Class HttpEce


  • public class HttpEce
    extends java.lang.Object
    An implementation of Encrypted Content-Encoding for HTTP. The first implementation follows the specification in [1]. The specification later moved from "aesgcm" to "aes128gcm" as content encoding [2]. To remain backwards compatible this library supports both. [1] https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-01 [2] https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-09 TODO: Support multiple records (not needed for Web Push)
    • Constructor Summary

      Constructors 
      ConstructorDescription
      HttpEce() 
      HttpEce​(java.util.Map<java.lang.String,​java.security.KeyPair> keys, java.util.Map<java.lang.String,​java.lang.String> labels) 
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and TypeMethodDescription
      protected static byte[]buildInfo​(java.lang.String type, byte[] context)
      Future versions might require a null-terminated info string?
      byte[]decrypt​(byte[] payload, byte[] salt, byte[] key, java.lang.String keyid, Encoding version)
      Decrypt the payload.
      byte[]decryptRecord​(byte[] ciphertext, byte[] key, byte[] nonce, Encoding version) 
      byte[][]deriveKeyAndNonce​(byte[] salt, byte[] key, java.lang.String keyId, org.bouncycastle.jce.interfaces.ECPublicKey dh, byte[] authSecret, Encoding version, int mode) 
      byte[]encrypt​(byte[] plaintext, byte[] salt, byte[] privateKey, java.lang.String keyid, org.bouncycastle.jce.interfaces.ECPublicKey dh, byte[] authSecret, Encoding version)
      Encrypt the given plaintext.
      byte[][]extractSecretAndContext​(byte[] key, java.lang.String keyId, org.bouncycastle.jce.interfaces.ECPublicKey dh, byte[] authSecret) 
      protected static byte[]hkdfExpand​(byte[] ikm, byte[] salt, byte[] info, int length)
      Convenience method for computing the HMAC Key Derivation Function.
      byte[][]parseHeader​(byte[] payload) 
      byte[]webpushSecret​(java.lang.String keyId, org.bouncycastle.jce.interfaces.ECPublicKey dh, byte[] authSecret, int mode)
      Combine Shared and Authentication Secrets See https://tools.ietf.org/html/draft-ietf-webpush-encryption-09#section-3.3.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • HttpEce

        public HttpEce()
      • HttpEce

        public HttpEce​(java.util.Map<java.lang.String,​java.security.KeyPair> keys,
                       java.util.Map<java.lang.String,​java.lang.String> labels)
    • Method Detail

      • encrypt

        public byte[] encrypt​(byte[] plaintext,
                              byte[] salt,
                              byte[] privateKey,
                              java.lang.String keyid,
                              org.bouncycastle.jce.interfaces.ECPublicKey dh,
                              byte[] authSecret,
                              Encoding version)
                       throws java.security.GeneralSecurityException
        Encrypt the given plaintext.
        Parameters:
        plaintext - Payload to encrypt.
        salt - A random 16-byte buffer
        privateKey - A private key to encrypt this message with (Web Push: the local private key)
        keyid - An identifier for the local key. Only applies to AESGCM. For AES128GCM, the header contains the keyid.
        dh - An Elliptic curve Diffie-Hellman public privateKey on the P-256 curve (Web Push: the user's keys.p256dh)
        authSecret - An authentication secret (Web Push: the user's keys.auth)
        version -
        Returns:
        Throws:
        java.security.GeneralSecurityException
      • decrypt

        public byte[] decrypt​(byte[] payload,
                              byte[] salt,
                              byte[] key,
                              java.lang.String keyid,
                              Encoding version)
                       throws java.security.InvalidKeyException,
                              java.security.NoSuchAlgorithmException,
                              javax.crypto.IllegalBlockSizeException,
                              java.security.InvalidAlgorithmParameterException,
                              javax.crypto.BadPaddingException,
                              java.security.NoSuchProviderException,
                              javax.crypto.NoSuchPaddingException
        Decrypt the payload.
        Parameters:
        payload - Header and body (ciphertext)
        salt - May be null when version is AES128GCM; the salt is extracted from the header.
        version - AES128GCM or AESGCM.
        Returns:
        Throws:
        java.security.InvalidKeyException
        java.security.NoSuchAlgorithmException
        javax.crypto.IllegalBlockSizeException
        java.security.InvalidAlgorithmParameterException
        javax.crypto.BadPaddingException
        java.security.NoSuchProviderException
        javax.crypto.NoSuchPaddingException
      • parseHeader

        public byte[][] parseHeader​(byte[] payload)
      • decryptRecord

        public byte[] decryptRecord​(byte[] ciphertext,
                                    byte[] key,
                                    byte[] nonce,
                                    Encoding version)
                             throws javax.crypto.NoSuchPaddingException,
                                    java.security.NoSuchAlgorithmException,
                                    java.security.NoSuchProviderException,
                                    java.security.InvalidAlgorithmParameterException,
                                    java.security.InvalidKeyException,
                                    javax.crypto.BadPaddingException,
                                    javax.crypto.IllegalBlockSizeException
        Throws:
        javax.crypto.NoSuchPaddingException
        java.security.NoSuchAlgorithmException
        java.security.NoSuchProviderException
        java.security.InvalidAlgorithmParameterException
        java.security.InvalidKeyException
        javax.crypto.BadPaddingException
        javax.crypto.IllegalBlockSizeException
      • buildInfo

        protected static byte[] buildInfo​(java.lang.String type,
                                          byte[] context)
        Future versions might require a null-terminated info string?
        Parameters:
        type -
        Returns:
      • hkdfExpand

        protected static byte[] hkdfExpand​(byte[] ikm,
                                           byte[] salt,
                                           byte[] info,
                                           int length)
        Convenience method for computing the HMAC Key Derivation Function. The real work is offloaded to BouncyCastle.
      • extractSecretAndContext

        public byte[][] extractSecretAndContext​(byte[] key,
                                                java.lang.String keyId,
                                                org.bouncycastle.jce.interfaces.ECPublicKey dh,
                                                byte[] authSecret)
                                         throws java.security.InvalidKeyException,
                                                java.security.NoSuchAlgorithmException
        Throws:
        java.security.InvalidKeyException
        java.security.NoSuchAlgorithmException
      • deriveKeyAndNonce

        public byte[][] deriveKeyAndNonce​(byte[] salt,
                                          byte[] key,
                                          java.lang.String keyId,
                                          org.bouncycastle.jce.interfaces.ECPublicKey dh,
                                          byte[] authSecret,
                                          Encoding version,
                                          int mode)
                                   throws java.security.NoSuchAlgorithmException,
                                          java.security.InvalidKeyException
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.InvalidKeyException
      • webpushSecret

        public byte[] webpushSecret​(java.lang.String keyId,
                                    org.bouncycastle.jce.interfaces.ECPublicKey dh,
                                    byte[] authSecret,
                                    int mode)
                             throws java.security.NoSuchAlgorithmException,
                                    java.security.InvalidKeyException
        Combine Shared and Authentication Secrets See https://tools.ietf.org/html/draft-ietf-webpush-encryption-09#section-3.3.
        Parameters:
        keyId -
        dh -
        authSecret -
        mode -
        Returns:
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.InvalidKeyException