@Override public byte[] getSignaturePayload() { byte[] b = null; Base64URL b64 = jwt.getSignature(); if (b64 != null) { b = b64.decode(); } return b; }
@Override public int size() { return ByteUtils.bitLength(x.decode()); }
/** * Returns a copy of this octet sequence key value as a byte array. * * @return The key value as a byte array. */ public byte[] toByteArray() { return getKeyValue().decode(); }
/** * Encodes the specified BASE64URL encoded data * {@code data.length || data}. * * @param data The data to encode, may be {@code null}. * * @return The encoded data. */ public static byte[] encodeDataWithLength(final Base64URL data) { byte[] bytes = data != null ? data.decode() : null; return encodeDataWithLength(bytes); } }
@Override public byte[] getSignaturePayload() { byte[] b = null; Base64URL b64 = jwt.getSignature(); if (b64 != null) { b = b64.decode(); } return b; }
@Override public int size() { try { return ByteUtils.safeBitLength(k.decode()); } catch (IntegerOverflowException e) { throw new ArithmeticException(e.getMessage()); } }
@Override public int size() { try { return ByteUtils.safeBitLength(n.decode()); } catch (IntegerOverflowException e) { throw new ArithmeticException(e.getMessage()); } }
decodedX = x.decode();
/** * Returns a byte array representation of this payload. * * @return The byte array representation. */ public byte[] toBytes() { if (bytes != null) { return bytes; } // Convert if (base64URL != null) { return base64URL.decode(); } return stringToByteArray(toString()); }
@Override public boolean verify(final JWSHeader header, final byte[] signedContent, final Base64URL signature) throws JOSEException { if (! critPolicy.headerPasses(header)) { return false; } final Signature verifier = RSASSA.getSignerAndVerifier(header.getAlgorithm(), getJCAContext().getProvider()); try { verifier.initVerify(publicKey); } catch (InvalidKeyException e) { throw new JOSEException("Invalid public RSA key: " + e.getMessage(), e); } try { verifier.update(signedContent); return verifier.verify(signature.decode()); } catch (SignatureException e) { return false; } } }
epu = new Base64URL((String)header.getCustomParam("epu")).decode(); epv = new Base64URL((String)header.getCustomParam("epv")).decode(); if (! ConstantTimeUtils.areEqual(authTag.decode(), mac)) { throw new JOSEException("MAC check failed"); return AESCBC.decrypt(cekAlt, iv.decode(), cipherText.decode(), ceProvider);
@Override public boolean verify(final JWSHeader header, final byte[] signedContent, final Base64URL signature) throws JOSEException { // Check alg field in header final JWSAlgorithm alg = header.getAlgorithm(); if (! JWSAlgorithm.EdDSA.equals(alg)) { throw new JOSEException("Ed25519Verifier requires alg=EdDSA in JWSHeader"); } // Check for unrecognized "crit" properties if (! critPolicy.headerPasses(header)) { return false; } final byte[] jwsSignature = signature.decode(); try { tinkVerifier.verify(jwsSignature, signedContent); return true; } catch (GeneralSecurityException e) { return false; } } }
final byte[] jwsSignature = signature.decode();
@Override public boolean verify(final JWSHeader header, final byte[] signedContent, final Base64URL signature) throws JOSEException { if (! critPolicy.headerPasses(header)) { return false; } String jcaAlg = getJCAAlgorithmName(header.getAlgorithm()); byte[] expectedHMAC = HMAC.compute(jcaAlg, getSecret(), signedContent, getJCAContext().getProvider()); return ConstantTimeUtils.areEqual(expectedHMAC, signature.decode()); } }
alg.equals(JWEAlgorithm.A256KW)) { cek = AESKW.unwrapCEK(getKey(), encryptedKey.decode(), getJCAContext().getKeyEncryptionProvider()); byte[] keyIV = header.getIV().decode(); byte[] keyTag = header.getAuthTag().decode(); AuthenticatedCipherText authEncrCEK = new AuthenticatedCipherText(encryptedKey.decode(), keyTag); cek = AESGCMKW.decryptCEK(getKey(), keyIV, authEncrCEK, keyLength, getJCAContext().getKeyEncryptionProvider());
cek = RSA1_5.decryptCEK(privateKey, encryptedKey.decode(), keyLength, getJCAContext().getKeyEncryptionProvider()); cek = RSA_OAEP.decryptCEK(privateKey, encryptedKey.decode(), getJCAContext().getKeyEncryptionProvider()); cek = RSA_OAEP_256.decryptCEK(privateKey, encryptedKey.decode(), getJCAContext().getKeyEncryptionProvider());
/** * Decrypts the encrypted JWE parts using the specified shared secret ("Z"). */ protected byte[] decryptWithZ(final JWEHeader header, final SecretKey Z, final Base64URL encryptedKey, final Base64URL iv, final Base64URL cipherText, final Base64URL authTag) throws JOSEException { final JWEAlgorithm alg = header.getAlgorithm(); final ECDH.AlgorithmMode algMode = ECDH.resolveAlgorithmMode(alg); // Derive shared key via concat KDF getConcatKDF().getJCAContext().setProvider(getJCAContext().getMACProvider()); // update before concat SecretKey sharedKey = ECDH.deriveSharedKey(header, Z, getConcatKDF()); final SecretKey cek; if (algMode.equals(ECDH.AlgorithmMode.DIRECT)) { cek = sharedKey; } else if (algMode.equals(ECDH.AlgorithmMode.KW)) { if (encryptedKey == null) { throw new JOSEException("Missing JWE encrypted key"); } cek = AESKW.unwrapCEK(sharedKey, encryptedKey.decode(), getJCAContext().getKeyEncryptionProvider()); } else { throw new JOSEException("Unexpected JWE ECDH algorithm mode: " + algMode); } return ContentCryptoProvider.decrypt(header, encryptedKey, iv, cipherText, authTag, cek, getJCAContext()); }