001/* 002 * nimbus-jose-jwt 003 * 004 * Copyright 2012-2016, Connect2id Ltd. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.jose.crypto; 019 020 021import java.util.Set; 022import javax.crypto.SecretKey; 023 024import com.nimbusds.jose.*; 025import com.nimbusds.jose.crypto.impl.*; 026import com.nimbusds.jose.util.Base64URL; 027import com.nimbusds.jose.util.StandardCharset; 028import net.jcip.annotations.ThreadSafe; 029 030 031/** 032 * Password-based decrypter of {@link com.nimbusds.jose.JWEObject JWE objects}. 033 * Expects a password. 034 * 035 * <p>See RFC 7518 036 * <a href="https://tools.ietf.org/html/rfc7518#section-4.8">section 4.8</a> 037 * for more information. 038 * 039 * <p>This class is thread-safe. 040 * 041 * <p>Supports the following key management algorithms: 042 * 043 * <ul> 044 * <li>{@link com.nimbusds.jose.JWEAlgorithm#PBES2_HS256_A128KW} 045 * <li>{@link com.nimbusds.jose.JWEAlgorithm#PBES2_HS384_A192KW} 046 * <li>{@link com.nimbusds.jose.JWEAlgorithm#PBES2_HS512_A256KW} 047 * </ul> 048 * 049 * <p>Supports the following content encryption algorithms: 050 * 051 * <ul> 052 * <li>{@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256} 053 * <li>{@link com.nimbusds.jose.EncryptionMethod#A192CBC_HS384} 054 * <li>{@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512} 055 * <li>{@link com.nimbusds.jose.EncryptionMethod#A128GCM} 056 * <li>{@link com.nimbusds.jose.EncryptionMethod#A192GCM} 057 * <li>{@link com.nimbusds.jose.EncryptionMethod#A256GCM} 058 * <li>{@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256_DEPRECATED} 059 * <li>{@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512_DEPRECATED} 060 * <li>{@link com.nimbusds.jose.EncryptionMethod#XC20P} 061 * </ul> 062 * 063 * @author Vladimir Dzhuvinov 064 * @version 2016-07-26 065 */ 066@ThreadSafe 067public class PasswordBasedDecrypter extends PasswordBasedCryptoProvider implements JWEDecrypter, CriticalHeaderParamsAware { 068 069 070 /** 071 * The critical header policy. 072 */ 073 private final CriticalHeaderParamsDeferral critPolicy = new CriticalHeaderParamsDeferral(); 074 075 076 /** 077 * Creates a new password-based decrypter. 078 * 079 * @param password The password bytes. Must not be empty or 080 * {@code null}. 081 */ 082 public PasswordBasedDecrypter(final byte[] password) { 083 084 super(password); 085 } 086 087 088 /** 089 * Creates a new password-based decrypter. 090 * 091 * @param password The password, as a UTF-8 encoded string. Must not be 092 * empty or {@code null}. 093 */ 094 public PasswordBasedDecrypter(final String password) { 095 096 super(password.getBytes(StandardCharset.UTF_8)); 097 } 098 099 100 @Override 101 public Set<String> getProcessedCriticalHeaderParams() { 102 103 return critPolicy.getProcessedCriticalHeaderParams(); 104 } 105 106 107 @Override 108 public Set<String> getDeferredCriticalHeaderParams() { 109 110 return critPolicy.getProcessedCriticalHeaderParams(); 111 } 112 113 114 @Override 115 public byte[] decrypt(final JWEHeader header, 116 final Base64URL encryptedKey, 117 final Base64URL iv, 118 final Base64URL cipherText, 119 final Base64URL authTag) 120 throws JOSEException { 121 122 // Validate required JWE parts 123 if (encryptedKey == null) { 124 throw new JOSEException("Missing JWE encrypted key"); 125 } 126 127 if (iv == null) { 128 throw new JOSEException("Missing JWE initialization vector (IV)"); 129 } 130 131 if (authTag == null) { 132 throw new JOSEException("Missing JWE authentication tag"); 133 } 134 135 if (header.getPBES2Salt() == null) { 136 throw new JOSEException("Missing JWE p2s header parameter"); 137 } 138 139 final byte[] salt = header.getPBES2Salt().decode(); 140 141 if (header.getPBES2Count() < 1) { 142 throw new JOSEException("Missing JWE p2c header parameter"); 143 } 144 145 final int iterationCount = header.getPBES2Count(); 146 147 critPolicy.ensureHeaderPasses(header); 148 149 final JWEAlgorithm alg = header.getAlgorithm(); 150 final byte[] formattedSalt = PBKDF2.formatSalt(alg, salt); 151 final PRFParams prfParams = PRFParams.resolve(alg, getJCAContext().getMACProvider()); 152 final SecretKey psKey = PBKDF2.deriveKey(getPassword(), formattedSalt, iterationCount, prfParams); 153 154 final SecretKey cek = AESKW.unwrapCEK(psKey, encryptedKey.decode(), getJCAContext().getKeyEncryptionProvider()); 155 156 return ContentCryptoProvider.decrypt(header, encryptedKey, iv, cipherText, authTag, cek, getJCAContext()); 157 } 158}