[ https://issues.apache.org/jira/browse/CXF-8162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16978440#comment-16978440 ]
Frederik Libert commented on CXF-8162: -------------------------------------- {code} protected static byte[] doGetActualCek(byte[] theCek, String algoJwt) { int size = getFullCekKeySize(algoJwt) / 2; byte[] actualCek = new byte[size]; System.arraycopy(theCek, size, actualCek, 0, size); return actualCek; } {code} should be {code} protected static byte[] doGetActualCek(byte[] theCek, String algoJwt) { int size = getFullCekKeySize(algoJwt) / 2; byte[] actualCek = new byte[size]; System.arraycopy(theCek, 0, actualCek, 0, size); return actualCek; } {code} > JWE with multiple recipients does not work for AES CBC Encryption > ----------------------------------------------------------------- > > Key: CXF-8162 > URL: https://issues.apache.org/jira/browse/CXF-8162 > Project: CXF > Issue Type: Bug > Components: JAX-RS Security > Affects Versions: 3.3.4 > Reporter: Frederik Libert > Priority: Major > > When encrypting for multiple recipients, the plaintext, the CEK, JWE > Initialization Vector, and JWE Protected Header are shared by all recipients > (which must be the case, since > the ciphertext and Authentication Tag are also shared). > The Apache CXF API for encrypting the content with AES GCM allows this by > initializing a ContentEncryptionProvider of type > AesGcmContentEncryptionAlgorithm which can be used as reference when > initializing the list of JweEncryptionProviders (which take a > KeyEncryptionProvider and an ContentEncryptionProvider). > When using AES CBC, the API is different. > The class AesCbcContentEncryptionAlgorithm is a private innerclass of > JweEncryptionProvider AesCbcHmacJweEncryption so you can't initialize it once > and reuse it in all JweEncryptionProviders of the list. > There is a workaround as the API allows to build the CEK and > InitializationVector yourself (not very nice) but this method leads to an > ArrayIndexOutOfBoundsException as there is a typo in the > AesCbcHmacJweEncryption when copying the CEK byte by byte internally. > This typo should be fixed but more importantly, the API for AES CBC > encryption should allow the initialization of the ContentEncryptionProvider > from outside the JweEncryptionProvider so it can be referenced in all > JweEncryptionProviders. > Without that, you can only encrypt for 1 recipient or the validation will > fail (invalid authentication tag) for all but 1 recipient. -- This message was sent by Atlassian Jira (v8.3.4#803005)