◆ getExpectedCEKLength()

int org.keycloak.jose.jwe.enc.AesCbcHmacShaEncryptionProvider.Aes256CbcHmacSha512Provider.getExpectedCEKLength ( )

inline

org.keycloak.jose.jwe.enc.JWEEncryptionProviderを実装しています。

                                           {
             return 64;
         }

◆ getHmacShaAlgorithm()

String org.keycloak.jose.jwe.enc.AesCbcHmacShaEncryptionProvider.Aes256CbcHmacSha512Provider.getHmacShaAlgorithm ( )

inlineprotected

                                                {
             return "HMACSHA512";
         }

◆ serializeCEK()

byte [] org.keycloak.jose.jwe.enc.AesCbcHmacShaEncryptionProvider.serializeCEK ( JWEKeyStorage keyStorage )

inlineinherited

org.keycloak.jose.jwe.enc.JWEEncryptionProviderを実装しています。

                                                          {
         Key aesKey = keyStorage.getCEKKey(JWEKeyStorage.KeyUse.ENCRYPTION, false);
         if (aesKey == null) {
             throw new IllegalArgumentException("AES CEK key not present");
         }
 
         Key hmacShaKey = keyStorage.getCEKKey(JWEKeyStorage.KeyUse.SIGNATURE, false);
         if (hmacShaKey == null) {
             throw new IllegalArgumentException("HMAC CEK key not present");
         }
 
         byte[] hmacBytes = hmacShaKey.getEncoded();
         byte[] aesBytes = aesKey.getEncoded();
 
         byte[] result = new byte[hmacBytes.length + aesBytes.length];
         System.arraycopy(hmacBytes, 0, result, 0, hmacBytes.length);
         System.arraycopy(aesBytes, 0, result, hmacBytes.length, aesBytes.length);
 
         return result;
     }

◆ verifyAndDecodeJwe()

void org.keycloak.jose.jwe.enc.AesCbcHmacShaEncryptionProvider.verifyAndDecodeJwe ( JWE jwe ) throws IOException, GeneralSecurityException

inlineinherited

org.keycloak.jose.jwe.enc.JWEEncryptionProviderを実装しています。

                                                                                          {
         Key aesKey = jwe.getKeyStorage().getCEKKey(JWEKeyStorage.KeyUse.ENCRYPTION, false);
         if (aesKey == null) {
             throw new IllegalArgumentException("AES CEK key not present");
         }
 
         Key hmacShaKey = jwe.getKeyStorage().getCEKKey(JWEKeyStorage.KeyUse.SIGNATURE, false);
         if (hmacShaKey == null) {
             throw new IllegalArgumentException("HMAC CEK key not present");
         }
 
         int expectedAesKeyLength = getExpectedAesKeyLength();
         if (expectedAesKeyLength != aesKey.getEncoded().length) {
             throw new IllegalStateException("Length of aes key should be " + expectedAesKeyLength +", but was " + aesKey.getEncoded().length);
         }
 
         byte[] aad = jwe.getBase64Header().getBytes("UTF-8");
         byte[] authenticationTag = computeAuthenticationTag(aad, jwe.getInitializationVector(), jwe.getEncryptedContent(), hmacShaKey);
 
         byte[] expectedAuthTag = jwe.getAuthenticationTag();
         boolean digitsEqual = MessageDigest.isEqual(expectedAuthTag, authenticationTag);
 
         if (!digitsEqual) {
             throw new IllegalArgumentException("Signature validations failed");
         }
 
         byte[] contentBytes = decryptBytes(jwe.getEncryptedContent(), jwe.getInitializationVector(), aesKey);
 
         jwe.content(contentBytes);
     }

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/jose/jwe/enc/AesCbcHmacShaEncryptionProvider.java

公開メンバ関数

限定公開メンバ関数

詳解

関数詳解

◆ deserializeCEK()

◆ encodeJwe()

◆ getAuthenticationTagLength()

◆ getExpectedAesKeyLength()

◆ getExpectedCEKLength()

◆ getHmacShaAlgorithm()

◆ serializeCEK()

◆ verifyAndDecodeJwe()