Package com.iizix.push.vapid
Class HttpEce
java.lang.Object
com.iizix.push.vapid.HttpEce
An implementation of Encrypted Content-Encoding for HTTP. The first implementation follows the specification in [1]. The specification later moved from "aesgcm" to "aes128gcm" as content encoding [2]. To remain backwards compatible this library supports both. [1] https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-01 [2] https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-09 TODO: Support multiple records (not needed for Web Push)
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final intstatic final intstatic final intstatic final intstatic final StringConstructor Summary
ConstructorsMethod Summary
Modifier and TypeMethodDescriptionprotected static byte[]Future versions might require a null-terminated info string?byte[]Decrypt the payload.byte[]decryptRecord(byte[] ciphertext, byte[] key, byte[] nonce, Encoding version) byte[][]deriveKeyAndNonce(byte[] salt, byte[] key, String keyId, org.bouncycastle.jce.interfaces.ECPublicKey dh, byte[] authSecret, Encoding version, int mode) byte[]encrypt(byte[] plaintext, byte[] salt, byte[] privateKey, String keyid, org.bouncycastle.jce.interfaces.ECPublicKey dh, byte[] authSecret, Encoding version) Encrypt the given plaintext.byte[][]extractSecretAndContext(byte[] key, String keyId, org.bouncycastle.jce.interfaces.ECPublicKey dh, byte[] authSecret) protected static byte[]hkdfExpand(byte[] ikm, byte[] salt, byte[] info, int length) Convenience method for computing the HMAC Key Derivation Function.byte[][]parseHeader(byte[] payload) byte[]webpushSecret(String keyId, org.bouncycastle.jce.interfaces.ECPublicKey dh, byte[] authSecret, int mode) Combine Shared and Authentication Secrets See https://tools.ietf.org/html/draft-ietf-webpush-encryption-09#section-3.3.
Field Details
KEY_LENGTH
public static final int KEY_LENGTH- See Also:
SHA_256_LENGTH
public static final int SHA_256_LENGTH- See Also:
TAG_SIZE
public static final int TAG_SIZE- See Also:
TWO_BYTE_MAX
public static final int TWO_BYTE_MAX- See Also:
WEB_PUSH_INFO
- See Also:
Constructor Details
HttpEce
public HttpEce()HttpEce
Method Details
encrypt
public byte[] encrypt(byte[] plaintext, byte[] salt, byte[] privateKey, String keyid, org.bouncycastle.jce.interfaces.ECPublicKey dh, byte[] authSecret, Encoding version) throws GeneralSecurityException Encrypt the given plaintext.- Parameters:
plaintext- Payload to encrypt.salt- A random 16-byte bufferprivateKey- A private key to encrypt this message with (Web Push: the local private key)keyid- An identifier for the local key. Only applies to AESGCM. For AES128GCM, the header contains the keyid.dh- An Elliptic curve Diffie-Hellman public privateKey on the P-256 curve (Web Push: the user's keys.p256dh)authSecret- An authentication secret (Web Push: the user's keys.auth)version-- Returns:
- Throws:
GeneralSecurityException
decrypt
public byte[] decrypt(byte[] payload, byte[] salt, byte[] key, String keyid, Encoding version) throws InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, InvalidAlgorithmParameterException, BadPaddingException, NoSuchProviderException, NoSuchPaddingException Decrypt the payload.- Parameters:
payload- Header and body (ciphertext)salt- May be null when version is AES128GCM; the salt is extracted from the header.version- AES128GCM or AESGCM.- Returns:
- Throws:
InvalidKeyExceptionNoSuchAlgorithmExceptionIllegalBlockSizeExceptionInvalidAlgorithmParameterExceptionBadPaddingExceptionNoSuchProviderExceptionNoSuchPaddingException
parseHeader
public byte[][] parseHeader(byte[] payload) decryptRecord
public byte[] decryptRecord(byte[] ciphertext, byte[] key, byte[] nonce, Encoding version) throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException buildInfo
Future versions might require a null-terminated info string?- Parameters:
type-- Returns:
hkdfExpand
protected static byte[] hkdfExpand(byte[] ikm, byte[] salt, byte[] info, int length) Convenience method for computing the HMAC Key Derivation Function. The real work is offloaded to BouncyCastle.extractSecretAndContext
public byte[][] extractSecretAndContext(byte[] key, String keyId, org.bouncycastle.jce.interfaces.ECPublicKey dh, byte[] authSecret) throws InvalidKeyException, NoSuchAlgorithmException deriveKeyAndNonce
public byte[][] deriveKeyAndNonce(byte[] salt, byte[] key, String keyId, org.bouncycastle.jce.interfaces.ECPublicKey dh, byte[] authSecret, Encoding version, int mode) throws NoSuchAlgorithmException, InvalidKeyException webpushSecret
public byte[] webpushSecret(String keyId, org.bouncycastle.jce.interfaces.ECPublicKey dh, byte[] authSecret, int mode) throws NoSuchAlgorithmException, InvalidKeyException Combine Shared and Authentication Secrets See https://tools.ietf.org/html/draft-ietf-webpush-encryption-09#section-3.3.- Parameters:
keyId-dh-authSecret-mode-- Returns:
- Throws:
NoSuchAlgorithmExceptionInvalidKeyException