Package org.keycloak.crypto.fips

Class FIPSRsaKeyEncryptionJWEAlgorithmProvider

java.lang.Object
org.keycloak.crypto.fips.FIPSRsaKeyEncryptionJWEAlgorithmProvider
All Implemented Interfaces:
org.keycloak.jose.jwe.alg.JWEAlgorithmProvider
public class FIPSRsaKeyEncryptionJWEAlgorithmProvider extends Object implements org.keycloak.jose.jwe.alg.JWEAlgorithmProvider
Fips note: Based on https://downloads.bouncycastle.org/fips-java/BC-FJA-UserGuide-1.0.2.pdf, Section 4 There are no direct public/private key ciphers available in approved mode. Available ciphers are restricted to use for key wrapping and key transport, see section 7 and section 8 for details. Our solution is to pull out the CEK signature and encryption keys , encode them separately , and then

  • Constructor Summary

    Constructors
    Constructor
    Description
    FIPSRsaKeyEncryptionJWEAlgorithmProvider(org.bouncycastle.crypto.fips.FipsRSA.WrapParameters wrapParameters)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    byte[]
    decodeCek(byte[] encodedCek, Key privateKey, org.keycloak.jose.jwe.JWEHeader header, org.keycloak.jose.jwe.enc.JWEEncryptionProvider encryptionProvider)
     
    byte[]
    encodeCek(org.keycloak.jose.jwe.enc.JWEEncryptionProvider encryptionProvider, org.keycloak.jose.jwe.JWEKeyStorage keyStorage, Key publicKey, org.keycloak.jose.jwe.JWEHeader.JWEHeaderBuilder headerBuilder)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • FIPSRsaKeyEncryptionJWEAlgorithmProvider

      public FIPSRsaKeyEncryptionJWEAlgorithmProvider(org.bouncycastle.crypto.fips.FipsRSA.WrapParameters wrapParameters)

  • Method Details

    • decodeCek

      public byte[] decodeCek(byte[] encodedCek, Key privateKey, org.keycloak.jose.jwe.JWEHeader header, org.keycloak.jose.jwe.enc.JWEEncryptionProvider encryptionProvider) throws Exception
      Specified by:
      decodeCek in interface org.keycloak.jose.jwe.alg.JWEAlgorithmProvider
      Throws:
      Exception

    • encodeCek

      public byte[] encodeCek(org.keycloak.jose.jwe.enc.JWEEncryptionProvider encryptionProvider, org.keycloak.jose.jwe.JWEKeyStorage keyStorage, Key publicKey, org.keycloak.jose.jwe.JWEHeader.JWEHeaderBuilder headerBuilder) throws Exception
      Specified by:
      encodeCek in interface org.keycloak.jose.jwe.alg.JWEAlgorithmProvider
      Throws:
      Exception