You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by sc...@apache.org on 2018/11/25 15:27:09 UTC
svn commit: r1847415 -
/tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java
Author: schultz
Date: Sun Nov 25 15:27:09 2018
New Revision: 1847415
URL: http://svn.apache.org/viewvc?rev=1847415&view=rev
Log:
Further re-factoring. No functional change.
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java
Modified: tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java?rev=1847415&r1=1847414&r2=1847415&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java (original)
+++ tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java Sun Nov 25 15:27:09 2018
@@ -20,6 +20,7 @@ import java.security.GeneralSecurityExce
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
import java.util.concurrent.ConcurrentLinkedQueue;
import javax.crypto.Cipher;
@@ -481,21 +482,15 @@ public class EncryptInterceptor extends
*/
private byte[][] encrypt(byte[] bytes) throws GeneralSecurityException {
Cipher cipher = null;
- SecureRandom random = null;
- byte[] iv = new byte[getIVSize()];
-
- try {
- random = getRandom();
-
- // Always use a random IV For cipher setup.
- // The recipient doesn't need the (matching) IV because we will always
- // pre-pad messages with the IV as a nonce.
- random.nextBytes(iv);
- IvParameterSpec IV = new IvParameterSpec(iv);
+ // Always use a random IV For cipher setup.
+ // The recipient doesn't need the (matching) IV because we will always
+ // pre-pad messages with the IV as a nonce.
+ byte[] iv = generateIVBytes();
+ try {
cipher = getCipher();
- cipher.init(Cipher.ENCRYPT_MODE, getSecretKey(), IV);
+ cipher.init(Cipher.ENCRYPT_MODE, getSecretKey(), generateIV(iv, 0, ivSize));
// Prepend the IV to the beginning of the encrypted data
byte[][] data = new byte[2][];
@@ -506,8 +501,6 @@ public class EncryptInterceptor extends
} finally {
if(null != cipher)
returnCipher(cipher);
- if(null != random)
- returnRandom(random);
}
}
@@ -523,9 +516,7 @@ public class EncryptInterceptor extends
private byte[] decrypt(byte[] bytes) throws GeneralSecurityException {
Cipher cipher = null;
- int ivSize = getIVSize();
- // Use first part of incoming data as IV
- IvParameterSpec IV = new IvParameterSpec(bytes, 0, ivSize);
+ AlgorithmParameterSpec IV = generateIV(bytes, 0, ivSize);
try {
cipher = getCipher();
@@ -539,5 +530,29 @@ public class EncryptInterceptor extends
returnCipher(cipher);
}
}
+
+ protected byte[] generateIVBytes() {
+ byte[] ivBytes = new byte[getIVSize()];
+
+ SecureRandom random = null;
+
+ try {
+ random = getRandom();
+
+ // Always use a random IV For cipher setup.
+ // The recipient doesn't need the (matching) IV because we will always
+ // pre-pad messages with the IV as a nonce.
+ random.nextBytes(ivBytes);
+
+ return ivBytes;
+ } finally {
+ if(null != random)
+ returnRandom(random);
+ }
+ }
+
+ protected AlgorithmParameterSpec generateIV(byte[] ivBytes, int offset, int length) {
+ return new IvParameterSpec(ivBytes, offset, length);
+ }
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org