Skip to content

Commit 3dec144

Browse files
jalaurosjalauros
committed
handling of cipherparams for ECDH_ES corrected
1 parent 759a6b1 commit 3dec144

4 files changed

Lines changed: 36 additions & 6 deletions

File tree

build.gradle

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,10 @@ apply plugin: 'net.saliman.cobertura'
88

99
sourceCompatibility = 1.7
1010

11+
test {
12+
testLogging.showStandardStreams = true
13+
}
14+
1115
buildscript {
1216
repositories {
1317
maven {

src/main/java/org/oidc/msg/AbstractMessage.java

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@
2525
import com.auth0.jwt.algorithms.CipherParams;
2626
import com.auth0.jwt.exceptions.JWTDecodeException;
2727
import com.auth0.jwt.exceptions.JWTVerificationException;
28+
import com.auth0.jwt.exceptions.KeyAgreementException;
2829
import com.auth0.jwt.exceptions.oicmsg_exceptions.DeserializationNotPossible;
2930
import com.auth0.jwt.exceptions.oicmsg_exceptions.JWKException;
3031
import com.auth0.jwt.exceptions.oicmsg_exceptions.SerializationNotPossible;
@@ -491,10 +492,14 @@ public String toJwt(Key signingKey, String alg, Key transportKey, String encAlg,
491492
"encAlg and encEnc are mandatory parameters if transport key is set");
492493
}
493494
try {
494-
return JWTEncryptor.init().withPayload(signedJwt.getBytes("UTF-8")).encrypt(
495-
AlgorithmResolver.resolveKeyTransportAlgorithmForEncryption(transportKey, encAlg, encEnc, keyjar, sender, receiver),
496-
Algorithm.getContentEncryptionAlg(encEnc, CipherParams.getInstance(encEnc)));
497-
} catch (UnsupportedEncodingException | ValueError | SerializationNotPossible e) {
495+
Algorithm keyTransportAlgorithm = AlgorithmResolver.resolveKeyTransportAlgorithmForEncryption(
496+
transportKey, encAlg, encEnc, keyjar, sender, receiver);
497+
Algorithm contentEncryptionAlgorithm = AlgorithmResolver
498+
.resolveContentEncryptionAlg(keyTransportAlgorithm, encEnc);
499+
return JWTEncryptor.init().withPayload(signedJwt.getBytes("UTF-8"))
500+
.encrypt(keyTransportAlgorithm, contentEncryptionAlgorithm);
501+
} catch (UnsupportedEncodingException | ValueError | SerializationNotPossible
502+
| KeyAgreementException e) {
498503
throw new SerializationException(
499504
String.format("Not able to initialize key transport algorithm '%s' to encrypt JWS, '%s'",
500505
encAlg, e.getMessage()));

src/main/java/org/oidc/msg/oidc/util/AlgorithmResolver.java

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,9 @@
1717
package org.oidc.msg.oidc.util;
1818

1919
import com.auth0.jwt.algorithms.Algorithm;
20+
import com.auth0.jwt.algorithms.CipherParams;
21+
import com.auth0.jwt.algorithms.ECDHESAlgorithm;
22+
import com.auth0.jwt.exceptions.KeyAgreementException;
2023
import com.auth0.jwt.exceptions.oicmsg_exceptions.HeaderError;
2124
import com.auth0.jwt.exceptions.oicmsg_exceptions.JWKException;
2225
import com.auth0.jwt.exceptions.oicmsg_exceptions.SerializationNotPossible;
@@ -261,6 +264,25 @@ public static Algorithm resolveKeyTransportAlgorithmForEncryption(Key key, Strin
261264
throw new ValueError(String.format("Algorithm '%s' not supported ", alg));
262265
}
263266

267+
/**
268+
* Resolves content encryption algorithm.
269+
*
270+
* @param encAlg
271+
* key transport algorithm
272+
* @param encEnc
273+
* name of the content encryption algorithm
274+
* @return content encryption algorithm
275+
* @throws KeyAgreementException
276+
*/
277+
public static Algorithm resolveContentEncryptionAlg(Algorithm encAlg, String encEnc)
278+
throws KeyAgreementException {
279+
if (encAlg instanceof ECDHESAlgorithm) {
280+
return Algorithm.getContentEncryptionAlg(encEnc,
281+
CipherParams.getKeyAgreementInstance(encEnc, encAlg));
282+
}
283+
return Algorithm.getContentEncryptionAlg(encEnc, CipherParams.getInstance(encEnc));
284+
}
285+
264286
/**
265287
* Gets receiver ephemeral key from keyjar. Any suitable located receiver key is treated as the
266288
* key.

src/test/java/org/oidc/msg/AbstractMessageTest.java

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -231,8 +231,7 @@ public void testSuccessJWTEncryptDecrypt1()
231231
testSuccessJWTEncryptDecrypt("RS256","A128KW","A128CBC-HS256");
232232
testSuccessJWTEncryptDecrypt("RS384","A192KW","A128CBC-HS256");
233233
testSuccessJWTEncryptDecrypt("RS512","A256KW","A128CBC-HS256");
234-
//TODO: not passing
235-
//testSuccessJWTEncryptDecrypt("RS256","ECDH-ES","A128CBC-HS256");
234+
testSuccessJWTEncryptDecrypt("RS256","ECDH-ES","A128CBC-HS256");
236235
testSuccessJWTEncryptDecrypt("RS256","ECDH-ES+A128KW","A128GCM");
237236
testSuccessJWTEncryptDecrypt("RS384","ECDH-ES+A192KW","A192GCM");
238237
testSuccessJWTEncryptDecrypt("RS512","ECDH-ES+A256KW","A256GCM");

0 commit comments

Comments
 (0)