Frederik Libert created CXF-8162:
------------------------------------
Summary: JWE with multiple recipients does not work for AES CBC
Encryption
Key: CXF-8162
URL: https://issues.apache.org/jira/browse/CXF-8162
Project: CXF
Issue Type: Bug
Components: JAX-RS Security
Affects Versions: 3.3.4
Reporter: Frederik Libert
When encrypting for multiple recipients, the plaintext, the CEK, JWE
Initialization Vector, and JWE Protected Header are shared by all recipients
(which must be the case, since
the ciphertext and Authentication Tag are also shared).
The Apache CXF API for encrypting the content with AES GCM allows this by
initializing a ContentEncryptionProvider of type
AesGcmContentEncryptionAlgorithm which can be used as reference when
initializing the list of JweEncryptionProviders (which take a
KeyEncryptionProvider and an ContentEncryptionProvider).
When using AES CBC, the API is different.
The class AesCbcContentEncryptionAlgorithm is a private innerclass of
JweEncryptionProvider AesCbcHmacJweEncryption so you can't initialize it once
and reuse it in all JweEncryptionProviders of the list.
There is a workaround as the API allows to build the CEK and
InitializationVector yourself (not very nice) but this method leads to an
ArrayIndexOutOfBoundsException as there is a typo in the
AesCbcHmacJweEncryption when copying the CEK byte by byte internally.
This typo should be fixed but more importantly, the API for AES CBC encryption
should allow the initialization of the ContentEncryptionProvider from outside
the JweEncryptionProvider so it can be referenced in all JweEncryptionProviders.
Without that, you can only encrypt for 1 recipient or the validation will fail
(invalid authentication tag) for all but 1 recipient.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
