You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oltu.apache.org by as...@apache.org on 2016/02/23 11:18:57 UTC
svn commit: r1731830 - in
/oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe: JWE.java
encryption/ContentEncryptMethod.java encryption/KeyEncryptMethod.java
io/JWEReader.java io/JWEWriter.java
Author: asanso
Date: Tue Feb 23 10:18:57 2016
New Revision: 1731830
URL: http://svn.apache.org/viewvc?rev=1731830&view=rev
Log:
OLTU-80 - Implement JWE support for JWT
Removed:
oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/io/JWEReader.java
oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/io/JWEWriter.java
Modified:
oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/JWE.java
oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/ContentEncryptMethod.java
oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/KeyEncryptMethod.java
Modified: oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/JWE.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/JWE.java?rev=1731830&r1=1731829&r2=1731830&view=diff
==============================================================================
--- oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/JWE.java (original)
+++ oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/JWE.java Tue Feb 23 10:18:57 2016
@@ -17,6 +17,11 @@
package org.apache.oltu.jose.jwe;
import org.apache.oltu.commons.json.CustomizableBuilder;
+import org.apache.oltu.jose.jwe.encryption.ContentEncryptMethod;
+import org.apache.oltu.jose.jwe.encryption.DecryptingKey;
+import org.apache.oltu.jose.jwe.encryption.EncryptingKey;
+import org.apache.oltu.jose.jwe.encryption.KeyEncryptMethod;
+import org.apache.oltu.jose.jwe.io.JWEHeaderWriter;
public class JWE {
@@ -26,23 +31,79 @@ public class JWE {
private final Header header;
/**
+ * The JWE encryptedKey.
+ */
+ private final String encryptedKey;
+
+ /**
* The JWE Payload.
*/
private final String payload;
- JWE(Header header, String payload) {
+ /**
+ * The JWE Content Encryption.
+ */
+ private final String contentEncryption;
+
+ JWE(Header header, String encryptedKey, String payload ,String contentEncryption) {
this.header = header;
+ this.encryptedKey = encryptedKey;
this.payload = payload;
+ this.contentEncryption = contentEncryption;
}
public Header getHeader() {
return header;
}
+
+ public String getEncryptedKey() {
+ return encryptedKey;
+ }
public String getPayload() {
return payload;
}
+ public String getContentEncryption() {
+ return contentEncryption;
+ }
+
+ public <EK extends EncryptingKey, DK extends DecryptingKey> boolean acceptAlgorithm(KeyEncryptMethod<EK, DK> keyEncryptMethod, ContentEncryptMethod<EK, DK> contentEncryptMethod) {
+ if (keyEncryptMethod == null) {
+ throw new IllegalArgumentException("An encrypt method is required in order to decrypt the content encryption key.");
+ }
+ if (contentEncryptMethod == null) {
+ throw new IllegalArgumentException("An encrypt method is required in order to decrypt the payload.");
+ }
+ if (header == null || header.getAlgorithm() == null || header.getEncryptionAlgorithm() == null) {
+ throw new IllegalStateException("JWE token must have a valid JSON header with specified algorithm.");
+ }
+
+ return header.getAlgorithm().equalsIgnoreCase(keyEncryptMethod.getAlgorithm()) && header.getEncryptionAlgorithm().equalsIgnoreCase(contentEncryptMethod.getAlgorithm());
+ }
+
+ public <EK extends EncryptingKey, DK extends DecryptingKey> String decrypt(KeyEncryptMethod<EK, DK> keyEncryptMethod,
+ DK decryptingKey, ContentEncryptMethod<EK, DK> contentEncryptMethod) {
+ if (!acceptAlgorithm(keyEncryptMethod, contentEncryptMethod)) {
+ throw new IllegalArgumentException("Impossible to decrypt current JWE");
+ }
+ if (decryptingKey == null) {
+ throw new IllegalArgumentException("A decrypting key is required in order to decrypt the JWE");
+ }
+
+ if (encryptedKey == null) {
+ throw new IllegalStateException("JWE token must have an encrypted key.");
+ }
+
+ if (contentEncryption == null) {
+ throw new IllegalStateException("JWE token must have a content encryption");
+ }
+
+ DecryptingKey cek = keyEncryptMethod.decrypt(encryptedKey, decryptingKey);
+
+ return contentEncryptMethod.decrypt(new JWEHeaderWriter().write(header), contentEncryption, cek);
+ }
+
public static final class Builder extends CustomizableBuilder<JWE> {
/**
@@ -106,10 +167,20 @@ public class JWE {
private String[] critical;
/**
+ * The JWE encryptedKey.
+ */
+ private String encryptedKey;
+
+ /**
* The JWE Payload.
*/
private String payload;
+ /**
+ * The JWE Content Encryption.
+ */
+ private String contentEncryption;
+
public Builder setAlgorithm(String algorithm) {
this.algorithm = algorithm;
return this;
@@ -165,6 +236,11 @@ public class JWE {
return this;
}
+ public Builder setEncryptedKey(String encryptedKey) {
+ this.encryptedKey = encryptedKey;
+ return this;
+ }
+
public Builder setCritical(String[] critical) {
this.critical = critical;
return this;
@@ -174,6 +250,46 @@ public class JWE {
this.payload = payload;
return this;
}
+
+ public Builder setContentEncryption(String contentEncryption) {
+ this.contentEncryption = contentEncryption;
+ return this;
+ }
+
+ public <EK extends EncryptingKey, DK extends DecryptingKey> Builder encrypt(KeyEncryptMethod<EK, DK> keyEncryptMethod,
+ EK encryptingKey, ContentEncryptMethod<EK, DK> contentEncryptMethod) {
+ if (keyEncryptMethod == null) {
+ throw new IllegalArgumentException("A key encryption method is required in order to encrypt the content encryption key.");
+ }
+ if (encryptingKey == null) {
+ throw new IllegalArgumentException("An encryption key is required in order to encrypt the content encryption key.");
+ }
+ if (payload == null) {
+ throw new IllegalStateException("Payload needs to be set in order to encrypt it.");
+ }
+ if (contentEncryptMethod == null) {
+ throw new IllegalArgumentException("A key encryption method is required in order to encrypt the payload.");
+ }
+
+ setAlgorithm(keyEncryptMethod.getAlgorithm());
+ setEncryptionAlgorithm(contentEncryptMethod.getAlgorithm());
+
+ String header = new JWEHeaderWriter().write(new Header(algorithm,
+ encryptionAlgorithm,
+ compressionAlgorithm,
+ jwkSetUrl,
+ jsonWebKey,
+ x509url,
+ x509CertificateThumbprint,
+ x509CertificateChain,
+ keyId, type,
+ contentType,
+ critical,
+ getCustomFields()));
+ setEncryptedKey(keyEncryptMethod.encrypt(encryptingKey));
+ //TODO
+ return setContentEncryption(contentEncryptMethod.encrypt(header, payload, null));
+ }
@Override
public JWE build() {
@@ -189,7 +305,9 @@ public class JWE {
contentType,
critical,
getCustomFields()),
- payload);
+ encryptedKey,
+ payload,
+ contentEncryption);
}
}
Modified: oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/ContentEncryptMethod.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/ContentEncryptMethod.java?rev=1731830&r1=1731829&r2=1731830&view=diff
==============================================================================
--- oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/ContentEncryptMethod.java (original)
+++ oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/ContentEncryptMethod.java Tue Feb 23 10:18:57 2016
@@ -23,9 +23,11 @@ package org.apache.oltu.jose.jwe.encrypt
* @param <E> the {@link EncryptingKey} type.
* @param <D> the {@link DecryptingKey} type.
*/
-public interface ContentEncryptMethod <E extends EncryptingKey, D extends DecryptingKey> extends EncryptMethod<EncryptingKey, DecryptingKey>{
+public interface ContentEncryptMethod <EK extends EncryptingKey, DK extends DecryptingKey> extends EncryptMethod<EncryptingKey, DecryptingKey>{
- String encrypt(String header, String payload, E enryptingKey);
+ String encrypt(String header, String payload, EncryptingKey encryptingKey);
+
+ String decrypt(String header, String contentEncryption, DecryptingKey decryptingKey);
//TODO add validation??
}
Modified: oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/KeyEncryptMethod.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/KeyEncryptMethod.java?rev=1731830&r1=1731829&r2=1731830&view=diff
==============================================================================
--- oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/KeyEncryptMethod.java (original)
+++ oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/KeyEncryptMethod.java Tue Feb 23 10:18:57 2016
@@ -22,11 +22,17 @@ package org.apache.oltu.jose.jwe.encrypt
* @param <E> the {@link EncryptingKey} type.
* @param <D> the {@link DecryptingKey} type.
*/
-public interface KeyEncryptMethod <E extends EncryptingKey, D extends DecryptingKey> extends EncryptMethod<EncryptingKey, DecryptingKey> {
-
+public interface KeyEncryptMethod <EK extends EncryptingKey, DK extends DecryptingKey> extends EncryptMethod<EncryptingKey, DecryptingKey> {
+
//TODO change to wrap?
- String encrypt(byte [] cek, E enryptingKey);
-
+ String encrypt(byte [] cek, EK encryptingKey);
+
+ String encrypt(EK encryptingKey);
+
+ DecryptingKey decrypt(String encryptedKey, DK decryptingKey);
+
+ DecryptingKey decrypt(String encryptedKey);
+
//TODO add validation??
}