Versions Compared

Old Version 51

changes.mady.by.user Sergey Beryozkin

Saved on

compared with

New Version 52

changes.mady.by.user Sergey Beryozkin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagejava
titleCXF JweJson
final String text = "The true sign of intelligence is not knowledge but imagination.";
SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES");
SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES2, "AES");
        
JweHeaders protectedHeaders = new JweHeaders(ContentAlgorithm.A128GCM);
JweHeaders sharedUnprotectedHeaders = new JweHeaders();
sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(KeyAlgorithm.A128KW);
        
ContentEncryptionProvider contentEncryption = new AesGcmContentEncryptionAlgorithm(CEK_BYTES, ContentAlgorithm.A128GCM);
// if a single recipient then this line is enough:
// JweUtils.getContentEncryptionProvider(ContentAlgorithm.A128GCM);
        
KeyEncryptionProvider keyEncryption1 = JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, KeyAlgorithm.A128KW);
JweEncryptionProvider jweEnc1 = new JweEncryption(keyEncryption1, contentEncryption);

KeyEncryptionProvider keyEncryption2 = JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, KeyAlgorithm.A128KW);
JweEncryptionProvider jweEnc2 = new JweEncryption(keyEncryption2, contentEncryption);

List<JweEncryptionProvider> jweProviders = new LinkedList<JweEncryptionProvider>();
jweProviders.add(jweEnc1);
jweProviders.add(jweEnc2);
        
List<JweHeaders> perRecipientHeades = new LinkedList<JweHeaders>();
perRecipientHeades.add(new JweHeaders("key1"));
perRecipientHeades.add(new JweHeaders("key2"));

JweJsonProducer p = new JweJsonProducer(protectedHeaders,
                                        sharedUnprotectedHeaders,
                                        StringUtils.toBytesUTF8(text),
                                        StringUtils.toBytesUTF8(EXTRA_AAD_SOURCE),
                                        false) {
                         protected JweEncryptionInput createEncryptionInput(JweHeaders jsonHeaders) {
                           JweEncryptionInput input = super.createEncryptionInput(jsonHeaders);
                           input.setCek(CEK_BYTES);
                           input.setIv(JweCompactReaderWriterTest.INIT_VECTOR_A1);
                           return input;
                         }
                    } ;
String jweJsonOut = p.encryptWith(jweProviders, perRecipientHeades);

JweJsonConsumer consumer = new JweJsonConsumer(jweJsonOut);
KeyAlgorithm keyAlgo = consumer.getSharedUnprotectedHeader().getKeyEncryptionAlgorithm();
ContentAlgorithm ctAlgo = consumer.getProtectedHeader().getContentEncryptionAlgorithm();

// first recipient:
JweDecryptionProvider jwe1 = JweUtils.createJweDecryptionProvider(wrapperKey1, keyAlgo, ctAlgo);

// the consumer will iterate over JWE entries and will try to find the one which can be decrypted with this decryptor
// or do consumer.getRecipientsMap() returning a list of entries and their metadata to do a more precise selection.

String content = consumer.decryptWith(jwe1, Collections.singletonMap("kid", "key1")).getContent();

// second recipient:
JweDecryptionProvider jwe2 = JweUtils.createJweDecryptionProvider(wrapperKey2, keyAlgo, ctAlgo);
content = consumer.decryptWith(jwe2, Collections.singletonMap("kid", "key1")).getContent();


 

...