• Home
• com.liferay
• com.liferay.mail.outlook.auth.connector.provider
• 1.0.14
• source code
• SIVAESBasedPairwiseSubjectCodec.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.nimbusds.openid.connect.sdk.id.SIVAESBasedPairwiseSubjectCodec Maven / Gradle / Ivy

/*
 * oauth2-oidc-sdk
 *
 * Copyright 2012-2016, Connect2id Ltd and contributors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
 * this file except in compliance with the License. You may obtain a copy of the
 * License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed
 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */

package com.nimbusds.openid.connect.sdk.id;


import java.util.AbstractMap;
import java.util.Map;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.ByteUtils;
import com.nimbusds.oauth2.sdk.id.Subject;
import net.jcip.annotations.ThreadSafe;
import org.cryptomator.siv.SivMode;


/**
 * SIV AES - based encoder / decoder of pairwise subject identifiers. Requires
 * a 256, 384, or 512-bit secret key. Reversal is supported.
 *
 * 
The plain text is formatted as follows ('|' as delimiter):
 *
 * 
 * sector_id|local_sub
 * 
 *
 * 
The encoder can be configured to pad the local subject up to a certain
 * string length, typically the maximum expected length of the local subject
 * identifiers, to ensure the output pairwise subject identifiers are output
 * with a length that is uniform and doesn't vary with the local subject
 * identifier length. This is intended as an additional measure against leaking
 * end-user information and hence correlation. Note that local subjects that
 * are longer than the configured length will appear as proportionally longer
 * pairwise identifiers.
 *
 * 
Pad local subjects that are shorter than 50 characters in length:
 *
 * 
 * new SIVAESBasedPairwiseSubjectCodec(secretKey, 50);
 * 
 *
 * 
Related specifications:
 *
 * 

 *     
Synthetic Initialization Vector (SIV) Authenticated Encryption Using
 *         the Advanced Encryption Standard (AES) (RFC 5297).
 *     
OpenID Connect Core 1.0, section 8.1.
 * 
 */
@ThreadSafe
public class SIVAESBasedPairwiseSubjectCodec extends PairwiseSubjectCodec {
	
	
	/**
	 * The AES SIV crypto engine.
	 */
	private static final SivMode AES_SIV = new SivMode();
	
	
	/**
	 * The AES CTR key (1st half).
	 */
	private final byte[] aesCtrKey;
	
	
	/**
	 * The MAC key (2nd half).
	 */
	private final byte[] macKey;
	
	
	/**
	 * Pads the local subject to the specified length, -1 for no padding.
	 */
	private final int padSubjectToLength;
	
	
	/**
	 * Creates a new SIV AES - based codec for pairwise subject
	 * identifiers. Local subjects are not padded up to a certain length.
	 *
	 * @param secretKey A 256, 384, or 512-bit secret key. Must not be
	 *                  {@code null}.
	 */
	public SIVAESBasedPairwiseSubjectCodec(final SecretKey secretKey) {
		this(secretKey, -1);
	}
	
	
	/**
	 * Creates a new SIV AES - based codec for pairwise subject
	 * identifiers.
	 *
	 * @param secretKey          A 256, 384, or 512-bit secret key. Must
	 *                           not be {@code null}.
	 * @param padSubjectToLength Pads the local subject to the specified
	 *                           length, -1 (negative integer) for no
	 *                           padding.
	 */
	public SIVAESBasedPairwiseSubjectCodec(final SecretKey secretKey,
					       final int padSubjectToLength) {
		super(null);
		
		if (secretKey == null) {
			throw new IllegalArgumentException("The SIV AES secret key must not be null");
		}
		
		byte[] keyBytes = secretKey.getEncoded();
		
		switch (keyBytes.length) {
			case 32:
				aesCtrKey = ByteUtils.subArray(keyBytes, 0, 16);
				macKey = ByteUtils.subArray(keyBytes, 16, 16);
				break;
			case 48:
				aesCtrKey = ByteUtils.subArray(keyBytes, 0, 24);
				macKey = ByteUtils.subArray(keyBytes, 24, 24);
				break;
			case 64:
				aesCtrKey = ByteUtils.subArray(keyBytes, 0, 32);
				macKey = ByteUtils.subArray(keyBytes, 32, 32);
				break;
			default:
				throw new IllegalArgumentException("The SIV AES secret key length must be 256, 384 or 512 bits");
		}
		
		this.padSubjectToLength = padSubjectToLength;
	}
	
	
	/**
	 * Returns the secret key.
	 *
	 * @return The key.
	 */
	public SecretKey getSecretKey() {
		
		return new SecretKeySpec(ByteUtils.concat(aesCtrKey, macKey), "AES");
	}
	
	
	/**
	 * Returns the optional padded string length of local subjects.
	 *
	 * @return The padding string length, -1 (negative integer) for no
	 *         padding.
	 */
	public int getPadSubjectToLength() {
		
		return padSubjectToLength;
	}
	
	
	private static String escapeSeparator(final String s) {
		
		return s.replace("|", "\\|");
	}
	
	
	@Override
	public Subject encode(final SectorID sectorID, final Subject localSub) {
		
		// Escape separator chars
		final String escapedSectorIDString = escapeSeparator(sectorID.getValue());
		final String escapedLocalSub = escapeSeparator(localSub.getValue());
		
		StringBuilder optionalPadding = new StringBuilder();
		
		if (padSubjectToLength > 0) {
			// Apply padding
			int paddingLength = padSubjectToLength - escapedLocalSub.length();
			
			if (paddingLength == 1) {
				
				optionalPadding = new StringBuilder("|");
				
			} else if (paddingLength > 1) {
				
				optionalPadding = new StringBuilder("|");
				int i = paddingLength;
				while (--i > 0) {
					optionalPadding.append("0"); // pad with 0
				}
			}
		}
		
		// Join parameters, delimited by '|'
		final String plainTextString = (escapedSectorIDString + '|' + escapedLocalSub + optionalPadding);
		
		byte[] plainText = plainTextString.getBytes(CHARSET);
		byte[] cipherText = AES_SIV.encrypt(aesCtrKey, macKey, plainText);
		return new Subject(Base64URL.encode(cipherText).toString());
	}
	
	
	@Override
	public Map.Entry decode(final Subject pairwiseSubject)
		throws InvalidPairwiseSubjectException {
		
		byte[] cipherText = new Base64URL(pairwiseSubject.getValue()).decode();
		
		byte[] plainText;
		try {
			plainText  = AES_SIV.decrypt(aesCtrKey, macKey, cipherText);
		} catch (Exception e) {
			throw new InvalidPairwiseSubjectException("Decryption failed: " + e.getMessage(), e);
		}
		
		// Split along the '|' delimiter
		String[] parts = new String(plainText, CHARSET).split("(? 3) {
			throw new InvalidPairwiseSubjectException("Invalid format: Unexpected number of tokens: " + parts.length);
		}
		
		return new AbstractMap.SimpleImmutableEntry<>(new SectorID(parts[0]), new Subject(parts[1]));
	}
}