oltu-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From asa...@apache.org
Subject svn commit: r1731830 - in /oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe: JWE.java encryption/ContentEncryptMethod.java encryption/KeyEncryptMethod.java io/JWEReader.java io/JWEWriter.java
Date Tue, 23 Feb 2016 10:18:57 GMT
Author: asanso
Date: Tue Feb 23 10:18:57 2016
New Revision: 1731830

URL: http://svn.apache.org/viewvc?rev=1731830&view=rev
Log:
OLTU-80 - Implement JWE support for JWT

Removed:
    oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/io/JWEReader.java
    oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/io/JWEWriter.java
Modified:
    oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/JWE.java
    oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/ContentEncryptMethod.java
    oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/KeyEncryptMethod.java

Modified: oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/JWE.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/JWE.java?rev=1731830&r1=1731829&r2=1731830&view=diff
==============================================================================
--- oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/JWE.java (original)
+++ oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/JWE.java Tue Feb 23 10:18:57
2016
@@ -17,6 +17,11 @@
 package org.apache.oltu.jose.jwe;
 
 import org.apache.oltu.commons.json.CustomizableBuilder;
+import org.apache.oltu.jose.jwe.encryption.ContentEncryptMethod;
+import org.apache.oltu.jose.jwe.encryption.DecryptingKey;
+import org.apache.oltu.jose.jwe.encryption.EncryptingKey;
+import org.apache.oltu.jose.jwe.encryption.KeyEncryptMethod;
+import org.apache.oltu.jose.jwe.io.JWEHeaderWriter;
 
 public class JWE {
     
@@ -26,23 +31,79 @@ public class JWE {
     private final Header header;
     
     /**
+     * The JWE encryptedKey.
+     */
+    private final String encryptedKey;
+    
+    /**
      * The JWE Payload.
      */
     private final String payload;
     
-    JWE(Header header, String payload) {
+    /**
+     * The JWE Content Encryption.
+     */
+    private final String contentEncryption;
+    
+    JWE(Header header, String encryptedKey, String payload ,String contentEncryption) {
         this.header = header;
+        this.encryptedKey = encryptedKey;
         this.payload = payload;
+        this.contentEncryption = contentEncryption;
     }
     
     public Header getHeader() {
         return header;
     }
+    
+    public String getEncryptedKey() {
+        return encryptedKey;
+    }
 
     public String getPayload() {
         return payload;
     }
     
+    public String getContentEncryption() {
+        return contentEncryption;
+    }
+    
+    public <EK extends EncryptingKey, DK extends DecryptingKey> boolean acceptAlgorithm(KeyEncryptMethod<EK,
DK> keyEncryptMethod, ContentEncryptMethod<EK, DK> contentEncryptMethod) {
+        if (keyEncryptMethod == null) {
+            throw new IllegalArgumentException("An encrypt method is required in order to
decrypt the content encryption key.");
+        }
+        if (contentEncryptMethod == null) {
+            throw new IllegalArgumentException("An encrypt method is required in order to
decrypt the payload.");
+        }
+        if (header == null || header.getAlgorithm() == null || header.getEncryptionAlgorithm()
== null) {
+            throw new IllegalStateException("JWE token must have a valid JSON header with
specified algorithm.");
+        }
+
+        return header.getAlgorithm().equalsIgnoreCase(keyEncryptMethod.getAlgorithm()) &&
header.getEncryptionAlgorithm().equalsIgnoreCase(contentEncryptMethod.getAlgorithm());
+    }
+    
+    public <EK extends EncryptingKey, DK extends DecryptingKey> String decrypt(KeyEncryptMethod<EK,
DK> keyEncryptMethod,
+            DK decryptingKey, ContentEncryptMethod<EK, DK> contentEncryptMethod) {
       
+        if (!acceptAlgorithm(keyEncryptMethod, contentEncryptMethod)) {
+            throw new IllegalArgumentException("Impossible to decrypt current JWE");
+        }
+        if (decryptingKey == null) {
+            throw new IllegalArgumentException("A decrypting key is required in order to
decrypt the JWE");
+        }
+        
+        if (encryptedKey == null) {
+            throw new IllegalStateException("JWE token must have an encrypted key.");
+        }
+
+        if (contentEncryption == null) {
+            throw new IllegalStateException("JWE token must have a content encryption");
+        }
+        
+        DecryptingKey cek = keyEncryptMethod.decrypt(encryptedKey, decryptingKey);
+        
+        return contentEncryptMethod.decrypt(new JWEHeaderWriter().write(header), contentEncryption,
cek);
+    }
+    
     public static final class Builder extends CustomizableBuilder<JWE> {
         
         /**
@@ -106,10 +167,20 @@ public class JWE {
         private String[] critical;
         
         /**
+         * The JWE encryptedKey.
+         */
+        private String encryptedKey;
+        
+        /**
          * The JWE Payload.
          */
         private String payload;
         
+        /**
+         * The JWE Content Encryption.
+         */
+        private String contentEncryption;
+        
         public Builder setAlgorithm(String algorithm) {
             this.algorithm = algorithm;
             return this;
@@ -165,6 +236,11 @@ public class JWE {
             return this;
         }
 
+        public Builder setEncryptedKey(String encryptedKey) {
+            this.encryptedKey = encryptedKey;
+            return this;
+        }
+        
         public Builder setCritical(String[] critical) {
             this.critical = critical;
             return this;
@@ -174,6 +250,46 @@ public class JWE {
             this.payload = payload;
             return this;
         }
+        
+        public Builder setContentEncryption(String contentEncryption) {
+            this.contentEncryption = contentEncryption;
+            return this;
+        }
+        
+        public <EK extends EncryptingKey, DK extends DecryptingKey> Builder encrypt(KeyEncryptMethod<EK,
DK> keyEncryptMethod,
+                EK encryptingKey, ContentEncryptMethod<EK, DK> contentEncryptMethod)
{
+            if (keyEncryptMethod == null) {
+                throw new IllegalArgumentException("A key encryption method is required in
order to encrypt the content encryption key.");
+            }
+            if (encryptingKey == null) {
+                throw new IllegalArgumentException("An encryption key is required in order
to encrypt the content encryption key.");
+            }
+            if (payload == null) {
+                throw new IllegalStateException("Payload needs to be set in order to encrypt
it.");
+            }
+            if (contentEncryptMethod == null) {
+                throw new IllegalArgumentException("A key encryption method is required in
order to encrypt the payload.");
+            }
+            
+            setAlgorithm(keyEncryptMethod.getAlgorithm());
+            setEncryptionAlgorithm(contentEncryptMethod.getAlgorithm());
+            
+            String header = new JWEHeaderWriter().write(new Header(algorithm,
+                    encryptionAlgorithm,
+                    compressionAlgorithm,
+                    jwkSetUrl,
+                    jsonWebKey,
+                    x509url,
+                    x509CertificateThumbprint,
+                    x509CertificateChain,
+                    keyId, type,
+                    contentType,
+                    critical,
+                    getCustomFields())); 
+            setEncryptedKey(keyEncryptMethod.encrypt(encryptingKey));
+            //TODO
+            return setContentEncryption(contentEncryptMethod.encrypt(header, payload, null));
+        }
 
         @Override
         public JWE build() {
@@ -189,7 +305,9 @@ public class JWE {
                     contentType,
                     critical,
                     getCustomFields()),
-         payload);
+         encryptedKey,
+         payload,
+         contentEncryption);
         }
         
     }

Modified: oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/ContentEncryptMethod.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/ContentEncryptMethod.java?rev=1731830&r1=1731829&r2=1731830&view=diff
==============================================================================
--- oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/ContentEncryptMethod.java
(original)
+++ oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/ContentEncryptMethod.java
Tue Feb 23 10:18:57 2016
@@ -23,9 +23,11 @@ package org.apache.oltu.jose.jwe.encrypt
  * @param <E> the {@link EncryptingKey} type.
  * @param <D> the {@link DecryptingKey} type.
  */
-public interface ContentEncryptMethod <E extends EncryptingKey, D extends DecryptingKey>
 extends EncryptMethod<EncryptingKey, DecryptingKey>{
+public interface ContentEncryptMethod <EK extends EncryptingKey, DK extends DecryptingKey>
 extends EncryptMethod<EncryptingKey, DecryptingKey>{
     
-    String encrypt(String header, String payload, E enryptingKey);
+    String encrypt(String header, String payload, EncryptingKey encryptingKey);
+    
+    String decrypt(String header, String contentEncryption, DecryptingKey decryptingKey);
     
     //TODO add validation??
 }

Modified: oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/KeyEncryptMethod.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/KeyEncryptMethod.java?rev=1731830&r1=1731829&r2=1731830&view=diff
==============================================================================
--- oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/KeyEncryptMethod.java
(original)
+++ oltu/trunk/jose/jwe/src/main/java/org/apache/oltu/jose/jwe/encryption/KeyEncryptMethod.java
Tue Feb 23 10:18:57 2016
@@ -22,11 +22,17 @@ package org.apache.oltu.jose.jwe.encrypt
  * @param <E> the {@link EncryptingKey} type.
  * @param <D> the {@link DecryptingKey} type.
  */
-public interface KeyEncryptMethod  <E extends EncryptingKey, D extends DecryptingKey>
 extends EncryptMethod<EncryptingKey, DecryptingKey> {
-    
+public interface KeyEncryptMethod  <EK extends EncryptingKey, DK extends DecryptingKey>
 extends EncryptMethod<EncryptingKey, DecryptingKey> {
+
     //TODO change to wrap?
-    String encrypt(byte [] cek, E enryptingKey);
-    
+    String encrypt(byte [] cek, EK encryptingKey);
+
+    String encrypt(EK encryptingKey);
+
+    DecryptingKey decrypt(String encryptedKey, DK decryptingKey);
+
+    DecryptingKey decrypt(String encryptedKey);
+
     //TODO add validation??
 
 }



Mime
View raw message