[CXF-6972] Relaxing the requirement to extend JweJsonProducer when multiple recipients are used
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/fe4ee94b Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/fe4ee94b Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/fe4ee94b Branch: refs/heads/master-jaxrs-2.1 Commit: fe4ee94be6a2c6548c8e1beb409e511e826f1795 Parents: 8993a3d Author: Sergey Beryozkin <sberyoz...@gmail.com> Authored: Wed Jul 20 23:16:58 2016 +0300 Committer: Sergey Beryozkin <sberyoz...@gmail.com> Committed: Wed Jul 20 23:16:58 2016 +0300 ---------------------------------------------------------------------- .../jwe/AbstractContentEncryptionAlgorithm.java | 2 +- .../jose/jwe/AbstractJweEncryption.java | 54 ++++++++++---------- .../jwe/AesGcmContentEncryptionAlgorithm.java | 6 +++ .../security/jose/jwe/JweJsonProducerTest.java | 13 ++--- 4 files changed, 38 insertions(+), 37 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/fe4ee94b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java index 355a21b..3e08de2 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java @@ -48,7 +48,7 @@ public abstract class AbstractContentEncryptionAlgorithm extends AbstractContent if (iv == null) { return CryptoUtils.generateSecureRandomBytes(getIvSize() / 8); } else if (iv.length > 0 && providedIvUsageCount.addAndGet(1) > 1) { - LOG.warning("Custom IV is recommeded to be used once"); + LOG.warning("Custom IV is recommended to be used once"); throw new JweException(JweException.Error.CUSTOM_IV_REUSED); } else { return iv; http://git-wip-us.apache.org/repos/asf/cxf/blob/fe4ee94b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java index 0260f70..a72b24a 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java @@ -87,7 +87,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { } @Override public String encrypt(byte[] content, JweHeaders jweHeaders) { - JweEncryptionInternal state = getInternalState(jweHeaders, null); + JweEncryptionInternal state = getInternalState(jweHeaders, new JweEncryptionInput()); byte[] encryptedContent = encryptInternal(state, content); byte[] cipher = getActualCipher(encryptedContent); @@ -198,36 +198,36 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { protectedHeaders = theHeaders; } - - - byte[] theCek = jweInput != null && jweInput.getCek() != null + byte[] theCek = jweInput.getCek() != null ? jweInput.getCek() : getContentEncryptionKey(theHeaders); - String contentEncryptionAlgoJavaName = getContentEncryptionAlgoJava(); - KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName); - keyProps.setCompressionSupported(compressionRequired(theHeaders)); - - byte[] theIv = jweInput != null && jweInput.getIv() != null - ? jweInput.getIv() : getContentEncryptionAlgorithm().getInitVector(); - AlgorithmParameterSpec specParams = getAlgorithmParameterSpec(theIv); - keyProps.setAlgoSpec(specParams); - byte[] jweContentEncryptionKey = - getEncryptedContentEncryptionKey(theHeaders, theCek); - - String protectedHeadersJson = writer.toJson(protectedHeaders); + JweEncryptionInternal state = new JweEncryptionInternal(); + state.jweContentEncryptionKey = getEncryptedContentEncryptionKey(theHeaders, theCek); - byte[] additionalEncryptionParam = getAAD(protectedHeadersJson, - jweInput == null ? null : jweInput.getAad()); - keyProps.setAdditionalData(additionalEncryptionParam); + if (jweInput.isContentEncryptionRequired()) { + String contentEncryptionAlgoJavaName = getContentEncryptionAlgoJava(); + KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName); + keyProps.setCompressionSupported(compressionRequired(theHeaders)); + + byte[] theIv = jweInput.getIv() != null + ? jweInput.getIv() : getContentEncryptionAlgorithm().getInitVector(); + AlgorithmParameterSpec specParams = getAlgorithmParameterSpec(theIv); + keyProps.setAlgoSpec(specParams); + + String protectedHeadersJson = writer.toJson(protectedHeaders); + + byte[] additionalEncryptionParam = getAAD(protectedHeadersJson, + jweInput == null ? null : jweInput.getAad()); + keyProps.setAdditionalData(additionalEncryptionParam); + + state.keyProps = keyProps; + state.theIv = theIv; + state.theHeaders = theHeaders; + state.protectedHeadersJson = protectedHeadersJson; + state.aad = jweInput != null ? jweInput.getAad() : null; + state.secretKey = theCek; + } - JweEncryptionInternal state = new JweEncryptionInternal(); - state.theHeaders = theHeaders; - state.jweContentEncryptionKey = jweContentEncryptionKey; - state.keyProps = keyProps; - state.secretKey = theCek; - state.theIv = theIv; - state.protectedHeadersJson = protectedHeadersJson; - state.aad = jweInput != null ? jweInput.getAad() : null; return state; } private boolean compressionRequired(JweHeaders theHeaders) { http://git-wip-us.apache.org/repos/asf/cxf/blob/fe4ee94b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java index 4f87829..bba6251 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java @@ -36,9 +36,15 @@ public class AesGcmContentEncryptionAlgorithm extends AbstractContentEncryptionA public AesGcmContentEncryptionAlgorithm(String encodedCek, ContentAlgorithm algo) { this((byte[])CryptoUtils.decodeSequence(encodedCek), null, algo); } + public AesGcmContentEncryptionAlgorithm(SecretKey key, ContentAlgorithm algo) { + this(key, (byte[])null, algo); + } public AesGcmContentEncryptionAlgorithm(SecretKey key, byte[] iv, ContentAlgorithm algo) { this(key.getEncoded(), iv, algo); } + public AesGcmContentEncryptionAlgorithm(byte[] cek, ContentAlgorithm algo) { + this(cek, (byte[])null, algo); + } public AesGcmContentEncryptionAlgorithm(byte[] cek, byte[] iv, ContentAlgorithm algo) { super(cek, iv, checkAlgorithm(algo)); } http://git-wip-us.apache.org/repos/asf/cxf/blob/fe4ee94b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java index b6db1c3..473da68 100644 --- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java @@ -284,7 +284,9 @@ public class JweJsonProducerTest extends Assert { KeyEncryptionProvider keyEncryption1 = JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, KeyAlgorithm.A128KW); ContentEncryptionProvider contentEncryption = - JweUtils.getContentEncryptionProvider(ContentAlgorithm.A128GCM); + new AesGcmContentEncryptionAlgorithm(CEK_BYTES, JweCompactReaderWriterTest.INIT_VECTOR_A1, + ContentAlgorithm.A128GCM); + JweEncryptionProvider jwe1 = new JweEncryption(keyEncryption1, contentEncryption); KeyEncryptionProvider keyEncryption2 = JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, KeyAlgorithm.A128KW); @@ -300,14 +302,7 @@ public class JweJsonProducerTest extends Assert { sharedUnprotectedHeaders, StringUtils.toBytesUTF8(text), StringUtils.toBytesUTF8(EXTRA_AAD_SOURCE), - false) { - protected JweEncryptionInput createEncryptionInput(JweHeaders jsonHeaders) { - JweEncryptionInput input = super.createEncryptionInput(jsonHeaders); - input.setCek(CEK_BYTES); - input.setIv(JweCompactReaderWriterTest.INIT_VECTOR_A1); - return input; - } - }; + false); String jweJson = p.encryptWith(jweProviders, perRecipientHeades); assertEquals(MULTIPLE_RECIPIENTS_OUTPUT, jweJson);