966. (Android/Java) [nimbusds] JWE AES 128 GCM 디코딩 복호화 수행 실시 - A128GCM , A128GCMKW

---

[개발 환경 설정]

​

개발 툴 : AndroidStudio

개발 언어 : Java / Kotlin

​

 

---

[소스 코드]

​

// --------------------------------------------------------------------------------------
[개발 및 테스트 환경]
// --------------------------------------------------------------------------------------

- 언어 : Java / Kotlin

- 개발 툴 : AndroidStudio

- 기술 구분 : nimbusds / JWE / JWT / AES

// --------------------------------------------------------------------------------------






// --------------------------------------------------------------------------------------
[nimbusds 라이브러리 의존성 부여 설정 : build.gradle]
// --------------------------------------------------------------------------------------

// TODO [JWE 암복호화 관련]

implementation 'com.nimbusds:nimbus-jose-jwt:10.0.2'

// --------------------------------------------------------------------------------------






// --------------------------------------------------------------------------------------
[Java : 소스 코드]
// --------------------------------------------------------------------------------------

// --------------------------------------------------------------------
// TODO [전역 변수 선언]
// --------------------------------------------------------------------
private static final String AES128_GCM_KEY = "0123456789abcdef"; // [16 바이트]




// --------------------------------------------------------------------
// TODO [AES GCM : JWE 디코딩 수행]
// --------------------------------------------------------------------
// TODO [Call Method]
// --------------------------------------------------------------------
/*
String jweString = "eyJjdHkiOiJhcHBsaWNhdGlvbi9qc29uIiwidHlwIjoiSldFIiwiZW5jIjoiQTEyOEdDTSIsInRhZyI6InpScnBpWFgwdjlaRmg3enNXMGtLV2ciLCJhbGciOiJBMTI4R0NNS1ciLCJpdiI6InM3UklpeHk4NFVNUmxDb2EifQ.OaMpJOgmB8g0V5Srj3evvQ.yNaG7f8q8SWuppQP.emJ6aJIadvX_pdVF3i2r8obj3jOQ_XpP0WqRBReAFT5KFvmfUVSwmVINVMlKvR8-O9LZ4xrBv1qeuuOpKdkMKCzV9ebX1nfEnMD3p4CQgZoCg4chNroqG9yV0PrbL5tgrdE.62ye1ZcMy4CkFV6ADJHMzw";

C_JWE_Encryption_Module.decodeAes128GcmJwe(jweString);
*/
// --------------------------------------------------------------------
// TODO [Return Data]
// --------------------------------------------------------------------
/*
D///===========//: ================================================
I/: [LOG :: CLASS PLACE :: com.example.javaproject.C_Module.C_JWE_Encryption_Module.decodeAes128GcmJwe(C_JWE_Encryption_Module.java:354)]
I/: ----------------------------------------------------
I/: [LOG :: DESCRIPTION :: C_JWE_Encryption_Module :: decodeAes128GcmJwe :: EncryptedJWT.parse 정보 확인]
I/: ----------------------------------------------------
I/: [LOG :: getHeader :: {"cty":"application/json","typ":"JWE","enc":"A128GCM","tag":"zRrpiXX0v9ZFh7zsW0kKWg","alg":"A128GCMKW","iv":"s7RIixy84UMRlCoa"}]
I/: ----------------------------------------------------
I/: [LOG :: getEncryptedKey :: OaMpJOgmB8g0V5Srj3evvQ]
I/: ----------------------------------------------------
I/: [LOG :: getCipherText :: emJ6aJIadvX_pdVF3i2r8obj3jOQ_XpP0WqRBReAFT5KFvmfUVSwmVINVMlKvR8-O9LZ4xrBv1qeuuOpKdkMKCzV9ebX1nfEnMD3p4CQgZoCg4chNroqG9yV0PrbL5tgrdE]
I/: ----------------------------------------------------
I/: [LOG :: getIV :: yNaG7f8q8SWuppQP]
I/: ----------------------------------------------------
I/: [LOG :: getAuthTag :: 62ye1ZcMy4CkFV6ADJHMzw]
I/: ----------------------------------------------------
I/: [LOG :: getState :: DECRYPTED]
D///===========//: ================================================


D///===========//: ================================================
I/: [LOG :: CLASS PLACE :: com.example.javaproject.C_Module.C_JWE_Encryption_Module.decodeAes128GcmJwe(C_JWE_Encryption_Module.java:387)]
I/: ----------------------------------------------------
I/: [LOG :: DESCRIPTION :: C_JWE_Encryption_Module :: decodeAes128GcmJwe :: JWE 디코딩 수행]
I/: ----------------------------------------------------
I/: [LOG :: KEY :: 0123456789abcdef]
I/: ----------------------------------------------------
I/: [LOG :: Decode :: {iss=App, exp=1743486179, iat=1743486119, employeeNo=T_1234567890, name=투케이}]
D///===========//: ================================================
*/
// --------------------------------------------------------------------
public static String decodeAes128GcmJwe(String jweString){

    String returnData = null; // [Return 데이터]
    String M_LOG = null; // [Log 데이터]

    try {

        // -----------------------------------------------
        // TODO [1] : [key >> Byte 변환]
        // -----------------------------------------------
        byte keyBytes [] = AES128_GCM_KEY.getBytes(StandardCharsets.UTF_8);


        // -----------------------------------------------
        // TODO [2] : [SecretKey 가져오기]
        // -----------------------------------------------
        SecretKeySpec secretKeySpec = new SecretKeySpec(keyBytes, "AES");


        // -----------------------------------------------
        // TODO [3] : [EncryptedJWT 생성] / [디코딩 수행 실시]
        // -----------------------------------------------
        // TODO 참고 : AESDecrypter 을 사용해 단독 디코딩 수행 시 getEncryptedKey, getIV 파싱 후 복호화 필요
        // -----------------------------------------------
        //*
        EncryptedJWT decryptedJWT = EncryptedJWT.parse(jweString);
        //JWEObject decryptedJWT = JWEObject.parse(jweString);

        //decryptedJWT.decrypt(new DirectDecrypter(secretKeySpec)); // TODO [알고리즘 : DIR]
        decryptedJWT.decrypt(new AESDecrypter(secretKeySpec)); // TODO [알고리즘 : JWEAlgorithm.A128GCMKW]

        S_Log._D_(ACTIVITY_NAME + " :: decodeAes128GcmJwe :: EncryptedJWT.parse 정보 확인", new String[]{
                "getHeader :: " + decryptedJWT.getHeader(),
                "getEncryptedKey :: " + decryptedJWT.getEncryptedKey(),
                "getCipherText :: " + decryptedJWT.getCipherText(),
                "getIV :: " + decryptedJWT.getIV(),
                "getAuthTag :: " + decryptedJWT.getAuthTag(),
                "getState :: " + decryptedJWT.getState()
        });

        String payloadString = decryptedJWT.getPayload().toJSONObject().toString();
        // */


        // -----------------------------------------------
        // TODO [4] : [payloadString 토큰 널 체크 수행]
        // -----------------------------------------------
        if (C_Util.stringNotNull(payloadString) == true){
            returnData = payloadString;
        }
        else {
            M_LOG = "Error : payloadString Is Null";
        }

    }
    catch (Exception e){
        e.printStackTrace();

        M_LOG = "Exception : " + e.getMessage();
    }


    try { M_LOG = (M_LOG != null) ? M_LOG : ( (returnData != null) ? "Decode :: " + returnData : "Decode :: null" ); } catch (Exception el){}

    S_Log._D_(ACTIVITY_NAME + " :: decodeAes128GcmJwe :: JWE 디코딩 수행", new String[]{"KEY :: " + AES128_GCM_KEY, String.valueOf(M_LOG)});


    return returnData;

}

// --------------------------------------------------------------------------------------





// --------------------------------------------------------------------------------------
[참고 사이트]
// --------------------------------------------------------------------------------------

[온라인 JWT 토큰 복호화 및 헤더 값 확인 참고 사이트]

https://fusionauth.io/dev-tools/jwt-decoder


[라이브러리] [nimbus-jose-jwt] JWE (JSON Web Encryption) JSON 웹 암호화 및 복호화 라이브러리

https://blog.naver.com/kkh0977/223817959400?trackingCode=blog_bloghome_searchlist


[JWT (Json Web Token) 개념 설명]

https://blog.naver.com/kkh0977/222934042760?trackingCode=blog_bloghome_searchlist


[JWE (JSON Web Encryption) JSON 웹 암호화 설명]

https://blog.naver.com/kkh0977/223817878517?trackingCode=blog_bloghome_searchlist

// --------------------------------------------------------------------------------------

 

---

[참고 사이트]

​

https://blog.naver.com/kkh0977/223817878517?trackingCode=blog_bloghome_searchlist

267. [IT 기술] JWE (JSON Web Encryption) JSON 웹 암호화 설명

---