cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject [14/42] cxf git commit: [CXF-6972] Avoiding unnecessary CEK Cipher creation for 2nd or higher recipient
Date Tue, 26 Jul 2016 00:41:19 GMT
[CXF-6972] Avoiding unnecessary CEK Cipher creation for 2nd or higher recipient


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8993a3d7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8993a3d7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8993a3d7

Branch: refs/heads/master-jaxrs-2.1
Commit: 8993a3d7c96df930ec749750e031d7455238f512
Parents: c7ebda6
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Jul 20 22:02:32 2016 +0300
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Jul 20 22:44:13 2016 +0300

----------------------------------------------------------------------
 .../jose/jwe/AbstractJweEncryption.java         | 22 ++++++++++++--------
 .../security/jose/jwe/JweEncryptionInput.java   |  7 +++++++
 .../rs/security/jose/jwe/JweJsonProducer.java   |  1 +
 3 files changed, 21 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/8993a3d7/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
index a7117ff..0260f70 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
@@ -106,15 +106,19 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider
{
         AuthenticationTagProducer authTagProducer = null;
         byte[] cipher = null;
         byte[] authTag = null;
-        if (jweInput.getContent() == null) {
-            c = CryptoUtils.initCipher(createCekSecretKey(state), state.keyProps, 
-                                              Cipher.ENCRYPT_MODE);
-            authTagProducer = getAuthenticationTagProducer(state);
-        } else {
-            byte[] encryptedContent = encryptInternal(state, jweInput.getContent());
-            cipher = getActualCipher(encryptedContent);
-            authTag = getAuthenticationTag(state, encryptedContent);    
-        }
+        if (jweInput.isContentEncryptionRequired()) {
+            if (jweInput.getContent() == null) {
+                // Streaming
+                c = CryptoUtils.initCipher(createCekSecretKey(state), state.keyProps, 
+                                                  Cipher.ENCRYPT_MODE);
+                authTagProducer = getAuthenticationTagProducer(state);
+            } else {
+                byte[] encryptedContent = encryptInternal(state, jweInput.getContent());
+                cipher = getActualCipher(encryptedContent);
+                authTag = getAuthenticationTag(state, encryptedContent);    
+            }
+        } 
+        // else only CEK is encrypted  
         return new JweEncryptionOutput(c, 
                                       state.theHeaders, 
                                       state.jweContentEncryptionKey, 

http://git-wip-us.apache.org/repos/asf/cxf/blob/8993a3d7/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionInput.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionInput.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionInput.java
index a1336ca..10cff80 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionInput.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionInput.java
@@ -24,6 +24,7 @@ public class JweEncryptionInput {
     private byte[] iv;
     private byte[] aad;
     private byte[] content;
+    private boolean contentEncryptionRequired = true;
     public JweEncryptionInput() {
         
     }
@@ -87,4 +88,10 @@ public class JweEncryptionInput {
     public void setContent(byte[] content) {
         this.content = content;
     }
+    public boolean isContentEncryptionRequired() {
+        return contentEncryptionRequired;
+    }
+    public void setContentEncryptionRequired(boolean required) {
+        this.contentEncryptionRequired = required;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8993a3d7/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
index 3a3d745..4e8cf71 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
@@ -123,6 +123,7 @@ public class JweJsonProducer {
             JweEncryptionInput input = createEncryptionInput(jsonHeaders);
             if (i > 0) {    
                 input.setContent(null);
+                input.setContentEncryptionRequired(false);
             }
             JweEncryptionOutput state = encryptor.getEncryptionOutput(input);
             byte[] currentCipherText = state.getEncryptedContent();


Mime
View raw message