protected String encodeAssertion() {
if (encoded) {
return assertion;
}
try {
return Base64UrlUtility.encode(assertion);
} catch (Exception ex) {
throw new OAuthServiceException(ex.getMessage(), ex);
}
}
protected MultivaluedMap<String, String> createRedirectState(
ContainerRequestContext rc, UriInfo ui) {
if (clientStateManager == null) {
return new MetadataMap<String, String>();
}
String codeVerifier = null;
MultivaluedMap<String, String> codeRequestState = toCodeRequestState(rc, ui);
if (codeVerifierTransformer != null) {
codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
codeRequestState.putSingle(OAuthConstants.AUTHORIZATION_CODE_VERIFIER, codeVerifier);
}
MultivaluedMap<String, String> redirectState =
clientStateManager.toRedirectState(mc, codeRequestState);
if (codeVerifier != null) {
redirectState.putSingle(OAuthConstants.AUTHORIZATION_CODE_VERIFIER, codeVerifier);
}
return redirectState;
}
private String getUnsignedEncodedJws(boolean detached) {
checkAlgorithm();
return Base64UrlUtility.encode(writer.headersToJson(getJoseHeaders()))
+ "."
+ (detached ? "" : Base64UrlUtility.encode(plainJwsPayload));
}
public String setSignatureBytes(byte[] signatureOctets) {
setEncodedSignature(Base64UrlUtility.encode(signatureOctets));
return getSignedEncodedJws();
}
public String setSignatureText(String signatureText) {
setEncodedSignature(Base64UrlUtility.encode(signatureText));
return getSignedEncodedJws();
}
public String encryptWith(
List<JweEncryptionProvider> encryptors, List<JweHeaders> recipientUnprotected) {
checkAndGetContentAlgorithm(encryptors);
if (recipientUnprotected != null && recipientUnprotected.size() != encryptors.size()) {
throw new IllegalArgumentException();
}
JweHeaders unionHeaders = new JweHeaders();
if (protectedHeader != null) {
unionHeaders.asMap().putAll(protectedHeader.asMap());
}
if (unprotectedHeader != null) {
if (!Collections.disjoint(
unionHeaders.asMap().keySet(), unprotectedHeader.asMap().keySet())) {
LOG.warning("Protected and unprotected headers have duplicate values");
throw new JweException(JweException.Error.INVALID_JSON_JWE);
}
checkCriticalHeaders(unprotectedHeader);
unionHeaders.asMap().putAll(unprotectedHeader.asMap());
}
List<JweJsonEncryptionEntry> entries = new ArrayList<JweJsonEncryptionEntry>(encryptors.size());
Map<String, Object> jweJsonMap = new LinkedHashMap<String, Object>();
byte[] cipherText = null;
byte[] authTag = null;
byte[] iv = null;
for (int i = 0; i < encryptors.size(); i++) {
JweEncryptionProvider encryptor = encryptors.get(i);
JweHeaders perRecipientUnprotected =
recipientUnprotected == null ? null : recipientUnprotected.get(i);
JweHeaders jsonHeaders = null;
if (perRecipientUnprotected != null) {
checkCriticalHeaders(perRecipientUnprotected);
if (!Collections.disjoint(
unionHeaders.asMap().keySet(), perRecipientUnprotected.asMap().keySet())) {
LOG.warning("union and recipient unprotected headers have duplicate values");
throw new JweException(JweException.Error.INVALID_JSON_JWE);
}
jsonHeaders = new JweHeaders(unionHeaders.asMap());
jsonHeaders.asMap().putAll(perRecipientUnprotected.asMap());
} else {
jsonHeaders = unionHeaders;
}
jsonHeaders.setProtectedHeaders(protectedHeader);
JweEncryptionInput input = createEncryptionInput(jsonHeaders);
if (i > 0) {
input.setContent(null);
}
JweEncryptionOutput state = encryptor.getEncryptionOutput(input);
byte[] currentCipherText = state.getEncryptedContent();
byte[] currentAuthTag = state.getAuthTag();
byte[] currentIv = state.getIv();
if (cipherText == null) {
cipherText = currentCipherText;
}
if (authTag == null) {
authTag = currentAuthTag;
}
if (iv == null) {
iv = currentIv;
}
byte[] encryptedCek = state.getContentEncryptionKey();
if (encryptedCek.length == 0 && encryptor.getKeyAlgorithm() != null) {
LOG.warning("Unexpected key encryption algorithm");
throw new JweException(JweException.Error.INVALID_JSON_JWE);
}
String encodedCek = encryptedCek.length == 0 ? null : Base64UrlUtility.encode(encryptedCek);
entries.add(new JweJsonEncryptionEntry(perRecipientUnprotected, encodedCek));
}
if (protectedHeader != null) {
jweJsonMap.put("protected", Base64UrlUtility.encode(writer.toJson(protectedHeader)));
}
if (unprotectedHeader != null) {
jweJsonMap.put("unprotected", unprotectedHeader);
}
if (entries.size() == 1 && canBeFlat) {
JweHeaders unprotectedEntryHeader = entries.get(0).getUnprotectedHeader();
if (unprotectedEntryHeader != null) {
jweJsonMap.put("header", unprotectedEntryHeader);
}
String encryptedKey = entries.get(0).getEncodedEncryptedKey();
if (encryptedKey != null) {
jweJsonMap.put("encrypted_key", encryptedKey);
}
} else {
jweJsonMap.put("recipients", entries);
}
if (aad != null) {
jweJsonMap.put("aad", Base64UrlUtility.encode(aad));
}
jweJsonMap.put("iv", Base64UrlUtility.encode(iv));
jweJsonMap.put("ciphertext", Base64UrlUtility.encode(cipherText));
jweJsonMap.put("tag", Base64UrlUtility.encode(authTag));
return writer.toJson(jweJsonMap);
}
public String transformCodeVerifier(String codeVerifier) {
byte[] digest = MessageDigestUtils.createDigest(codeVerifier, MessageDigestUtils.ALGO_SHA_256);
return Base64UrlUtility.encode(digest);
}