• Home
• be.atbash.json
• octopus-jwt-support
• 1.1.0
• source code
• EncryptedJSONJWK.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

be.atbash.ee.security.octopus.jwk.EncryptedJSONJWK Maven / Gradle / Ivy

/*
 * Copyright 2017-2022 Rudy De Busscher (https://www.atbash.be)
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package be.atbash.ee.security.octopus.jwk;

import be.atbash.ee.security.octopus.exception.MissingPasswordException;
import be.atbash.ee.security.octopus.nimbus.jwk.JWK;
import be.atbash.ee.security.octopus.nimbus.jwk.JWKIdentifiers;
import be.atbash.ee.security.octopus.util.EncryptionHelper;
import be.atbash.util.StringUtils;

import javax.json.Json;
import javax.json.JsonObject;
import javax.json.JsonObjectBuilder;
import javax.json.JsonValue;
import java.util.Arrays;
import java.util.List;
import java.util.Map;

/**
 *
 */

public final class EncryptedJSONJWK {

    private static final List GENERAL_NAMES = Arrays.asList(JWKIdentifiers.KEY_TYPE
            , JWKIdentifiers.PUBLIC_KEY_USE, JWKIdentifiers.KEY_OPS, JWKIdentifiers.ALGORITHM, JWKIdentifiers.KEY_ID, JWKIdentifiers.CURVE);

    private EncryptedJSONJWK() {
    }

    public static String encryptedOutput(JWK jwk, char[] password) {
        if (StringUtils.isEmpty(password)) {
            throw new MissingPasswordException(MissingPasswordException.ObjectType.ENCRYPTION, null);
        }
        JsonObject fullJWK = jwk.toJSONObject().build();

        JsonObjectBuilder encryptedJWK = Json.createObjectBuilder();
        JsonObjectBuilder sensitiveProperties = Json.createObjectBuilder();

        for (Map.Entry entry : fullJWK.entrySet()) {
            if (GENERAL_NAMES.contains(entry.getKey())) {
                encryptedJWK.add(entry.getKey(), entry.getValue());
            } else {
                sensitiveProperties.add(entry.getKey(), entry.getValue());
            }
        }

        String json = sensitiveProperties.build().toString();
        encryptedJWK.add(JWKIdentifiers.ENCRYPTION_ALGORITHM, EncryptionHelper.encode(json, password));

        return encryptedJWK.build().toString();
    }
}