You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/07/20 19:44:31 UTC
cxf git commit: [CXF-6972] Avoiding unnecessary CEK Cipher creation
for 2nd or higher recipient
Repository: cxf
Updated Branches:
refs/heads/master c7ebda63c -> 8993a3d7c
[CXF-6972] Avoiding unnecessary CEK Cipher creation for 2nd or higher recipient
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8993a3d7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8993a3d7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8993a3d7
Branch: refs/heads/master
Commit: 8993a3d7c96df930ec749750e031d7455238f512
Parents: c7ebda6
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Wed Jul 20 22:02:32 2016 +0300
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Wed Jul 20 22:44:13 2016 +0300
----------------------------------------------------------------------
.../jose/jwe/AbstractJweEncryption.java | 22 ++++++++++++--------
.../security/jose/jwe/JweEncryptionInput.java | 7 +++++++
.../rs/security/jose/jwe/JweJsonProducer.java | 1 +
3 files changed, 21 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/8993a3d7/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
index a7117ff..0260f70 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
@@ -106,15 +106,19 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
AuthenticationTagProducer authTagProducer = null;
byte[] cipher = null;
byte[] authTag = null;
- if (jweInput.getContent() == null) {
- c = CryptoUtils.initCipher(createCekSecretKey(state), state.keyProps,
- Cipher.ENCRYPT_MODE);
- authTagProducer = getAuthenticationTagProducer(state);
- } else {
- byte[] encryptedContent = encryptInternal(state, jweInput.getContent());
- cipher = getActualCipher(encryptedContent);
- authTag = getAuthenticationTag(state, encryptedContent);
- }
+ if (jweInput.isContentEncryptionRequired()) {
+ if (jweInput.getContent() == null) {
+ // Streaming
+ c = CryptoUtils.initCipher(createCekSecretKey(state), state.keyProps,
+ Cipher.ENCRYPT_MODE);
+ authTagProducer = getAuthenticationTagProducer(state);
+ } else {
+ byte[] encryptedContent = encryptInternal(state, jweInput.getContent());
+ cipher = getActualCipher(encryptedContent);
+ authTag = getAuthenticationTag(state, encryptedContent);
+ }
+ }
+ // else only CEK is encrypted
return new JweEncryptionOutput(c,
state.theHeaders,
state.jweContentEncryptionKey,
http://git-wip-us.apache.org/repos/asf/cxf/blob/8993a3d7/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionInput.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionInput.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionInput.java
index a1336ca..10cff80 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionInput.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionInput.java
@@ -24,6 +24,7 @@ public class JweEncryptionInput {
private byte[] iv;
private byte[] aad;
private byte[] content;
+ private boolean contentEncryptionRequired = true;
public JweEncryptionInput() {
}
@@ -87,4 +88,10 @@ public class JweEncryptionInput {
public void setContent(byte[] content) {
this.content = content;
}
+ public boolean isContentEncryptionRequired() {
+ return contentEncryptionRequired;
+ }
+ public void setContentEncryptionRequired(boolean required) {
+ this.contentEncryptionRequired = required;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8993a3d7/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
index 3a3d745..4e8cf71 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
@@ -123,6 +123,7 @@ public class JweJsonProducer {
JweEncryptionInput input = createEncryptionInput(jsonHeaders);
if (i > 0) {
input.setContent(null);
+ input.setContentEncryptionRequired(false);
}
JweEncryptionOutput state = encryptor.getEncryptionOutput(input);
byte[] currentCipherText = state.getEncryptedContent();