You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Andriy Redko (Jira)" <ji...@apache.org> on 2023/02/06 03:46:00 UTC
[jira] [Resolved] (CXF-8816) Deflater and Inflater initialized with different 'nowrap' value
[ https://issues.apache.org/jira/browse/CXF-8816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andriy Redko resolved CXF-8816.
-------------------------------
Resolution: Fixed
> Deflater and Inflater initialized with different 'nowrap' value
> ---------------------------------------------------------------
>
> Key: CXF-8816
> URL: https://issues.apache.org/jira/browse/CXF-8816
> Project: CXF
> Issue Type: Bug
> Affects Versions: 3.4.10, 3.5.5, 4.0.0
> Reporter: Andriy Redko
> Priority: Major
> Fix For: 3.6.0, 4.0.1, 3.5.6, 3.4.11
>
>
> As for now Deflater and Inflater initialized with different 'nowrap' value. As result we are getting the folowing Exeption:
> ```
> java.lang.SecurityException: java.util.zip.DataFormatException: invalid stored block lengths
> at org.apache.cxf.rt.security.crypto.CryptoUtils.processBytes(CryptoUtils.java:587)
> at org.apache.cxf.rt.security.crypto.CryptoUtils.decryptBytes(CryptoUtils.java:483)
> at org.apache.cxf.rs.security.jose.jwe.AbstractJweDecryption.doDecrypt(AbstractJweDecryption.java:72)
> at org.apache.cxf.rs.security.jose.jwe.AbstractJweDecryption.decrypt(AbstractJweDecryption.java:57)
> at org.apache.cxf.rs.security.jose.jwe.JweJsonConsumer.decryptWith(JweJsonConsumer.java:64)
> ```
> This PR will fix the Jwe Compression by setting the 'nowrap' parameter for both Deflater and Inflater to 'true' (RAW DEF) as specified in the RFC1951.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)