cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-6972] Relaxing the requirement to extend JweJsonProducer when multiple recipients are used
Date Wed, 20 Jul 2016 20:18:32 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 471c0773a -> e7083363e


[CXF-6972] Relaxing the requirement to extend JweJsonProducer when multiple recipients are
used


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e7083363
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e7083363
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e7083363

Branch: refs/heads/3.1.x-fixes
Commit: e7083363ec6bd06a3ccd324a5ae6d7e28642583e
Parents: 471c077
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Jul 20 23:16:58 2016 +0300
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Jul 20 23:18:20 2016 +0300

----------------------------------------------------------------------
 .../jwe/AbstractContentEncryptionAlgorithm.java |  2 +-
 .../jose/jwe/AbstractJweEncryption.java         | 54 ++++++++++----------
 .../jwe/AesGcmContentEncryptionAlgorithm.java   |  6 +++
 .../security/jose/jwe/JweJsonProducerTest.java  | 13 ++---
 4 files changed, 38 insertions(+), 37 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e7083363/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
index 355a21b..3e08de2 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
@@ -48,7 +48,7 @@ public abstract class AbstractContentEncryptionAlgorithm extends AbstractContent
         if (iv == null) {
             return CryptoUtils.generateSecureRandomBytes(getIvSize() / 8);
         } else if (iv.length > 0 && providedIvUsageCount.addAndGet(1) > 1)
{
-            LOG.warning("Custom IV is recommeded to be used once");
+            LOG.warning("Custom IV is recommended to be used once");
             throw new JweException(JweException.Error.CUSTOM_IV_REUSED);
         } else {
             return iv;

http://git-wip-us.apache.org/repos/asf/cxf/blob/e7083363/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
index 0260f70..a72b24a 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
@@ -87,7 +87,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider
{
     }
     @Override
     public String encrypt(byte[] content, JweHeaders jweHeaders) {
-        JweEncryptionInternal state = getInternalState(jweHeaders, null);
+        JweEncryptionInternal state = getInternalState(jweHeaders, new JweEncryptionInput());
         
         byte[] encryptedContent = encryptInternal(state, content);
         byte[] cipher = getActualCipher(encryptedContent);
@@ -198,36 +198,36 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider
{
             protectedHeaders = theHeaders;
         }
         
-        
-        
-        byte[] theCek = jweInput != null && jweInput.getCek() != null 
+        byte[] theCek = jweInput.getCek() != null 
             ? jweInput.getCek() : getContentEncryptionKey(theHeaders);
-        String contentEncryptionAlgoJavaName = getContentEncryptionAlgoJava();
-        KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName);
-        keyProps.setCompressionSupported(compressionRequired(theHeaders));
-        
-        byte[] theIv = jweInput != null && jweInput.getIv() != null  
-            ? jweInput.getIv() : getContentEncryptionAlgorithm().getInitVector();
-        AlgorithmParameterSpec specParams = getAlgorithmParameterSpec(theIv);
-        keyProps.setAlgoSpec(specParams);
-        byte[] jweContentEncryptionKey = 
-            getEncryptedContentEncryptionKey(theHeaders, theCek);
-        
         
-        String protectedHeadersJson = writer.toJson(protectedHeaders);
+        JweEncryptionInternal state = new JweEncryptionInternal();
+        state.jweContentEncryptionKey = getEncryptedContentEncryptionKey(theHeaders, theCek);
         
-        byte[] additionalEncryptionParam = getAAD(protectedHeadersJson, 
-                                                  jweInput == null ? null : jweInput.getAad());
-        keyProps.setAdditionalData(additionalEncryptionParam);
+        if (jweInput.isContentEncryptionRequired()) {
+            String contentEncryptionAlgoJavaName = getContentEncryptionAlgoJava();
+            KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName);
+            keyProps.setCompressionSupported(compressionRequired(theHeaders));
+            
+            byte[] theIv = jweInput.getIv() != null  
+                ? jweInput.getIv() : getContentEncryptionAlgorithm().getInitVector();
+            AlgorithmParameterSpec specParams = getAlgorithmParameterSpec(theIv);
+            keyProps.setAlgoSpec(specParams);
+           
+            String protectedHeadersJson = writer.toJson(protectedHeaders);
+            
+            byte[] additionalEncryptionParam = getAAD(protectedHeadersJson, 
+                                                      jweInput == null ? null : jweInput.getAad());
+            keyProps.setAdditionalData(additionalEncryptionParam);
+            
+            state.keyProps = keyProps;
+            state.theIv = theIv;
+            state.theHeaders = theHeaders;
+            state.protectedHeadersJson = protectedHeadersJson;
+            state.aad = jweInput != null ? jweInput.getAad() : null;
+            state.secretKey = theCek;
+        }
         
-        JweEncryptionInternal state = new JweEncryptionInternal();
-        state.theHeaders = theHeaders;
-        state.jweContentEncryptionKey = jweContentEncryptionKey;
-        state.keyProps = keyProps;
-        state.secretKey = theCek; 
-        state.theIv = theIv;
-        state.protectedHeadersJson = protectedHeadersJson;
-        state.aad = jweInput != null ? jweInput.getAad() : null;
         return state;
     }
     private boolean compressionRequired(JweHeaders theHeaders) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/e7083363/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
index 4f87829..bba6251 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
@@ -36,9 +36,15 @@ public class AesGcmContentEncryptionAlgorithm extends AbstractContentEncryptionA
     public AesGcmContentEncryptionAlgorithm(String encodedCek, ContentAlgorithm algo) {
         this((byte[])CryptoUtils.decodeSequence(encodedCek), null, algo);
     }
+    public AesGcmContentEncryptionAlgorithm(SecretKey key, ContentAlgorithm algo) { 
+        this(key, (byte[])null, algo);    
+    }
     public AesGcmContentEncryptionAlgorithm(SecretKey key, byte[] iv, ContentAlgorithm algo)
{ 
         this(key.getEncoded(), iv, algo);    
     }
+    public AesGcmContentEncryptionAlgorithm(byte[] cek, ContentAlgorithm algo) { 
+        this(cek, (byte[])null, algo);    
+    }
     public AesGcmContentEncryptionAlgorithm(byte[] cek, byte[] iv, ContentAlgorithm algo)
{ 
         super(cek, iv, checkAlgorithm(algo));    
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e7083363/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
index b6db1c3..473da68 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
@@ -284,7 +284,9 @@ public class JweJsonProducerTest extends Assert {
         KeyEncryptionProvider keyEncryption1 = 
             JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, KeyAlgorithm.A128KW);
         ContentEncryptionProvider contentEncryption = 
-            JweUtils.getContentEncryptionProvider(ContentAlgorithm.A128GCM);
+            new AesGcmContentEncryptionAlgorithm(CEK_BYTES, JweCompactReaderWriterTest.INIT_VECTOR_A1,
+                                                 ContentAlgorithm.A128GCM);
+            
         JweEncryptionProvider jwe1 = new JweEncryption(keyEncryption1, contentEncryption);
         KeyEncryptionProvider keyEncryption2 = 
             JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, KeyAlgorithm.A128KW);
@@ -300,14 +302,7 @@ public class JweJsonProducerTest extends Assert {
                                                 sharedUnprotectedHeaders,
                                                 StringUtils.toBytesUTF8(text),
                                                 StringUtils.toBytesUTF8(EXTRA_AAD_SOURCE),
-                                                false) {
-            protected JweEncryptionInput createEncryptionInput(JweHeaders jsonHeaders) {
-                JweEncryptionInput input = super.createEncryptionInput(jsonHeaders);
-                input.setCek(CEK_BYTES);
-                input.setIv(JweCompactReaderWriterTest.INIT_VECTOR_A1);
-                return input;
-            }
-        };
+                                                false);
         
         String jweJson = p.encryptWith(jweProviders, perRecipientHeades);
         assertEquals(MULTIPLE_RECIPIENTS_OUTPUT, jweJson);


Mime
View raw message