AbstractEncryptionHandler.java
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2013-2016 ForgeRock AS.
*/
package org.forgerock.json.jose.jwe.handlers.encryption;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.forgerock.json.jose.exceptions.JweDecryptionException;
import org.forgerock.json.jose.exceptions.JweEncryptionException;
/**
* A base implementation of an EncryptionHandler that provides common encryption and decryption methods for all
* concrete EncryptionHandler implementations.
*
* @since 2.0.0
* @deprecated Use {@link ContentEncryptionHandler} instead.
*/
@Deprecated
public abstract class AbstractEncryptionHandler implements EncryptionHandler {
private static final Logger LOGGER = Logger.getLogger(AbstractEncryptionHandler.class.getName());
/**
* Encrypts the given plaintext using the specified key with the specified encryption algorithm.
*
* @param algorithm The Java Cryptographic encryption algorithm.
* @param key The encryption key.
* @param data The data to encrypt.
* @return An array of bytes representing the encrypted data.
*/
protected byte[] encrypt(String algorithm, Key key, byte[] data) {
try {
Cipher cipher = Cipher.getInstance(algorithm);
cipher.init(Cipher.ENCRYPT_MODE, key);
return cipher.doFinal(data);
} catch (NoSuchAlgorithmException e) {
throw new JweEncryptionException("Unsupported Encryption Algorithm, " + algorithm, e);
} catch (IllegalBlockSizeException | InvalidKeyException | NoSuchPaddingException | BadPaddingException e) {
throw new JweEncryptionException(e);
}
}
/**
* Encrypts the given plaintext using the specified key and initialisation vector with the specified encryption
* algorithm.
*
* @param algorithm The Java Cryptographic encryption algorithm.
* @param key The encryption key.
* @param initialisationVector The initialisation vector.
* @param data The data to encrypt.
* @return An array of bytes representing the encrypted data.
*/
protected byte[] encrypt(String algorithm, Key key, byte[] initialisationVector, byte[] data) {
try {
Cipher cipher = Cipher.getInstance(algorithm);
SecretKeySpec secretKeySpec = new SecretKeySpec(key.getEncoded(), key.getAlgorithm());
IvParameterSpec ivParameterSpec = new IvParameterSpec(initialisationVector);
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec);
return cipher.doFinal(data);
} catch (NoSuchAlgorithmException e) {
throw new JweEncryptionException("Unsupported Encryption Algorithm, " + algorithm, e);
} catch (IllegalBlockSizeException | InvalidKeyException | NoSuchPaddingException | BadPaddingException
| InvalidAlgorithmParameterException e) {
throw new JweEncryptionException(e);
}
}
/**
* Decrypts the given ciphertext using the private key and with the same encryption algorithm that was used in the
* encryption.
*
* @param algorithm The Java Cryptographic encryption algorithm.
* @param privateKey The private key pair to the public key used in the encryption.
* @param data The ciphertext to decrypt.
* @return An array of bytes representing the decrypted data.
*/
public byte[] decrypt(String algorithm, Key privateKey, byte[] data) {
try {
Cipher cipher = Cipher.getInstance(algorithm);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return cipher.doFinal(data);
} catch (GeneralSecurityException e) {
logDecryptionFailure(e);
throw new JweDecryptionException();
}
}
/**
* Decrypts the given ciphertext using the private key and initialisation vector with the same encryption algorithm
* that was used in the encryption.
*
* @param algorithm The Java Cryptographic encryption algorithm.
* @param key The private key pair to the public key used in the encryption.
* @param initialisationVector The same initialisation vector that was used in the encryption.
* @param data The ciphertext to decrypt.
* @return An array of bytes representing the decrypted data.
*/
protected byte[] decrypt(String algorithm, Key key, byte[] initialisationVector, byte[] data) {
try {
Cipher cipher = Cipher.getInstance(algorithm);
SecretKeySpec secretKeySpec = new SecretKeySpec(key.getEncoded(), key.getAlgorithm());
IvParameterSpec ivParameterSpec = new IvParameterSpec(initialisationVector);
cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivParameterSpec);
return cipher.doFinal(data);
} catch (GeneralSecurityException e) {
logDecryptionFailure(e);
throw new JweDecryptionException();
}
}
/**
* Log the root cause of any decryption error before throwing a generic exception.
*/
private void logDecryptionFailure(Throwable cause) {
if (LOGGER.isLoggable(Level.FINE)) {
LOGGER.log(Level.FINE, "Decryption failed: " + cause, cause);
}
}
}