cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: CXF-5311: Quick update to make JweDecryptor thread safe, clean-up will have to be done later on
Date Tue, 01 Jul 2014 14:51:13 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 5b1cc9207 -> 73b6eee99


CXF-5311: Quick update to make JweDecryptor thread safe, clean-up will have to be done later
on


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/73b6eee9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/73b6eee9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/73b6eee9

Branch: refs/heads/master
Commit: 73b6eee9968cbb38b272566f5c8544e6269eeacf
Parents: 5b1cc92
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Jul 1 15:50:57 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Jul 1 15:50:57 2014 +0100

----------------------------------------------------------------------
 .../oauth2/jwe/AbstractJweDecryptor.java        | 68 +++++++++-----------
 .../oauth2/jwe/DirectKeyJweDecryptor.java       |  4 +-
 .../oauth2/jwe/WrappedKeyJweDecryptor.java      | 15 +++--
 3 files changed, 41 insertions(+), 46 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/73b6eee9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryptor.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryptor.java
index 6303717..1279e7f 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryptor.java
@@ -24,71 +24,65 @@ import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 
 public abstract class AbstractJweDecryptor implements JweDecryptor {
-    private JweCompactConsumer jweConsumer;
-    private CeProvider ceProvider = new CeProvider();
     private JweCryptoProperties props;
     protected AbstractJweDecryptor(JweCryptoProperties props) {
         this.props = props;
     }
     
-    protected abstract byte[] getContentEncryptionKey();
+    protected abstract byte[] getContentEncryptionKey(JweCompactConsumer consumer);
     
     public JweDecryptionOutput decrypt(String content) {
-        byte[] bytes = getJweConsumer(content).getDecryptedContent(ceProvider);
-        return new JweDecryptionOutput(getHeaders(), bytes);
-    }
-    private JweCompactConsumer getJweConsumer(String jweContent) {
-        if (jweConsumer == null) {
-            this.jweConsumer = new JweCompactConsumer(jweContent, props);
-        }
-        return jweConsumer;
+        JweCompactConsumer consumer = new JweCompactConsumer(content, props);
+        return doDecrypt(consumer);
     }
     
-    protected JweHeaders getHeaders() {
-        return getJweConsumer().getJweHeaders();
+    protected JweDecryptionOutput doDecrypt(JweCompactConsumer consumer) {
+        CeProvider ceProvider = new CeProvider(consumer);
+        byte[] bytes = consumer.getDecryptedContent(ceProvider);
+        return new JweDecryptionOutput(consumer.getJweHeaders(), bytes);
     }
-    
-    protected AlgorithmParameterSpec getContentDecryptionCipherSpec() {
-        return CryptoUtils.getContentEncryptionCipherSpec(getEncryptionAuthenticationTagLenBits(),

-                                                   getContentEncryptionCipherInitVector());
+    protected byte[] getEncryptedContentEncryptionKey(JweCompactConsumer consumer) {
+        return consumer.getEncryptedContentEncryptionKey();
     }
-    protected byte[] getEncryptedContentEncryptionKey() {
-        return getJweConsumer().getEncryptedContentEncryptionKey();
+    protected AlgorithmParameterSpec getContentDecryptionCipherSpec(JweCompactConsumer consumer)
{
+        return CryptoUtils.getContentEncryptionCipherSpec(getEncryptionAuthenticationTagLenBits(consumer),

+                                                   getContentEncryptionCipherInitVector(consumer));
     }
-    protected String getContentEncryptionAlgorithm() {
-        return Algorithm.toJavaName(getHeaders().getContentEncryptionAlgorithm());
+    protected String getContentEncryptionAlgorithm(JweCompactConsumer consumer) {
+        return Algorithm.toJavaName(consumer.getJweHeaders().getContentEncryptionAlgorithm());
     }
-    protected byte[] getContentEncryptionCipherAAD() {
-        return getJweConsumer().getContentEncryptionCipherAAD();
+    protected byte[] getContentEncryptionCipherAAD(JweCompactConsumer consumer) {
+        return consumer.getContentEncryptionCipherAAD();
     }
-    protected byte[] getEncryptedContentWithAuthTag() {
-        return getJweConsumer().getEncryptedContentWithAuthTag();
+    protected byte[] getEncryptedContentWithAuthTag(JweCompactConsumer consumer) {
+        return consumer.getEncryptedContentWithAuthTag();
     }
-    protected byte[] getContentEncryptionCipherInitVector() { 
-        return getJweConsumer().getContentDecryptionCipherInitVector();
+    protected byte[] getContentEncryptionCipherInitVector(JweCompactConsumer consumer) {

+        return consumer.getContentDecryptionCipherInitVector();
     }
-    protected byte[] getEncryptionAuthenticationTag() {
-        return getJweConsumer().getEncryptionAuthenticationTag();
+    protected byte[] getEncryptionAuthenticationTag(JweCompactConsumer consumer) {
+        return consumer.getEncryptionAuthenticationTag();
     }
-    protected int getEncryptionAuthenticationTagLenBits() {
-        return getEncryptionAuthenticationTag().length * 8;
-    }
-    protected JweCompactConsumer getJweConsumer() { 
-        return jweConsumer;
+    protected int getEncryptionAuthenticationTagLenBits(JweCompactConsumer consumer) {
+        return getEncryptionAuthenticationTag(consumer).length * 8;
     }
     
-    private class CeProvider implements ContentEncryptionProvider {
+    protected class CeProvider implements ContentEncryptionProvider {
 
+        private JweCompactConsumer consumer;
+        public CeProvider(JweCompactConsumer consumer) {
+            this.consumer = consumer;
+        }
         @Override
         public byte[] getContentEncryptionKey(JweHeaders headers, byte[] encryptedKey) {
-            return AbstractJweDecryptor.this.getContentEncryptionKey();
+            return AbstractJweDecryptor.this.getContentEncryptionKey(consumer);
         }
 
         @Override
         public AlgorithmParameterSpec getContentEncryptionCipherSpec(JweHeaders headers,
                                                                      int authTagLength,
                                                                      byte[] initVector) {
-            return getContentDecryptionCipherSpec();
+            return getContentDecryptionCipherSpec(consumer);
         }
         
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/73b6eee9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryptor.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryptor.java
index aaa76f7..b733031 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryptor.java
@@ -30,8 +30,8 @@ public class DirectKeyJweDecryptor extends AbstractJweDecryptor {
         this.contentDecryptionKey = contentDecryptionKey.getEncoded();
     }
     @Override
-    protected byte[] getContentEncryptionKey() {
-        byte[] encryptedCEK = getEncryptedContentEncryptionKey();
+    protected byte[] getContentEncryptionKey(JweCompactConsumer consumer) {
+        byte[] encryptedCEK = getEncryptedContentEncryptionKey(consumer);
         if (encryptedCEK != null && encryptedCEK.length > 0) {
             throw new SecurityException();
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/73b6eee9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryptor.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryptor.java
index b9b892c..6688670 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryptor.java
@@ -42,14 +42,15 @@ public class WrappedKeyJweDecryptor extends AbstractJweDecryptor {
         this.cekDecryptionKey = cekDecryptionKey;
         this.unwrap = unwrap;
     }
-    protected byte[] getContentEncryptionKey() {
-        KeyProperties keyProps = new KeyProperties(getKeyEncryptionAlgorithm());
+    protected byte[] getContentEncryptionKey(JweCompactConsumer consumer) {
+        KeyProperties keyProps = new KeyProperties(getKeyEncryptionAlgorithm(consumer));
         if (!unwrap) {
             keyProps.setBlockSize(getKeyCipherBlockSize());
-            return CryptoUtils.decryptBytes(getEncryptedContentEncryptionKey(), getCekDecryptionKey(),
keyProps);
+            return CryptoUtils.decryptBytes(getEncryptedContentEncryptionKey(consumer), 
+                                            getCekDecryptionKey(), keyProps);
         } else {
-            return CryptoUtils.unwrapSecretKey(getEncryptedContentEncryptionKey(), 
-                                               getContentEncryptionAlgorithm(), 
+            return CryptoUtils.unwrapSecretKey(getEncryptedContentEncryptionKey(consumer),

+                                               getContentEncryptionAlgorithm(consumer), 
                                                getCekDecryptionKey(), 
                                                keyProps).getEncoded();
         }
@@ -60,7 +61,7 @@ public class WrappedKeyJweDecryptor extends AbstractJweDecryptor {
     protected int getKeyCipherBlockSize() {
         return -1;
     }
-    protected String getKeyEncryptionAlgorithm() {
-        return Algorithm.toJavaName(getHeaders().getKeyEncryptionAlgorithm());
+    protected String getKeyEncryptionAlgorithm(JweCompactConsumer consumer) {
+        return Algorithm.toJavaName(consumer.getJweHeaders().getKeyEncryptionAlgorithm());
     }
 }


Mime
View raw message