[cxf] branch master updated: Minor fix to last PR

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[cxf] branch master updated: Minor fix to last PR

coheigea
Administrator
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/master by this push:
     new c5ec3ac  Minor fix to last PR
c5ec3ac is described below

commit c5ec3ac60ccfa800242caea6a7e62989ea9a5e9e
Author: Colm O hEigeartaigh <[hidden email]>
AuthorDate: Thu Nov 28 12:22:36 2019 +0000

    Minor fix to last PR
---
 .../jose/jwe/AesCbcContentEncryptionAlgorithm.java | 26 +++++++++++---------
 .../security/jose/jwe/AesCbcHmacJweEncryption.java | 28 +++++++++++-----------
 2 files changed, 29 insertions(+), 25 deletions(-)

diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcContentEncryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcContentEncryptionAlgorithm.java
index c87907a..62f4e43 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcContentEncryptionAlgorithm.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcContentEncryptionAlgorithm.java
@@ -28,10 +28,10 @@ import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 
 public class AesCbcContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm {
-    
-    static final Map<String, String> AES_HMAC_MAP;
-    static final Map<String, Integer> AES_CEK_SIZE_MAP;
-    
+
+    private static final Map<String, String> AES_HMAC_MAP;
+    private static final Map<String, Integer> AES_CEK_SIZE_MAP;
+
     static {
         AES_HMAC_MAP = new HashMap<>();
         AES_HMAC_MAP.put(ContentAlgorithm.A128CBC_HS256.getJwaName(), AlgorithmUtils.HMAC_SHA_256_JAVA);
@@ -43,34 +43,38 @@ public class AesCbcContentEncryptionAlgorithm extends AbstractContentEncryptionA
         AES_CEK_SIZE_MAP.put(ContentAlgorithm.A192CBC_HS384.getJwaName(), 48);
         AES_CEK_SIZE_MAP.put(ContentAlgorithm.A256CBC_HS512.getJwaName(), 64);
     }
-    
+
     public AesCbcContentEncryptionAlgorithm(ContentAlgorithm algo, boolean generateCekOnce) {
         super(validateCekAlgorithm(algo), generateCekOnce);
     }
-    
+
     public AesCbcContentEncryptionAlgorithm(byte[] cek, byte[] iv, ContentAlgorithm algo) {
         super(cek, iv, validateCekAlgorithm(algo));
     }
-    
+
     @Override
     public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
         return new IvParameterSpec(theIv);
     }
-    
+
     @Override
     public byte[] getAdditionalAuthenticationData(String headersJson, byte[] aad) {
         return null;
     }
-    
+
     @Override
     protected int getContentEncryptionKeySize(JweHeaders headers) {
         return getFullCekKeySize(getAlgorithm().getJwaName()) * 8;
     }
-    
+
     protected static int getFullCekKeySize(String algoJwt) {
         return AES_CEK_SIZE_MAP.get(algoJwt);
     }
-    
+
+    protected static String getHMACAlgorithm(String algoJwt) {
+        return AES_HMAC_MAP.get(algoJwt);
+    }
+
     protected static ContentAlgorithm validateCekAlgorithm(ContentAlgorithm cekAlgo) {
         if (!AlgorithmUtils.isAesCbcHmac(cekAlgo.getJwaName())) {
             LOG.warning("Invalid content encryption algorithm");
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
index b995245..8226a17 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
@@ -27,40 +27,40 @@ import org.apache.cxf.rs.security.jose.jwe.JweException.Error;
 import org.apache.cxf.rt.security.crypto.HmacUtils;
 
 public class AesCbcHmacJweEncryption extends JweEncryption {
-    
+
     public AesCbcHmacJweEncryption(ContentAlgorithm cekAlgoJwt,
                                    KeyEncryptionProvider keyEncryptionAlgorithm) {
         this(cekAlgoJwt, keyEncryptionAlgorithm, false);
     }
-    
+
     public AesCbcHmacJweEncryption(ContentAlgorithm cekAlgoJwt,
                                    KeyEncryptionProvider keyEncryptionAlgorithm,
                                    boolean generateCekOnce) {
         super(keyEncryptionAlgorithm, new AesCbcContentEncryptionAlgorithm(cekAlgoJwt, generateCekOnce));
     }
-    
+
     public AesCbcHmacJweEncryption(ContentAlgorithm cekAlgoJwt, byte[] cek,
                                    byte[] iv, KeyEncryptionProvider keyEncryptionAlgorithm) {
         super(keyEncryptionAlgorithm, new AesCbcContentEncryptionAlgorithm(cek, iv, cekAlgoJwt));
     }
-    
-    public AesCbcHmacJweEncryption(KeyEncryptionProvider keyEncryptionAlgorithm,
+
+    public AesCbcHmacJweEncryption(KeyEncryptionProvider keyEncryptionAlgorithm,
         AesCbcContentEncryptionAlgorithm contentEncryptionAlgorithm) {
         super(keyEncryptionAlgorithm, contentEncryptionAlgorithm);
     }
-    
+
     @Override
     protected byte[] getActualCek(byte[] theCek, String algoJwt) {
         return doGetActualCek(theCek, algoJwt);
     }
-    
+
     protected static byte[] doGetActualCek(byte[] theCek, String algoJwt) {
         // K
         int inputKeySize = AesCbcContentEncryptionAlgorithm.getFullCekKeySize(algoJwt);
         if (theCek.length != inputKeySize) {
-            LOG.warning("Length input key [" + theCek.length + "] invalid for algorithm " + algoJwt
+            LOG.warning("Length input key [" + theCek.length + "] invalid for algorithm " + algoJwt
                 + " [" + inputKeySize + "]");
-            throw new JweException(Error.INVALID_CONTENT_KEY);
+            throw new JweException(Error.INVALID_CONTENT_KEY);
         }
         // MAC_KEY, ENC_KEY
         int secondaryKeySize = inputKeySize / 2;
@@ -73,7 +73,7 @@ public class AesCbcHmacJweEncryption extends JweEncryption {
     protected byte[] getActualCipher(byte[] cipher) {
         return cipher;
     }
-    
+
     protected byte[] getAuthenticationTag(JweEncryptionInternal state, byte[] cipher) {
         final MacState macState = getInitializedMacState(state);
         macState.mac.update(cipher);
@@ -89,12 +89,12 @@ public class AesCbcHmacJweEncryption extends JweEncryption {
         System.arraycopy(sig, 0, authTag, 0, authTagLen);
         return authTag;
     }
-    
+
     private MacState getInitializedMacState(final JweEncryptionInternal state) {
         return getInitializedMacState(state.secretKey, state.theIv, state.aad,
                                       state.theHeaders, state.protectedHeadersJson);
     }
-    
+
     protected static MacState getInitializedMacState(byte[] secretKey,
                                                      byte[] theIv,
                                                      byte[] extraAad,
@@ -105,7 +105,7 @@ public class AesCbcHmacJweEncryption extends JweEncryption {
         byte[] macKey = new byte[size];
         System.arraycopy(secretKey, 0, macKey, 0, size);
 
-        String hmacAlgoJava = AesCbcContentEncryptionAlgorithm.AES_HMAC_MAP.get(algoJwt);
+        String hmacAlgoJava = AesCbcContentEncryptionAlgorithm.getHMACAlgorithm(algoJwt);
         Mac mac = HmacUtils.getInitializedMac(macKey, hmacAlgoJava, null);
 
         byte[] aad = JweUtils.getAdditionalAuthenticationData(protectedHeadersJson, extraAad);
@@ -147,5 +147,5 @@ public class AesCbcHmacJweEncryption extends JweEncryption {
         protected Mac mac;
         private byte[] al;
     }
-    
+
 }