JsonEncrypt.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */


  22. package org.openspcoop2.utils.security;

  24. import java.util.Iterator;
  25. import java.util.Properties;

  27. import org.apache.cxf.rs.security.jose.common.JoseConstants;
  28. import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
  29. import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
  30. import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
  31. import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
  32. import org.apache.cxf.rs.security.jose.jwe.JweJsonProducer;
  33. import org.apache.cxf.rs.security.jose.jwe.JweUtils;
  34. import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
  35. import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
  36. import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
  37. import org.openspcoop2.utils.UtilsException;
  38. import org.openspcoop2.utils.certificate.KeyStore;

  40. /** 
  41.  * Encrypt
  42.  *
  43.  * @author Poli Andrea (apoli@link.it)
  44.  * @author $Author$
  45.  * @version $Rev$, $Date$
  46.  */
  47. public class JsonEncrypt {

  49.     private JweEncryptionProvider provider;
  50.     
  51.     private ContentAlgorithm contentAlgorithm;
  52.     private KeyAlgorithm keyAlgorithm;
  53.     
  54.     private JWEOptions options;
  55.     
  56.     private JweHeaders headers;
  57.     private JwtHeaders jwtHeaders;
  58.     
  59.     public JsonEncrypt(Properties props, JWEOptions options) throws UtilsException{
  60.         this(props, null, options);
  61.     }
  62.     public JsonEncrypt(Properties props, JwtHeaders jwtHeaders, JWEOptions options) throws UtilsException{
  63.         try {
  64.             this.headers = new JweHeaders();
  65.             
  66.             this.options=options;
  67.             String tmp = props.getProperty(JoseConstants.RSSEC_ENCRYPTION_ZIP_ALGORITHM);
  68.             if(tmp!=null && JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM.equalsIgnoreCase(tmp.trim())) {
  69.                 this.options.setDeflate(true); // overwrite options
  70.             }
  71.             
  72.             this.provider = JsonUtils.getJweEncryptionProvider(props);
  73.             if(this.provider==null) {
  74.                 
  75.                 KeyAlgorithm keyAlgorithmP = JweUtils.getKeyEncryptionAlgorithm(props, null);
  76.                 if (KeyAlgorithm.DIRECT.equals(keyAlgorithmP)) {
  77.                     this.provider = JsonUtils.getJweEncryptionProviderFromJWKSymmetric(props, this.headers);
  78.                 }
  79.                 else {
  80.                     this.provider = JweUtils.loadEncryptionProvider(props, JsonUtils.newMessage(), this.headers);
  81.                 }
  82.             }
  83.             
  84.             this.contentAlgorithm = JweUtils.getContentEncryptionAlgorithm(props, ContentAlgorithm.A256GCM);
  85.             this.keyAlgorithm = JweUtils.getKeyEncryptionAlgorithm(props, null);
  86. /**         if(this.keyAlgorithm==null) {
  87. //              throw new Exception("KeyAlgorithm undefined");
  88. //          }*/
  89.                         
  90.             this.jwtHeaders = jwtHeaders;
  91.             
  92.         }catch(Exception t) {
  93.             throw JsonUtils.convert(options.getSerialization(), JsonUtils.ENCRYPT,JsonUtils.SENDER,t);
  94.         }
  95.     }
  96.     
  97.     public JsonEncrypt(java.security.KeyStore keystore, String alias, String keyAlgorithm, String contentAlgorithm, 
  98.             JWEOptions options) throws UtilsException{
  99.         initTrustStore(new KeyStore(keystore), alias, keyAlgorithm, contentAlgorithm, null, options);
  100.     }
  101.     public JsonEncrypt(KeyStore keystore, String alias, String keyAlgorithm, String contentAlgorithm, 
  102.             JWEOptions options) throws UtilsException{
  103.         initTrustStore(keystore, alias, keyAlgorithm, contentAlgorithm, null, options); 
  104.     }
  105.     public JsonEncrypt(java.security.KeyStore keystore, String alias, String keyAlgorithm, String contentAlgorithm,
  106.             JwtHeaders jwtHeaders, JWEOptions options) throws UtilsException{
  107.         initTrustStore(new KeyStore(keystore), alias, keyAlgorithm, contentAlgorithm, jwtHeaders, options);
  108.     }
  109.     public JsonEncrypt(KeyStore keystore, String alias, String keyAlgorithm, String contentAlgorithm,
  110.             JwtHeaders jwtHeaders, JWEOptions options) throws UtilsException{
  111.         initTrustStore(keystore, alias, keyAlgorithm, contentAlgorithm, jwtHeaders, options);
  112.     }
  113.     private void initTrustStore(KeyStore keystore, String alias, String keyAlgorithm, String contentAlgorithm,
  114.             JwtHeaders jwtHeaders, JWEOptions options) throws UtilsException{
  115.         try {
  116.             this.options=options;
  117.             
  118.             this.keyAlgorithm  = org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm.getAlgorithm(keyAlgorithm);
  119.             this.contentAlgorithm = org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm.getAlgorithm(contentAlgorithm);
  120.             String compression = null;
  121.             if(this.options.isDeflate()) {
  122.                 compression = JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM;
  123.             }
  124.             
  125.             this.provider = JweUtils.createJweEncryptionProvider( keystore.getPublicKey(alias), this.keyAlgorithm, this.contentAlgorithm, compression);
  126.             
  127.             this.jwtHeaders = jwtHeaders;
  128.         }catch(Exception t) {
  129.             throw JsonUtils.convert(options.getSerialization(), JsonUtils.ENCRYPT,JsonUtils.SENDER,t);
  130.         }
  131.     }
  132.     
  133.     public JsonEncrypt(java.security.KeyStore keystore, String alias, String passwordPrivateKey, String keyAlgorithm, String contentAlgorithm, 
  134.             JWEOptions options) throws UtilsException{
  135.         initKeystore(new KeyStore(keystore), alias, passwordPrivateKey, keyAlgorithm, contentAlgorithm, null, options);
  136.     }
  137.     public JsonEncrypt(KeyStore keystore, String alias, String passwordPrivateKey, String keyAlgorithm, String contentAlgorithm, 
  138.             JWEOptions options) throws UtilsException{
  139.         initKeystore(keystore, alias, passwordPrivateKey, keyAlgorithm, contentAlgorithm, null, options);   
  140.     }
  141.     public JsonEncrypt(java.security.KeyStore keystore, String alias, String passwordPrivateKey, String keyAlgorithm, String contentAlgorithm,
  142.             JwtHeaders jwtHeaders, JWEOptions options) throws UtilsException{
  143.         initKeystore(new KeyStore(keystore), alias, passwordPrivateKey, keyAlgorithm, contentAlgorithm, jwtHeaders, options);
  144.     }
  145.     public JsonEncrypt(KeyStore keystore, String alias, String passwordPrivateKey, String keyAlgorithm, String contentAlgorithm,
  146.             JwtHeaders jwtHeaders, JWEOptions options) throws UtilsException{
  147.         initKeystore(keystore, alias, passwordPrivateKey, keyAlgorithm, contentAlgorithm, jwtHeaders, options);
  148.     }
  149.     private void initKeystore(KeyStore keystore, String alias, String passwordPrivateKey, String keyAlgorithm, String contentAlgorithm,
  150.             JwtHeaders jwtHeaders, JWEOptions options) throws UtilsException{
  151.         try {
  152.             this.options=options;
  153.             
  154.             this.keyAlgorithm  = org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm.getAlgorithm(keyAlgorithm);
  155.             this.contentAlgorithm = org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm.getAlgorithm(contentAlgorithm);
  156.             String compression = null;
  157.             if(this.options.isDeflate()) {
  158.                 compression = JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM;
  159.             }
  160.             
  161.             if (KeyAlgorithm.DIRECT.equals(this.keyAlgorithm)) {
  162.                 this.provider = JweUtils.getDirectKeyJweEncryption(keystore.getSecretKey(alias, passwordPrivateKey), this.contentAlgorithm);
  163.             }
  164.             else {
  165.                 this.provider = JweUtils.createJweEncryptionProvider(keystore.getSecretKey(alias, passwordPrivateKey), this.keyAlgorithm, this.contentAlgorithm, compression);
  166.             }
  167.             
  168.             this.jwtHeaders = jwtHeaders;
  169.         }catch(Exception t) {
  170.             throw JsonUtils.convert(options.getSerialization(), JsonUtils.ENCRYPT,JsonUtils.SENDER,t);
  171.         }
  172.     }

  174.     public JsonEncrypt(JsonWebKeys jsonWebKeys, boolean secretKey, String alias, String keyAlgorithm, String contentAlgorithm, 
  175.             JWEOptions options) throws UtilsException{
  176.         initJsonWebKey(JsonUtils.readKey(jsonWebKeys, alias),secretKey, keyAlgorithm, contentAlgorithm, null, options); 
  177.     }
  178.     public JsonEncrypt(JsonWebKeys jsonWebKeys, boolean secretKey, String alias, String keyAlgorithm, String contentAlgorithm, 
  179.             JwtHeaders jwtHeaders, JWEOptions options) throws UtilsException{
  180.         initJsonWebKey(JsonUtils.readKey(jsonWebKeys, alias),secretKey, keyAlgorithm, contentAlgorithm, jwtHeaders, options);   
  181.     }
  182.     public JsonEncrypt(JsonWebKey jsonWebKey, boolean secretKey, String keyAlgorithm, String contentAlgorithm, 
  183.             JWEOptions options) throws UtilsException{
  184.         initJsonWebKey(jsonWebKey,secretKey, keyAlgorithm, contentAlgorithm, null, options);    
  185.     }
  186.     public JsonEncrypt(JsonWebKey jsonWebKey, boolean secretKey, String keyAlgorithm, String contentAlgorithm, 
  187.             JwtHeaders jwtHeaders, JWEOptions options) throws UtilsException{
  188.         initJsonWebKey(jsonWebKey,secretKey, keyAlgorithm, contentAlgorithm, jwtHeaders, options);  
  189.     }
  190.     private void initJsonWebKey(JsonWebKey jsonWebKey, boolean secretKey, String keyAlgorithm, String contentAlgorithm, 
  191.             JwtHeaders jwtHeaders, JWEOptions options) throws UtilsException{
  192.         try {
  193.             this.options=options;
  194.             
  195.             this.keyAlgorithm  = org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm.getAlgorithm(keyAlgorithm);
  196.             this.contentAlgorithm = org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm.getAlgorithm(contentAlgorithm);
  197.             String compression = null;
  198.             if(this.options.isDeflate()) {
  199.                 compression = JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM;
  200.             }
  201.             
  202.             if(secretKey) {
  203.                 if(jsonWebKey.getAlgorithm()==null) {
  204.                     jsonWebKey.setAlgorithm(contentAlgorithm);
  205.                 }
  206.                 if (KeyAlgorithm.DIRECT.equals(this.keyAlgorithm)) {
  207.                     this.provider = JweUtils.getDirectKeyJweEncryption(JwkUtils.toSecretKey(jsonWebKey), this.contentAlgorithm);
  208.                 }
  209.                 else {
  210.                     this.provider = JweUtils.createJweEncryptionProvider(JwkUtils.toSecretKey(jsonWebKey), this.keyAlgorithm, this.contentAlgorithm, compression);
  211.                 }
  212.                 if(this.provider==null) {
  213.                     throw new UtilsException("(JsonWebKey) JwsEncryptionProvider init failed; check content algorithm ("+contentAlgorithm+")");
  214.                 }
  215.             }else {
  216.                 this.provider = JweUtils.createJweEncryptionProvider(JwkUtils.toRSAPublicKey(jsonWebKey), this.keyAlgorithm, this.contentAlgorithm, compression);
  217.             }
  218.             
  219.             this.jwtHeaders = jwtHeaders;
  220.         }catch(Exception t) {
  221.             throw JsonUtils.convert(options.getSerialization(), JsonUtils.ENCRYPT,JsonUtils.SENDER,t);
  222.         }
  223.     }
  224.     
  225.     public String encrypt(String jsonString) throws UtilsException{
  226.         try {
  227.             switch(this.options.getSerialization()) {
  228.                 case JSON: return encryptJson(jsonString);
  229.                 case COMPACT: return encryptCompact(jsonString);
  230.                 default: throw new UtilsException("Unsupported serialization '"+this.options.getSerialization()+"'");
  231.             }
  232.         }
  233.         catch(Exception t) {
  234.             throw JsonUtils.convert(this.options.getSerialization(), JsonUtils.ENCRYPT,JsonUtils.SENDER,t);
  235.         }
  236.     }
  237.     public String encrypt(byte[] json) throws UtilsException{
  238.         try {
  239.             switch(this.options.getSerialization()) {
  240.                 case JSON: return encryptJson(json);
  241.                 case COMPACT: return encryptCompact(json);
  242.                 default: throw new UtilsException("Unsupported serialization '"+this.options.getSerialization()+"'");
  243.             }
  244.         }
  245.         catch(Exception t) {
  246.             throw JsonUtils.convert(this.options.getSerialization(), JsonUtils.ENCRYPT,JsonUtils.SENDER,t);
  247.         }
  248.     }

  250.     private String encryptCompact(String jsonString) throws Exception { 
  251.         return encryptCompact(jsonString.getBytes());
  252.     }
  253.     private String encryptCompact(byte[] json) throws Exception {   
  254.         JweHeaders headersBuild = null;
  255.         if(this.keyAlgorithm!=null) {
  256.             headersBuild = new JweHeaders(this.keyAlgorithm,this.contentAlgorithm,this.options.isDeflate());
  257.         }
  258.         else {
  259.             headersBuild = new JweHeaders(this.contentAlgorithm,this.options.isDeflate());
  260.         }
  261.         fillJwtHeaders(headersBuild, this.keyAlgorithm);
  262.         return this.provider.encrypt(json, headersBuild);
  263.     }


  266.     private String encryptJson(String jsonString) throws Exception {
  267.         return encryptJson(jsonString.getBytes()); 
  268.     }
  269.     private String encryptJson(byte[] json) throws Exception {
  270.         
  271.         JweHeaders sharedUnprotectedHeaders = null;
  272.         if(this.keyAlgorithm!=null) {
  273.             sharedUnprotectedHeaders = new JweHeaders();
  274.             sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(this.keyAlgorithm);
  275.         }

  277.         JweHeaders protectedHeaders = new JweHeaders(this.contentAlgorithm, this.options.isDeflate());
  278.         fillJwtHeaders(protectedHeaders, this.keyAlgorithm);
  279.         
  280.         JweJsonProducer producer = null;
  281.         if(sharedUnprotectedHeaders!=null) {
  282.             protectedHeaders.removeProperty("alg"); // e' in sharedUnprotectedHeaders
  283.             producer = new JweJsonProducer(protectedHeaders, sharedUnprotectedHeaders, json);
  284.         }
  285.         else {
  286.             producer = new JweJsonProducer(protectedHeaders, json);
  287.         }
  288.         
  289.         return producer.encryptWith(this.provider);
  290.     }
  291.     
  292.     private void fillJwtHeaders(JweHeaders headers, org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm keyAlgo) throws Exception {
  293.         if(this.headers!=null &&
  294.             this.headers.asMap()!=null && !this.headers.asMap().isEmpty()) {
  295.             Iterator<String> itKeys = this.headers.asMap().keySet().iterator();
  296.             while (itKeys.hasNext()) {
  297.                 String key = itKeys.next();
  298.                 if(!headers.containsHeader(key)) {
  299.                     headers.setHeader(key, this.headers.getHeader(key));
  300.                 }
  301.             }
  302.         }
  303.         if(this.jwtHeaders!=null) {
  304.             this.jwtHeaders.fillJwsHeaders(headers, false, keyAlgo!=null ? keyAlgo.getJwaName() : null);
  305.         }
  306.     }

  308. }
Created with JaCoCo 0.8.8.202204050719