• Home
• org.jboss.resteasy
• jose-jwt
• 7.0.0.Alpha3
• source code
• DirectDecrypter.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.jboss.resteasy.jose.jwe.crypto.DirectDecrypter Maven / Gradle / Ivy

package org.jboss.resteasy.jose.jwe.crypto;

import java.nio.charset.StandardCharsets;
import java.util.Base64;

import javax.crypto.SecretKey;

import org.jboss.resteasy.jose.i18n.Messages;
import org.jboss.resteasy.jose.jwe.Algorithm;
import org.jboss.resteasy.jose.jwe.EncryptionMethod;
import org.jboss.resteasy.jose.jwe.JWEHeader;

/**
 * Direct decrypter with a
 * shared symmetric key. This class is thread-safe.
 * 

 * Supports the following JWE algorithms:
 * 
 * 

 * 
DIR
 * 
 * 

 * Supports the following encryption methods:
 * 
 * 

 * 
A128CBC_HS256
 * 
A256CBC_HS512
 * 
A128GCM
 * 
A256GCM
 * 
 *
 * @author Vladimir Dzhuvinov
 * @version $version$ (2013-05-29)
 */
public class DirectDecrypter {
    public static byte[] decrypt(final SecretKey key,
            final JWEHeader readOnlyJWEHeader,
            final String encodedHeader,
            final String encryptedKey,
            final String encodedIv,
            final String encodedCipherText,
            final String encodedAuthTag) {

        // Validate required JWE parts
        if (encryptedKey != null) {

            throw new RuntimeException(Messages.MESSAGES.unexpectedEncryptedKey());
        }

        if (encodedIv == null) {

            throw new RuntimeException(Messages.MESSAGES.initializationVectorMustNotBeNull());
        }

        if (encodedAuthTag == null) {

            throw new RuntimeException(Messages.MESSAGES.authenticationTagMustNotBeNull());
        }

        Algorithm alg = readOnlyJWEHeader.getAlgorithm();

        if (!alg.equals(Algorithm.dir)) {

            throw new RuntimeException(Messages.MESSAGES.unsupportedAlgorithm());
        }

        // Compose the AAD
        byte[] aad = encodedHeader.getBytes(StandardCharsets.UTF_8);
        byte[] iv = Base64.getUrlDecoder().decode(encodedIv);
        byte[] cipherText = Base64.getUrlDecoder().decode(encodedCipherText);
        byte[] authTag = Base64.getUrlDecoder().decode(encodedAuthTag);

        // Decrypt the cipher text according to the JWE enc
        EncryptionMethod enc = readOnlyJWEHeader.getEncryptionMethod();

        byte[] plainText;

        if (enc.equals(EncryptionMethod.A128CBC_HS256) || enc.equals(EncryptionMethod.A256CBC_HS512)) {

            plainText = AESCBC.decryptAuthenticated(key, iv, cipherText, aad, authTag);

        } else if (enc.equals(EncryptionMethod.A128GCM) || enc.equals(EncryptionMethod.A256GCM)) {

            plainText = AESGCM.decrypt(key, iv, cipherText, aad, authTag);

        } else {

            throw new RuntimeException(
                    "Unsupported encryption method, must be A128CBC_HS256, A256CBC_HS512, A128GCM or A128GCM");
        }

        // Apply decompression if requested
        return DeflateHelper.applyDecompression(readOnlyJWEHeader.getCompressionAlgorithm(), plainText);
    }
}