otigges
diff --git a/‎openid-connect-common/pom.xml‎
Lines changed: 4 additions & 0 deletions b/‎openid-connect-common/pom.xml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJWTEncryptionAndDecryptionService.java‎
Lines changed: 28 additions & 6 deletions b/‎openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJWTEncryptionAndDecryptionService.java‎
Lines changed: 28 additions & 6 deletions
diff --git a/‎openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJWTEncryptionAndDecryptionService.java‎
Lines changed: 50 additions & 12 deletions b/‎openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJWTEncryptionAndDecryptionService.java‎
Lines changed: 50 additions & 12 deletions
diff --git a/‎pom.xml‎
Lines changed: 9 additions & 5 deletions b/‎pom.xml‎
Lines changed: 9 additions & 5 deletions
@@ -82,6 +82,10 @@
 <groupId>com.fasterxml.jackson.core</groupId>
 <artifactId>jackson-annotations</artifactId>
 </dependency>
+<dependency>
+<groupId>org.bouncycastle</groupId>
+<artifactId>bcprov-jdk15on</artifactId>
+</dependency>
 </dependencies>
 
 <packaging>jar</packaging>
 
@@ -40,8 +40,13 @@
 import com.nimbusds.jose.JWEObject;
 import com.nimbusds.jose.crypto.DirectDecrypter;
 import com.nimbusds.jose.crypto.DirectEncrypter;
+import com.nimbusds.jose.crypto.ECDHDecrypter;
+import com.nimbusds.jose.crypto.ECDHEncrypter;
 import com.nimbusds.jose.crypto.RSADecrypter;
 import com.nimbusds.jose.crypto.RSAEncrypter;
+import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
+import com.nimbusds.jose.jca.JCAContext;
+import com.nimbusds.jose.jwk.ECKey;
 import com.nimbusds.jose.jwk.JWK;
 import com.nimbusds.jose.jwk.OctetSequenceKey;
 import com.nimbusds.jose.jwk.RSAKey;
@@ -223,23 +228,40 @@ private void buildEncryptersAndDecrypters() throws NoSuchAlgorithmException, Inv
 if (jwk instanceof RSAKey) {
 // build RSA encrypters and decrypters
 
-RSAEncrypter encrypter = new RSAEncrypter(((RSAKey) jwk).toRSAPublicKey()); // there should always at least be the public key
+RSAEncrypter encrypter = new RSAEncrypter((RSAKey) jwk); // there should always at least be the public key
+encrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
 encrypters.put(id, encrypter);
 
 if (jwk.isPrivate()) { // we can decrypt!
-RSADecrypter decrypter = new RSADecrypter(((RSAKey) jwk).toRSAPrivateKey());
+RSADecrypter decrypter = new RSADecrypter((RSAKey) jwk);
+decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
 decrypters.put(id, decrypter);
 } else {
 logger.warn("No private key for key #" + jwk.getKeyID());
 }
-
-// TODO: add support for EC keys
+} else if (jwk instanceof ECKey) {
+
+// build EC Encrypters and decrypters
+
+ECDHEncrypter encrypter = new ECDHEncrypter((ECKey) jwk);
+encrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
+encrypters.put(id, encrypter);
+
+if (jwk.isPrivate()) { // we can decrypt too
+ECDHDecrypter decrypter = new ECDHDecrypter((ECKey) jwk);
+decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
+decrypters.put(id, decrypter);
+} else {
+logger.warn("No private key for key # " + jwk.getKeyID());
+}
 
 } else if (jwk instanceof OctetSequenceKey) {
 // build symmetric encrypters and decrypters
 
-DirectEncrypter encrypter = new DirectEncrypter(((OctetSequenceKey) jwk).toByteArray());
-DirectDecrypter decrypter = new DirectDecrypter(((OctetSequenceKey) jwk).toByteArray());
+DirectEncrypter encrypter = new DirectEncrypter((OctetSequenceKey) jwk);
+encrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
+DirectDecrypter decrypter = new DirectDecrypter((OctetSequenceKey) jwk);
+decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
 
 encrypters.put(id, encrypter);
 decrypters.put(id, decrypter);
 
@@ -23,16 +23,24 @@
 import java.util.List;
 import java.util.Map;
 
+import javax.crypto.Cipher;
+
+import org.junit.Assume;
 import org.junit.Before;
+import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.ExpectedException;
 import org.mitre.jose.keystore.JWKSetKeyStore;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import com.google.common.collect.ImmutableMap;
 import com.nimbusds.jose.EncryptionMethod;
 import com.nimbusds.jose.JOSEException;
 import com.nimbusds.jose.JWEAlgorithm;
 import com.nimbusds.jose.JWEHeader;
 import com.nimbusds.jose.JWEObject;
+import com.nimbusds.jose.jca.JCASupport;
 import com.nimbusds.jose.jwk.JWK;
 import com.nimbusds.jose.jwk.JWKSet;
 import com.nimbusds.jose.jwk.KeyUse;
@@ -57,14 +65,19 @@
  */
 
 public class TestDefaultJWTEncryptionAndDecryptionService {
+
+private static Logger logger = LoggerFactory.getLogger(TestDefaultJWTEncryptionAndDecryptionService.class); 
 
 private String plainText = "The true sign of intelligence is not knowledge but imagination.";
 
 private String issuer = "www.example.net";
 private String subject = "example_user";
 private JWTClaimsSet claimsSet = null;
+
+@Rule
+public ExpectedException exception = ExpectedException.none();
 
-// Example data taken from Mike Jones's draft-ietf-jose-json-web-encryption-14 appendix examples
+// Example data taken from rfc7516 appendix A
 private String compactSerializedJwe = "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ." +
 "OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe" +
 "ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb" +
@@ -167,9 +180,13 @@ public void prepare() throws NoSuchAlgorithmException, InvalidKeySpecException,
 }
 
 
-//@Test
-public void decrypt_RSA() throws ParseException {
+@Test
+public void decrypt_RSA() throws ParseException, NoSuchAlgorithmException {
 
+Assume.assumeTrue(JCASupport.isSupported(JWEAlgorithm.RSA_OAEP) // check for algorithm support
+&& JCASupport.isSupported(EncryptionMethod.A256GCM)
+&& Cipher.getMaxAllowedKeyLength("RC5") >= 256); // check for unlimited crypto strength
+
 service.setDefaultDecryptionKeyId(RSAkid);
 service.setDefaultEncryptionKeyId(RSAkid);
 
@@ -184,9 +201,13 @@ public void decrypt_RSA() throws ParseException {
 }
 
 
-//@Test
-public void encryptThenDecrypt_RSA() throws ParseException {
+@Test
+public void encryptThenDecrypt_RSA() throws ParseException, NoSuchAlgorithmException {
 
+Assume.assumeTrue(JCASupport.isSupported(JWEAlgorithm.RSA_OAEP) // check for algorithm support
+&& JCASupport.isSupported(EncryptionMethod.A256GCM)
+&& Cipher.getMaxAllowedKeyLength("RC5") >= 256); // check for unlimited crypto strength
+
 service.setDefaultDecryptionKeyId(RSAkid);
 service.setDefaultEncryptionKeyId(RSAkid);
 
@@ -212,9 +233,13 @@ public void encryptThenDecrypt_RSA() throws ParseException {
 
 
 // The same as encryptThenDecrypt_RSA() but relies on the key from the map
-//@Test
-public void encryptThenDecrypt_nullID() throws ParseException {
-
+@Test
+public void encryptThenDecrypt_nullID() throws ParseException, NoSuchAlgorithmException {
+
+Assume.assumeTrue(JCASupport.isSupported(JWEAlgorithm.RSA_OAEP) // check for algorithm support
+&& JCASupport.isSupported(EncryptionMethod.A256GCM)
+&& Cipher.getMaxAllowedKeyLength("RC5") >= 256); // check for unlimited crypto strength
+
 service.setDefaultDecryptionKeyId(null);
 service.setDefaultEncryptionKeyId(null);
 
@@ -239,9 +264,15 @@ public void encryptThenDecrypt_nullID() throws ParseException {
 }
 
 
-@Test(expected=IllegalStateException.class)
-public void encrypt_nullID_oneKey() {
+@Test
+public void encrypt_nullID_oneKey() throws NoSuchAlgorithmException {
+
+Assume.assumeTrue(JCASupport.isSupported(JWEAlgorithm.RSA_OAEP) // check for algorithm support
+&& JCASupport.isSupported(EncryptionMethod.A256GCM)
+&& Cipher.getMaxAllowedKeyLength("RC5") >= 256); // check for unlimited crypto strength
 
+exception.expect(IllegalStateException.class);
+
 service_2.setDefaultEncryptionKeyId(null);
 assertEquals(null, service_2.getDefaultEncryptionKeyId());
 
@@ -254,9 +285,16 @@ public void encrypt_nullID_oneKey() {
 }
 
 
-@Test(expected=IllegalStateException.class)
-public void decrypt_nullID() throws ParseException {
+@Test
+public void decrypt_nullID() throws ParseException, NoSuchAlgorithmException {
+
+Assume.assumeTrue(JCASupport.isSupported(JWEAlgorithm.RSA_OAEP) // check for algorithm support
+&& JCASupport.isSupported(EncryptionMethod.A256GCM)
+&& Cipher.getMaxAllowedKeyLength("RC5") >= 256); // check for unlimited crypto strength
+
 
+exception.expect(IllegalStateException.class);
+
 service_2.setDefaultEncryptionKeyId(RSAkid);
 service_2.setDefaultDecryptionKeyId(null);
 
 
@@ -335,6 +335,11 @@
 <artifactId>javax.persistence</artifactId>
 <version>2.1.0</version>
 </dependency>
+<dependency>
+<groupId>com.zaxxer</groupId>
+<artifactId>HikariCP</artifactId>
+<version>2.4.1</version>
+</dependency>
 
 
 <!-- Logging -->
@@ -470,13 +475,12 @@
 <dependency>
 <groupId>com.nimbusds</groupId>
 <artifactId>nimbus-jose-jwt</artifactId>
-<version>4.2</version>
+<version>4.3</version>
 </dependency>
-
 <dependency>
-<groupId>com.zaxxer</groupId>
-<artifactId>HikariCP</artifactId>
-<version>2.4.1</version>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <version>[1.52,]</version>
 </dependency>
 </dependencies>
 </dependencyManagement>