You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/11/28 12:22:56 UTC
[cxf] branch master updated: Minor fix to last PR
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new c5ec3ac Minor fix to last PR
c5ec3ac is described below
commit c5ec3ac60ccfa800242caea6a7e62989ea9a5e9e
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Nov 28 12:22:36 2019 +0000
Minor fix to last PR
---
.../jose/jwe/AesCbcContentEncryptionAlgorithm.java | 26 +++++++++++---------
.../security/jose/jwe/AesCbcHmacJweEncryption.java | 28 +++++++++++-----------
2 files changed, 29 insertions(+), 25 deletions(-)
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcContentEncryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcContentEncryptionAlgorithm.java
index c87907a..62f4e43 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcContentEncryptionAlgorithm.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcContentEncryptionAlgorithm.java
@@ -28,10 +28,10 @@ import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
public class AesCbcContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm {
-
- static final Map<String, String> AES_HMAC_MAP;
- static final Map<String, Integer> AES_CEK_SIZE_MAP;
-
+
+ private static final Map<String, String> AES_HMAC_MAP;
+ private static final Map<String, Integer> AES_CEK_SIZE_MAP;
+
static {
AES_HMAC_MAP = new HashMap<>();
AES_HMAC_MAP.put(ContentAlgorithm.A128CBC_HS256.getJwaName(), AlgorithmUtils.HMAC_SHA_256_JAVA);
@@ -43,34 +43,38 @@ public class AesCbcContentEncryptionAlgorithm extends AbstractContentEncryptionA
AES_CEK_SIZE_MAP.put(ContentAlgorithm.A192CBC_HS384.getJwaName(), 48);
AES_CEK_SIZE_MAP.put(ContentAlgorithm.A256CBC_HS512.getJwaName(), 64);
}
-
+
public AesCbcContentEncryptionAlgorithm(ContentAlgorithm algo, boolean generateCekOnce) {
super(validateCekAlgorithm(algo), generateCekOnce);
}
-
+
public AesCbcContentEncryptionAlgorithm(byte[] cek, byte[] iv, ContentAlgorithm algo) {
super(cek, iv, validateCekAlgorithm(algo));
}
-
+
@Override
public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
return new IvParameterSpec(theIv);
}
-
+
@Override
public byte[] getAdditionalAuthenticationData(String headersJson, byte[] aad) {
return null;
}
-
+
@Override
protected int getContentEncryptionKeySize(JweHeaders headers) {
return getFullCekKeySize(getAlgorithm().getJwaName()) * 8;
}
-
+
protected static int getFullCekKeySize(String algoJwt) {
return AES_CEK_SIZE_MAP.get(algoJwt);
}
-
+
+ protected static String getHMACAlgorithm(String algoJwt) {
+ return AES_HMAC_MAP.get(algoJwt);
+ }
+
protected static ContentAlgorithm validateCekAlgorithm(ContentAlgorithm cekAlgo) {
if (!AlgorithmUtils.isAesCbcHmac(cekAlgo.getJwaName())) {
LOG.warning("Invalid content encryption algorithm");
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
index b995245..8226a17 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
@@ -27,40 +27,40 @@ import org.apache.cxf.rs.security.jose.jwe.JweException.Error;
import org.apache.cxf.rt.security.crypto.HmacUtils;
public class AesCbcHmacJweEncryption extends JweEncryption {
-
+
public AesCbcHmacJweEncryption(ContentAlgorithm cekAlgoJwt,
KeyEncryptionProvider keyEncryptionAlgorithm) {
this(cekAlgoJwt, keyEncryptionAlgorithm, false);
}
-
+
public AesCbcHmacJweEncryption(ContentAlgorithm cekAlgoJwt,
KeyEncryptionProvider keyEncryptionAlgorithm,
boolean generateCekOnce) {
super(keyEncryptionAlgorithm, new AesCbcContentEncryptionAlgorithm(cekAlgoJwt, generateCekOnce));
}
-
+
public AesCbcHmacJweEncryption(ContentAlgorithm cekAlgoJwt, byte[] cek,
byte[] iv, KeyEncryptionProvider keyEncryptionAlgorithm) {
super(keyEncryptionAlgorithm, new AesCbcContentEncryptionAlgorithm(cek, iv, cekAlgoJwt));
}
-
- public AesCbcHmacJweEncryption(KeyEncryptionProvider keyEncryptionAlgorithm,
+
+ public AesCbcHmacJweEncryption(KeyEncryptionProvider keyEncryptionAlgorithm,
AesCbcContentEncryptionAlgorithm contentEncryptionAlgorithm) {
super(keyEncryptionAlgorithm, contentEncryptionAlgorithm);
}
-
+
@Override
protected byte[] getActualCek(byte[] theCek, String algoJwt) {
return doGetActualCek(theCek, algoJwt);
}
-
+
protected static byte[] doGetActualCek(byte[] theCek, String algoJwt) {
// K
int inputKeySize = AesCbcContentEncryptionAlgorithm.getFullCekKeySize(algoJwt);
if (theCek.length != inputKeySize) {
- LOG.warning("Length input key [" + theCek.length + "] invalid for algorithm " + algoJwt
+ LOG.warning("Length input key [" + theCek.length + "] invalid for algorithm " + algoJwt
+ " [" + inputKeySize + "]");
- throw new JweException(Error.INVALID_CONTENT_KEY);
+ throw new JweException(Error.INVALID_CONTENT_KEY);
}
// MAC_KEY, ENC_KEY
int secondaryKeySize = inputKeySize / 2;
@@ -73,7 +73,7 @@ public class AesCbcHmacJweEncryption extends JweEncryption {
protected byte[] getActualCipher(byte[] cipher) {
return cipher;
}
-
+
protected byte[] getAuthenticationTag(JweEncryptionInternal state, byte[] cipher) {
final MacState macState = getInitializedMacState(state);
macState.mac.update(cipher);
@@ -89,12 +89,12 @@ public class AesCbcHmacJweEncryption extends JweEncryption {
System.arraycopy(sig, 0, authTag, 0, authTagLen);
return authTag;
}
-
+
private MacState getInitializedMacState(final JweEncryptionInternal state) {
return getInitializedMacState(state.secretKey, state.theIv, state.aad,
state.theHeaders, state.protectedHeadersJson);
}
-
+
protected static MacState getInitializedMacState(byte[] secretKey,
byte[] theIv,
byte[] extraAad,
@@ -105,7 +105,7 @@ public class AesCbcHmacJweEncryption extends JweEncryption {
byte[] macKey = new byte[size];
System.arraycopy(secretKey, 0, macKey, 0, size);
- String hmacAlgoJava = AesCbcContentEncryptionAlgorithm.AES_HMAC_MAP.get(algoJwt);
+ String hmacAlgoJava = AesCbcContentEncryptionAlgorithm.getHMACAlgorithm(algoJwt);
Mac mac = HmacUtils.getInitializedMac(macKey, hmacAlgoJava, null);
byte[] aad = JweUtils.getAdditionalAuthenticationData(protectedHeadersJson, extraAad);
@@ -147,5 +147,5 @@ public class AesCbcHmacJweEncryption extends JweEncryption {
protected Mac mac;
private byte[] al;
}
-
+
}