You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2020/02/14 11:57:55 UTC
svn commit: r1874014 - in /santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security: encryption/ stax/impl/processor/output/ stax/impl/util/

Author: coheigea
Date: Fri Feb 14 11:57:55 2020
New Revision: 1874014

URL: http://svn.apache.org/viewvc?rev=1874014&view=rev
Log:
Remove unneeded reflection code from XMLCipherUtils

Modified:
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipherUtil.java
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/util/IVSplittingOutputStream.java

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java?rev=1874014&r1=1874013&r2=1874014&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java Fri Feb 14 11:57:55 2020
@@ -1226,7 +1226,7 @@ public class XMLCipher {
      *         specified algorithm
      */
     private AlgorithmParameterSpec constructBlockCipherParameters(String algorithm, byte[] iv) {
-        return XMLCipherUtil.constructBlockCipherParameters(algorithm, iv, this.getClass());
+        return XMLCipherUtil.constructBlockCipherParameters(algorithm, iv);
     }
 
     /**

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipherUtil.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipherUtil.java?rev=1874014&r1=1874013&r2=1874014&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipherUtil.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipherUtil.java Fri Feb 14 11:57:55 2020
@@ -22,9 +22,9 @@ import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.security.spec.AlgorithmParameterSpec;
 
+import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.IvParameterSpec;
 
-import org.apache.xml.security.utils.ClassLoaderUtils;
 import org.apache.xml.security.utils.EncryptionConstants;
 
 public final class XMLCipherUtil {
@@ -45,27 +45,27 @@ public final class XMLCipherUtil {
      * @return the newly constructed AlgorithmParameterSpec instance, appropriate for the
      *         specified algorithm
      */
-    public static AlgorithmParameterSpec constructBlockCipherParameters(String algorithm, byte[] iv, Class<?> callingClass) {
+    public static AlgorithmParameterSpec constructBlockCipherParameters(String algorithm, byte[] iv) {
         if (EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM.equals(algorithm)
                 || EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM.equals(algorithm)
                 || EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM.equals(algorithm)) {
-            return constructBlockCipherParametersForGCMAlgorithm(algorithm, iv, callingClass);
+            return constructBlockCipherParametersForGCMAlgorithm(algorithm, iv);
         } else {
             LOG.debug("Saw non-AES-GCM mode block cipher, returning IvParameterSpec: {}", algorithm);
             return new IvParameterSpec(iv);
         }
     }
 
-    public static AlgorithmParameterSpec constructBlockCipherParameters(boolean gcmAlgorithm, byte[] iv, Class<?> callingClass) {
+    public static AlgorithmParameterSpec constructBlockCipherParameters(boolean gcmAlgorithm, byte[] iv) {
         if (gcmAlgorithm) {
-            return constructBlockCipherParametersForGCMAlgorithm("AES/GCM/NoPadding", iv, callingClass);
+            return constructBlockCipherParametersForGCMAlgorithm("AES/GCM/NoPadding", iv);
         } else {
             LOG.debug("Saw non-AES-GCM mode block cipher, returning IvParameterSpec");
             return new IvParameterSpec(iv);
         }
     }
 
-    private static AlgorithmParameterSpec constructBlockCipherParametersForGCMAlgorithm(String algorithm, byte[] iv, Class<?> callingClass) {
+    private static AlgorithmParameterSpec constructBlockCipherParametersForGCMAlgorithm(String algorithm, byte[] iv) {
         if (gcmUseIvParameterSpec) {
             // This override allows to support Java 1.7+ with (usually older versions of) third-party security
             // providers which support or even require GCM via IvParameterSpec rather than GCMParameterSpec,
@@ -76,20 +76,8 @@ public final class XMLCipherUtil {
 
         LOG.debug("Saw AES-GCM block cipher, attempting to create GCMParameterSpec: {}", algorithm);
 
-        try {
-            // This class only added in Java 1.7. So load reflectively until Santuario starts targeting a minimum of Java 1.7.
-            Class<?> gcmSpecClass = ClassLoaderUtils.loadClass("javax.crypto.spec.GCMParameterSpec", callingClass);
-
-            // XML Encryption 1.1 mandates a 128-bit Authentication Tag for AES GCM modes.
-            AlgorithmParameterSpec gcmSpec = (AlgorithmParameterSpec) gcmSpecClass.getConstructor(int.class, byte[].class)
-                    .newInstance(128, iv);
-            LOG.debug("Successfully created GCMParameterSpec");
-            return gcmSpec;
-        } catch (Exception e) {
-            // This handles the case of Java < 1.7 with a third-party security provider that
-            // supports GCM mode using only an IvParameterSpec, such as BouncyCastle.
-            LOG.debug("Failed to create GCMParameterSpec, falling back to returning IvParameterSpec", e);
-            return new IvParameterSpec(iv);
-        }
+        GCMParameterSpec gcmSpec = new GCMParameterSpec(128, iv);
+        LOG.debug("Successfully created GCMParameterSpec");
+        return gcmSpec;
     }
 }

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java?rev=1874014&r1=1874013&r2=1874014&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java Fri Feb 14 11:57:55 2020
@@ -170,7 +170,7 @@ public abstract class AbstractEncryptOut
                 int ivLen = JCEMapper.getIVLengthFromURI(encryptionSymAlgorithm) / 8;
                 byte[] iv = XMLSecurityConstants.generateBytes(ivLen);
                 AlgorithmParameterSpec parameterSpec =
-                    XMLCipherUtil.constructBlockCipherParameters(encryptionSymAlgorithm, iv, this.getClass());
+                    XMLCipherUtil.constructBlockCipherParameters(encryptionSymAlgorithm, iv);
                 symmetricCipher.init(Cipher.ENCRYPT_MODE, encryptionPartDef.getSymmetricKey(), parameterSpec);
 
                 characterEventGeneratorOutputStream = new CharacterEventGeneratorOutputStream();

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/util/IVSplittingOutputStream.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/util/IVSplittingOutputStream.java?rev=1874014&r1=1874013&r2=1874014&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/util/IVSplittingOutputStream.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/util/IVSplittingOutputStream.java Fri Feb 14 11:57:55 2020
@@ -64,7 +64,7 @@ public class IVSplittingOutputStream ext
     }
 
     private void initializeCipher() throws IOException {
-        AlgorithmParameterSpec iv = XMLCipherUtil.constructBlockCipherParameters(cipher.getAlgorithm().toUpperCase().contains("GCM"), this.getIv(), this.getClass());
+        AlgorithmParameterSpec iv = XMLCipherUtil.constructBlockCipherParameters(cipher.getAlgorithm().toUpperCase().contains("GCM"), this.getIv());
         try {
             cipher.init(Cipher.DECRYPT_MODE, secretKey, iv);
         } catch (InvalidKeyException e) {