Package org.keycloak.crypto.fips

Class FIPSRsaKeyEncryptionJWEAlgorithmProvider

java.lang.Object

org.keycloak.crypto.fips.FIPSRsaKeyEncryptionJWEAlgorithmProvider

All Implemented Interfaces:

JWEAlgorithmProvider

public class FIPSRsaKeyEncryptionJWEAlgorithmProvider
extends Object
implements JWEAlgorithmProvider

Fips note: Based on https://downloads.bouncycastle.org/fips-java/BC-FJA-UserGuide-1.0.2.pdf, Section 4 There are no direct public/private key ciphers available in approved mode. Available ciphers are restricted to use for key wrapping and key transport, see section 7 and section 8 for details. Our solution is to pull out the CEK signature and encryption keys , encode them separately , and then

Constructor Summary

Constructors

Constructor	Description
FIPSRsaKeyEncryptionJWEAlgorithmProvider(org.bouncycastle.crypto.fips.FipsRSA.WrapParameters wrapParameters)

Method Summary

Modifier and Type	Method	Description
byte[]	decodeCek(byte[] encodedCek, Key privateKey)
byte[]	encodeCek(JWEEncryptionProvider encryptionProvider, JWEKeyStorage keyStorage, Key publicKey)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

FIPSRsaKeyEncryptionJWEAlgorithmProvider

public FIPSRsaKeyEncryptionJWEAlgorithmProvider(org.bouncycastle.crypto.fips.FipsRSA.WrapParameters wrapParameters)

Method Detail

decodeCek

public byte[] decodeCek(byte[] encodedCek,
                        Key privateKey)
                 throws Exception

Specified by:

decodeCek in interface JWEAlgorithmProvider

Throws:

Exception

encodeCek

public byte[] encodeCek(JWEEncryptionProvider encryptionProvider,
                        JWEKeyStorage keyStorage,
                        Key publicKey)
                 throws Exception

Specified by:

encodeCek in interface JWEAlgorithmProvider

Throws:

Exception