You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/07/20 20:17:35 UTC
cxf git commit: [CXF-6972] Relaxing the requirement to extend
JweJsonProducer when multiple recipients are used
Repository: cxf
Updated Branches:
refs/heads/master 8993a3d7c -> fe4ee94be
[CXF-6972] Relaxing the requirement to extend JweJsonProducer when multiple recipients are used
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/fe4ee94b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/fe4ee94b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/fe4ee94b
Branch: refs/heads/master
Commit: fe4ee94be6a2c6548c8e1beb409e511e826f1795
Parents: 8993a3d
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Wed Jul 20 23:16:58 2016 +0300
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Wed Jul 20 23:16:58 2016 +0300
----------------------------------------------------------------------
.../jwe/AbstractContentEncryptionAlgorithm.java | 2 +-
.../jose/jwe/AbstractJweEncryption.java | 54 ++++++++++----------
.../jwe/AesGcmContentEncryptionAlgorithm.java | 6 +++
.../security/jose/jwe/JweJsonProducerTest.java | 13 ++---
4 files changed, 38 insertions(+), 37 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/fe4ee94b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
index 355a21b..3e08de2 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
@@ -48,7 +48,7 @@ public abstract class AbstractContentEncryptionAlgorithm extends AbstractContent
if (iv == null) {
return CryptoUtils.generateSecureRandomBytes(getIvSize() / 8);
} else if (iv.length > 0 && providedIvUsageCount.addAndGet(1) > 1) {
- LOG.warning("Custom IV is recommeded to be used once");
+ LOG.warning("Custom IV is recommended to be used once");
throw new JweException(JweException.Error.CUSTOM_IV_REUSED);
} else {
return iv;
http://git-wip-us.apache.org/repos/asf/cxf/blob/fe4ee94b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
index 0260f70..a72b24a 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
@@ -87,7 +87,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
}
@Override
public String encrypt(byte[] content, JweHeaders jweHeaders) {
- JweEncryptionInternal state = getInternalState(jweHeaders, null);
+ JweEncryptionInternal state = getInternalState(jweHeaders, new JweEncryptionInput());
byte[] encryptedContent = encryptInternal(state, content);
byte[] cipher = getActualCipher(encryptedContent);
@@ -198,36 +198,36 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
protectedHeaders = theHeaders;
}
-
-
- byte[] theCek = jweInput != null && jweInput.getCek() != null
+ byte[] theCek = jweInput.getCek() != null
? jweInput.getCek() : getContentEncryptionKey(theHeaders);
- String contentEncryptionAlgoJavaName = getContentEncryptionAlgoJava();
- KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName);
- keyProps.setCompressionSupported(compressionRequired(theHeaders));
-
- byte[] theIv = jweInput != null && jweInput.getIv() != null
- ? jweInput.getIv() : getContentEncryptionAlgorithm().getInitVector();
- AlgorithmParameterSpec specParams = getAlgorithmParameterSpec(theIv);
- keyProps.setAlgoSpec(specParams);
- byte[] jweContentEncryptionKey =
- getEncryptedContentEncryptionKey(theHeaders, theCek);
-
- String protectedHeadersJson = writer.toJson(protectedHeaders);
+ JweEncryptionInternal state = new JweEncryptionInternal();
+ state.jweContentEncryptionKey = getEncryptedContentEncryptionKey(theHeaders, theCek);
- byte[] additionalEncryptionParam = getAAD(protectedHeadersJson,
- jweInput == null ? null : jweInput.getAad());
- keyProps.setAdditionalData(additionalEncryptionParam);
+ if (jweInput.isContentEncryptionRequired()) {
+ String contentEncryptionAlgoJavaName = getContentEncryptionAlgoJava();
+ KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName);
+ keyProps.setCompressionSupported(compressionRequired(theHeaders));
+
+ byte[] theIv = jweInput.getIv() != null
+ ? jweInput.getIv() : getContentEncryptionAlgorithm().getInitVector();
+ AlgorithmParameterSpec specParams = getAlgorithmParameterSpec(theIv);
+ keyProps.setAlgoSpec(specParams);
+
+ String protectedHeadersJson = writer.toJson(protectedHeaders);
+
+ byte[] additionalEncryptionParam = getAAD(protectedHeadersJson,
+ jweInput == null ? null : jweInput.getAad());
+ keyProps.setAdditionalData(additionalEncryptionParam);
+
+ state.keyProps = keyProps;
+ state.theIv = theIv;
+ state.theHeaders = theHeaders;
+ state.protectedHeadersJson = protectedHeadersJson;
+ state.aad = jweInput != null ? jweInput.getAad() : null;
+ state.secretKey = theCek;
+ }
- JweEncryptionInternal state = new JweEncryptionInternal();
- state.theHeaders = theHeaders;
- state.jweContentEncryptionKey = jweContentEncryptionKey;
- state.keyProps = keyProps;
- state.secretKey = theCek;
- state.theIv = theIv;
- state.protectedHeadersJson = protectedHeadersJson;
- state.aad = jweInput != null ? jweInput.getAad() : null;
return state;
}
private boolean compressionRequired(JweHeaders theHeaders) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/fe4ee94b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
index 4f87829..bba6251 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
@@ -36,9 +36,15 @@ public class AesGcmContentEncryptionAlgorithm extends AbstractContentEncryptionA
public AesGcmContentEncryptionAlgorithm(String encodedCek, ContentAlgorithm algo) {
this((byte[])CryptoUtils.decodeSequence(encodedCek), null, algo);
}
+ public AesGcmContentEncryptionAlgorithm(SecretKey key, ContentAlgorithm algo) {
+ this(key, (byte[])null, algo);
+ }
public AesGcmContentEncryptionAlgorithm(SecretKey key, byte[] iv, ContentAlgorithm algo) {
this(key.getEncoded(), iv, algo);
}
+ public AesGcmContentEncryptionAlgorithm(byte[] cek, ContentAlgorithm algo) {
+ this(cek, (byte[])null, algo);
+ }
public AesGcmContentEncryptionAlgorithm(byte[] cek, byte[] iv, ContentAlgorithm algo) {
super(cek, iv, checkAlgorithm(algo));
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/fe4ee94b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
index b6db1c3..473da68 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
@@ -284,7 +284,9 @@ public class JweJsonProducerTest extends Assert {
KeyEncryptionProvider keyEncryption1 =
JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, KeyAlgorithm.A128KW);
ContentEncryptionProvider contentEncryption =
- JweUtils.getContentEncryptionProvider(ContentAlgorithm.A128GCM);
+ new AesGcmContentEncryptionAlgorithm(CEK_BYTES, JweCompactReaderWriterTest.INIT_VECTOR_A1,
+ ContentAlgorithm.A128GCM);
+
JweEncryptionProvider jwe1 = new JweEncryption(keyEncryption1, contentEncryption);
KeyEncryptionProvider keyEncryption2 =
JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, KeyAlgorithm.A128KW);
@@ -300,14 +302,7 @@ public class JweJsonProducerTest extends Assert {
sharedUnprotectedHeaders,
StringUtils.toBytesUTF8(text),
StringUtils.toBytesUTF8(EXTRA_AAD_SOURCE),
- false) {
- protected JweEncryptionInput createEncryptionInput(JweHeaders jsonHeaders) {
- JweEncryptionInput input = super.createEncryptionInput(jsonHeaders);
- input.setCek(CEK_BYTES);
- input.setIv(JweCompactReaderWriterTest.INIT_VECTOR_A1);
- return input;
- }
- };
+ false);
String jweJson = p.encryptWith(jweProviders, perRecipientHeades);
assertEquals(MULTIPLE_RECIPIENTS_OUTPUT, jweJson);