You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by re...@apache.org on 2023/02/05 16:42:19 UTC
[cxf] branch main updated: Fix Jwe compression (#1106)
This is an automated email from the ASF dual-hosted git repository.
reta pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/main by this push:
new de6b2300ee Fix Jwe compression (#1106)
de6b2300ee is described below
commit de6b2300ee1b6ba4369b6fb2b51b9d8490f4ce86
Author: Egor Puzanov <ep...@users.noreply.github.com>
AuthorDate: Sun Feb 5 17:42:13 2023 +0100
Fix Jwe compression (#1106)
CXF-8816: Deflater and Inflater initialized with different 'nowrap' value
---
.../apache/cxf/common/util/CompressionUtils.java | 2 +-
.../apache/cxf/rt/security/crypto/CryptoUtils.java | 4 +-
.../cxf/rt/security/crypto/CryptoUtilsTest.java | 56 ++++++++++++++++++++++
3 files changed, 59 insertions(+), 3 deletions(-)
diff --git a/core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java b/core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java
index ea4ce34e7b..85477f2a19 100644
--- a/core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java
+++ b/core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java
@@ -35,7 +35,7 @@ public final class CompressionUtils {
}
public static InputStream inflate(byte[] deflatedToken, boolean nowrap)
throws DataFormatException {
- Inflater inflater = new Inflater(true);
+ Inflater inflater = new Inflater(nowrap);
inflater.setInput(deflatedToken);
byte[] buffer = new byte[deflatedToken.length];
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
index 847200bcda..5735b8bae4 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
@@ -546,7 +546,7 @@ public final class CryptoUtils {
int mode) throws SecurityException {
boolean compressionSupported = keyProps != null && keyProps.isCompressionSupported();
if (compressionSupported && mode == Cipher.ENCRYPT_MODE) {
- bytes = CompressionUtils.deflate(bytes, false);
+ bytes = CompressionUtils.deflate(bytes, true);
}
try {
Cipher c = initCipher(secretKey, keyProps, mode);
@@ -580,7 +580,7 @@ public final class CryptoUtils {
}
}
if (compressionSupported && mode == Cipher.DECRYPT_MODE) {
- result = IOUtils.readBytesFromStream(CompressionUtils.inflate(result, false));
+ result = IOUtils.readBytesFromStream(CompressionUtils.inflate(result, true));
}
return result;
} catch (Exception ex) {
diff --git a/rt/security/src/test/java/org/apache/cxf/rt/security/crypto/CryptoUtilsTest.java b/rt/security/src/test/java/org/apache/cxf/rt/security/crypto/CryptoUtilsTest.java
new file mode 100644
index 0000000000..646636684c
--- /dev/null
+++ b/rt/security/src/test/java/org/apache/cxf/rt/security/crypto/CryptoUtilsTest.java
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.crypto;
+
+import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
+import java.util.Collection;
+
+import javax.crypto.SecretKey;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import static org.junit.Assert.assertArrayEquals;
+
+@RunWith(Parameterized.class)
+public class CryptoUtilsTest {
+ private final boolean compression;
+
+ public CryptoUtilsTest(boolean compression) {
+ this.compression = compression;
+ }
+
+ @Parameterized.Parameters
+ public static Collection<Object[]> compression() {
+ return Arrays.asList(new Object[][] {{true}, {false}});
+ }
+
+ @Test
+ public void testCompression() {
+ byte[] bytes = "testString".getBytes(StandardCharsets.UTF_8);
+ KeyProperties keyProps = new KeyProperties("AES");
+ keyProps.setCompressionSupported(compression);
+ SecretKey secretKey = CryptoUtils.getSecretKey(keyProps);
+ byte[] encryptedBytes = CryptoUtils.encryptBytes(bytes, secretKey, keyProps);
+ byte[] decryptedBytes = CryptoUtils.decryptBytes(encryptedBytes, secretKey, keyProps);
+ assertArrayEquals(bytes, decryptedBytes);
+ }
+}