All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.nimbusds.jose.crypto.factories.DefaultJWEDecrypterFactory Maven / Gradle / Ivy

Go to download

Java library for Javascript Object Signing and Encryption (JOSE) and JSON Web Tokens (JWT)

There is a newer version: 9.47
Show newest version
/*
 * nimbus-jose-jwt
 *
 * Copyright 2012-2016, Connect2id Ltd.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
 * this file except in compliance with the License. You may obtain a copy of the
 * License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed
 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */

package com.nimbusds.jose.crypto.factories;


import java.security.Key;
import java.security.PrivateKey;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.crypto.SecretKey;

import com.nimbusds.jose.*;
import com.nimbusds.jose.crypto.*;
import com.nimbusds.jose.jca.JWEJCAContext;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.proc.JWEDecrypterFactory;
import net.jcip.annotations.ThreadSafe;


/**
 * Default JSON Web Encryption (JWE) decrypter factory.
 *
 * 

Supports all standard JWE algorithms implemented in the * {@link com.nimbusds.jose.crypto} package. * * @author Vladimir Dzhuvinov * @author stisve * @version 2020-03-03 */ @ThreadSafe public class DefaultJWEDecrypterFactory implements JWEDecrypterFactory { /** * The supported JWE algorithms. */ public static final Set SUPPORTED_ALGORITHMS; /** * The supported encryption methods. */ public static final Set SUPPORTED_ENCRYPTION_METHODS; static { Set algs = new LinkedHashSet<>(); algs.addAll(RSADecrypter.SUPPORTED_ALGORITHMS); algs.addAll(ECDHDecrypter.SUPPORTED_ALGORITHMS); algs.addAll(DirectDecrypter.SUPPORTED_ALGORITHMS); algs.addAll(AESDecrypter.SUPPORTED_ALGORITHMS); algs.addAll(PasswordBasedDecrypter.SUPPORTED_ALGORITHMS); SUPPORTED_ALGORITHMS = Collections.unmodifiableSet(algs); Set encs = new LinkedHashSet<>(); encs.addAll(RSADecrypter.SUPPORTED_ENCRYPTION_METHODS); encs.addAll(ECDHDecrypter.SUPPORTED_ENCRYPTION_METHODS); encs.addAll(DirectDecrypter.SUPPORTED_ENCRYPTION_METHODS); encs.addAll(AESDecrypter.SUPPORTED_ENCRYPTION_METHODS); encs.addAll(PasswordBasedDecrypter.SUPPORTED_ENCRYPTION_METHODS); SUPPORTED_ENCRYPTION_METHODS = Collections.unmodifiableSet(encs); } /** * The JWE JCA context. */ private final JWEJCAContext jcaContext = new JWEJCAContext(); @Override public Set supportedJWEAlgorithms() { return SUPPORTED_ALGORITHMS; } @Override public Set supportedEncryptionMethods() { return SUPPORTED_ENCRYPTION_METHODS; } @Override public JWEJCAContext getJCAContext() { return jcaContext; } @Override public JWEDecrypter createJWEDecrypter(final JWEHeader header, final Key key) throws JOSEException { final JWEDecrypter decrypter; if (RSADecrypter.SUPPORTED_ALGORITHMS.contains(header.getAlgorithm()) && RSADecrypter.SUPPORTED_ENCRYPTION_METHODS.contains(header.getEncryptionMethod())) { if (!(key instanceof PrivateKey && key instanceof RSAKey)) { throw new KeyTypeException(PrivateKey.class, RSAKey.class); } PrivateKey rsaPrivateKey = (PrivateKey)key; decrypter = new RSADecrypter(rsaPrivateKey); } else if (ECDHDecrypter.SUPPORTED_ALGORITHMS.contains(header.getAlgorithm()) && ECDHDecrypter.SUPPORTED_ENCRYPTION_METHODS.contains(header.getEncryptionMethod())) { if (!(key instanceof PrivateKey && key instanceof ECKey)) { throw new KeyTypeException(PrivateKey.class, ECKey.class); } PrivateKey ecPrivateKey = (PrivateKey)key; Curve curve = Curve.forECParameterSpec(((ECKey)key).getParams()); decrypter = new ECDHDecrypter(ecPrivateKey, null, curve); } else if (DirectDecrypter.SUPPORTED_ALGORITHMS.contains(header.getAlgorithm()) && DirectDecrypter.SUPPORTED_ENCRYPTION_METHODS.contains(header.getEncryptionMethod())) { if (!(key instanceof SecretKey)) { throw new KeyTypeException(SecretKey.class); } SecretKey aesKey = (SecretKey)key; DirectDecrypter directDecrypter = new DirectDecrypter(aesKey); if (! directDecrypter.supportedEncryptionMethods().contains(header.getEncryptionMethod())) { throw new KeyLengthException(header.getEncryptionMethod().cekBitLength(), header.getEncryptionMethod()); } decrypter = directDecrypter; } else if (AESDecrypter.SUPPORTED_ALGORITHMS.contains(header.getAlgorithm()) && AESDecrypter.SUPPORTED_ENCRYPTION_METHODS.contains(header.getEncryptionMethod())) { if (!(key instanceof SecretKey)) { throw new KeyTypeException(SecretKey.class); } SecretKey aesKey = (SecretKey)key; AESDecrypter aesDecrypter = new AESDecrypter(aesKey); if (! aesDecrypter.supportedJWEAlgorithms().contains(header.getAlgorithm())) { throw new KeyLengthException(header.getAlgorithm()); } decrypter = aesDecrypter; } else if (PasswordBasedDecrypter.SUPPORTED_ALGORITHMS.contains(header.getAlgorithm()) && PasswordBasedDecrypter.SUPPORTED_ENCRYPTION_METHODS.contains(header.getEncryptionMethod())) { if (!(key instanceof SecretKey)) { throw new KeyTypeException(SecretKey.class); } byte[] password = key.getEncoded(); decrypter = new PasswordBasedDecrypter(password); } else { throw new JOSEException("Unsupported JWE algorithm or encryption method"); } // Apply JCA context decrypter.getJCAContext().setSecureRandom(jcaContext.getSecureRandom()); decrypter.getJCAContext().setProvider(jcaContext.getProvider()); decrypter.getJCAContext().setKeyEncryptionProvider(jcaContext.getKeyEncryptionProvider()); decrypter.getJCAContext().setMACProvider(jcaContext.getMACProvider()); decrypter.getJCAContext().setContentEncryptionProvider(jcaContext.getContentEncryptionProvider()); return decrypter; } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy