View Javadoc
1   /*
2    * The contents of this file are subject to the terms of the Common Development and
3    * Distribution License (the License). You may not use this file except in compliance with the
4    * License.
5    *
6    * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
7    * specific language governing permission and limitations under the License.
8    *
9    * When distributing Covered Software, include this CDDL Header Notice in each file and include
10   * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
11   * Header, with the fields enclosed by brackets [] replaced by your own identifying
12   * information: "Portions copyright [year] [name of copyright owner]".
13   *
14   * Copyright 2015-2016 ForgeRock AS.
15   */
16  
17  package org.forgerock.json.jose.jwe.handlers.encryption;
18  
19  import java.security.Key;
20  
21  import org.forgerock.json.jose.jwe.EncryptionMethod;
22  import org.forgerock.json.jose.jwe.JweAlgorithm;
23  import org.forgerock.json.jose.jwe.JweEncryption;
24  import org.forgerock.json.jose.jws.SigningManager;
25  
26  /**
27   * Abstract base class for implementations of the RSAES-PKCS1-v1_5 content encryption scheme. In this scheme a random
28   * Content Encryption Key (CEK) is generated for some underlying AES CBC-mode {@link EncryptionMethod} with HMAC for
29   * authentication.
30   *
31   * @see <a href="https://tools.ietf.org/html/rfc7518#section-4.2">RFC 7518 Section 4.2</a>
32   * @deprecated Use {@link RSAEncryptionHandler} and {@link AESCBCHMACSHA2ContentEncryptionHandler} instead.
33   */
34  @Deprecated
35  abstract class AbstractRSAESPkcs1V15AesCbcHmacEncryptionHandler extends AbstractEncryptionHandler {
36  
37      private static final JweAlgorithm ALGORITHM = JweAlgorithm.RSAES_PKCS1_V1_5;
38  
39      private final RSAEncryptionHandler encryptionHandler;
40  
41      /**
42       * Constructs a new AbstractRSAES_PKCS1_V1_5EncryptionHandler instance.
43       *
44       * @param signingManager An instance of the SigningManager to use to create the authenticate tag.
45       */
46      protected AbstractRSAESPkcs1V15AesCbcHmacEncryptionHandler(SigningManager signingManager,
47              EncryptionMethod encryptionMethod) {
48  
49          this.encryptionHandler = new RSAEncryptionHandler(encryptionMethod, ALGORITHM);
50  
51          if (encryptionMethod != EncryptionMethod.A128CBC_HS256 && encryptionMethod != EncryptionMethod.A256CBC_HS512) {
52              throw new IllegalArgumentException("Not an AES/CBC/HMAC encryption method: " + encryptionMethod);
53          }
54      }
55  
56      /**
57       * Creates a Content Encryption Key (CEK) by generating a random key value with a length equal to the
58       * EncryptionMethod A128CBC_HS256 key size.
59       * <p>
60       * See point 2 in <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-11#section-5.1">
61       *     Section 5.1</a> of the JWE Specification.
62       *
63       * @return {@inheritDoc}
64       */
65      @Override
66      public Key getContentEncryptionKey() {
67          return encryptionHandler.getContentEncryptionKey();
68      }
69  
70      /**
71       * Generates the JWE Encrypted Key by encrypting the Content Encryption Key (CEK) using the JweAlgorithm
72       * RSAES_PCKCS1_V1_5.
73       * <p>
74       * See point 4 in <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-11#section-5.1">
75       *     Section 5.1</a> of the JWE Specification.
76       *
77       * @param key {@inheritDoc}
78       * @param contentEncryptionKey {@inheritDoc}
79       * @return {@inheritDoc}
80       */
81      @Override
82      public byte[] generateJWEEncryptedKey(Key key, Key contentEncryptionKey) {
83          return encryptionHandler.generateJWEEncryptedKey(key, contentEncryptionKey);
84      }
85  
86      /**
87       * Generates a random JWE Initialisation Vector of the correct size for the encryption algorithm.
88       * <p>
89       * See points 9 in <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-11#section-5.1">
90       *     Section 5.1</a> of the JWE Specification.
91       *
92       * @return {@inheritDoc}
93       */
94      @Override
95      public byte[] generateInitialisationVector() {
96          return encryptionHandler.generateInitialisationVector();
97      }
98  
99      /**
100      * {@inheritDoc}
101      */
102     @Override
103     public JweEncryption encryptPlaintext(Key contentEncryptionKey, byte[] initialisationVector, byte[] plaintext,
104                                           byte[] additionalAuthenticatedData) {
105 
106         return encryptionHandler.encryptPlaintext(contentEncryptionKey, initialisationVector, plaintext,
107                 additionalAuthenticatedData);
108     }
109 
110     /**
111      * Decrypts the JWE Encrypted Key to produce the Content Encryption Key (CEK).
112      * <p>
113      * See points 10 in <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-11#section-5.2">
114      *     Section 5.2</a> of the JWE Specification.
115      *
116      * @param key {@inheritDoc}
117      * @param encryptedContentEncryptionKey {@inheritDoc}
118      * @return {@inheritDoc}
119      */
120     @Override
121     public Key decryptContentEncryptionKey(Key key, byte[] encryptedContentEncryptionKey) {
122         return encryptionHandler.decryptContentEncryptionKey(key, encryptedContentEncryptionKey);
123     }
124 
125     /**
126      * {@inheritDoc}
127      */
128     @Override
129     public byte[] decryptCiphertext(Key contentEncryptionKey, byte[] initialisationVector, byte[] ciphertext,
130                                     byte[] authenticationTag, byte[] additionalAuthenticatedData) {
131         return encryptionHandler.decryptCiphertext(contentEncryptionKey, initialisationVector, ciphertext,
132                 authenticationTag, additionalAuthenticatedData);
133     }
134 
135 }