[cxf] 02/03: Minor fix to last PR

Thu, 28 Nov 2019 04:29:47 -0800 

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 3.3.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit dbc1093a035a81e9381356eb5ca079a5149eea01
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Thu Nov 28 12:22:36 2019 +0000

    Minor fix to last PR
    
    (cherry picked from commit c5ec3ac60ccfa800242caea6a7e62989ea9a5e9e)
---
 .../jose/jwe/AesCbcContentEncryptionAlgorithm.java | 26 +++++++++++---------
 .../security/jose/jwe/AesCbcHmacJweEncryption.java | 28 +++++++++++-----------
 2 files changed, 29 insertions(+), 25 deletions(-)

diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcContentEncryptionAlgorithm.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcContentEncryptionAlgorithm.java
index c87907a..62f4e43 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcContentEncryptionAlgorithm.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcContentEncryptionAlgorithm.java
@@ -28,10 +28,10 @@ import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 
 public class AesCbcContentEncryptionAlgorithm extends 
AbstractContentEncryptionAlgorithm {
-    
-    static final Map<String, String> AES_HMAC_MAP;
-    static final Map<String, Integer> AES_CEK_SIZE_MAP;
-    
+
+    private static final Map<String, String> AES_HMAC_MAP;
+    private static final Map<String, Integer> AES_CEK_SIZE_MAP;
+
     static {
         AES_HMAC_MAP = new HashMap<>();
         AES_HMAC_MAP.put(ContentAlgorithm.A128CBC_HS256.getJwaName(), 
AlgorithmUtils.HMAC_SHA_256_JAVA);
@@ -43,34 +43,38 @@ public class AesCbcContentEncryptionAlgorithm extends 
AbstractContentEncryptionA
         AES_CEK_SIZE_MAP.put(ContentAlgorithm.A192CBC_HS384.getJwaName(), 48);
         AES_CEK_SIZE_MAP.put(ContentAlgorithm.A256CBC_HS512.getJwaName(), 64);
     }
-    
+
     public AesCbcContentEncryptionAlgorithm(ContentAlgorithm algo, boolean 
generateCekOnce) {
         super(validateCekAlgorithm(algo), generateCekOnce);
     }
-    
+
     public AesCbcContentEncryptionAlgorithm(byte[] cek, byte[] iv, 
ContentAlgorithm algo) {
         super(cek, iv, validateCekAlgorithm(algo));
     }
-    
+
     @Override
     public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
         return new IvParameterSpec(theIv);
     }
-    
+
     @Override
     public byte[] getAdditionalAuthenticationData(String headersJson, byte[] 
aad) {
         return null;
     }
-    
+
     @Override
     protected int getContentEncryptionKeySize(JweHeaders headers) {
         return getFullCekKeySize(getAlgorithm().getJwaName()) * 8;
     }
-    
+
     protected static int getFullCekKeySize(String algoJwt) {
         return AES_CEK_SIZE_MAP.get(algoJwt);
     }
-    
+
+    protected static String getHMACAlgorithm(String algoJwt) {
+        return AES_HMAC_MAP.get(algoJwt);
+    }
+
     protected static ContentAlgorithm validateCekAlgorithm(ContentAlgorithm 
cekAlgo) {
         if (!AlgorithmUtils.isAesCbcHmac(cekAlgo.getJwaName())) {
             LOG.warning("Invalid content encryption algorithm");
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
index b995245..8226a17 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
@@ -27,40 +27,40 @@ import 
org.apache.cxf.rs.security.jose.jwe.JweException.Error;
 import org.apache.cxf.rt.security.crypto.HmacUtils;
 
 public class AesCbcHmacJweEncryption extends JweEncryption {
-    
+
     public AesCbcHmacJweEncryption(ContentAlgorithm cekAlgoJwt,
                                    KeyEncryptionProvider 
keyEncryptionAlgorithm) {
         this(cekAlgoJwt, keyEncryptionAlgorithm, false);
     }
-    
+
     public AesCbcHmacJweEncryption(ContentAlgorithm cekAlgoJwt,
                                    KeyEncryptionProvider 
keyEncryptionAlgorithm,
                                    boolean generateCekOnce) {
         super(keyEncryptionAlgorithm, new 
AesCbcContentEncryptionAlgorithm(cekAlgoJwt, generateCekOnce));
     }
-    
+
     public AesCbcHmacJweEncryption(ContentAlgorithm cekAlgoJwt, byte[] cek,
                                    byte[] iv, KeyEncryptionProvider 
keyEncryptionAlgorithm) {
         super(keyEncryptionAlgorithm, new 
AesCbcContentEncryptionAlgorithm(cek, iv, cekAlgoJwt));
     }
-    
-    public AesCbcHmacJweEncryption(KeyEncryptionProvider 
keyEncryptionAlgorithm, 
+
+    public AesCbcHmacJweEncryption(KeyEncryptionProvider 
keyEncryptionAlgorithm,
         AesCbcContentEncryptionAlgorithm contentEncryptionAlgorithm) {
         super(keyEncryptionAlgorithm, contentEncryptionAlgorithm);
     }
-    
+
     @Override
     protected byte[] getActualCek(byte[] theCek, String algoJwt) {
         return doGetActualCek(theCek, algoJwt);
     }
-    
+
     protected static byte[] doGetActualCek(byte[] theCek, String algoJwt) {
         // K
         int inputKeySize = 
AesCbcContentEncryptionAlgorithm.getFullCekKeySize(algoJwt);
         if (theCek.length != inputKeySize) {
-            LOG.warning("Length input key [" + theCek.length + "] invalid for 
algorithm " + algoJwt 
+            LOG.warning("Length input key [" + theCek.length + "] invalid for 
algorithm " + algoJwt
                 + " [" + inputKeySize + "]");
-            throw new JweException(Error.INVALID_CONTENT_KEY); 
+            throw new JweException(Error.INVALID_CONTENT_KEY);
         }
         // MAC_KEY, ENC_KEY
         int secondaryKeySize = inputKeySize / 2;
@@ -73,7 +73,7 @@ public class AesCbcHmacJweEncryption extends JweEncryption {
     protected byte[] getActualCipher(byte[] cipher) {
         return cipher;
     }
-    
+
     protected byte[] getAuthenticationTag(JweEncryptionInternal state, byte[] 
cipher) {
         final MacState macState = getInitializedMacState(state);
         macState.mac.update(cipher);
@@ -89,12 +89,12 @@ public class AesCbcHmacJweEncryption extends JweEncryption {
         System.arraycopy(sig, 0, authTag, 0, authTagLen);
         return authTag;
     }
-    
+
     private MacState getInitializedMacState(final JweEncryptionInternal state) 
{
         return getInitializedMacState(state.secretKey, state.theIv, state.aad,
                                       state.theHeaders, 
state.protectedHeadersJson);
     }
-    
+
     protected static MacState getInitializedMacState(byte[] secretKey,
                                                      byte[] theIv,
                                                      byte[] extraAad,
@@ -105,7 +105,7 @@ public class AesCbcHmacJweEncryption extends JweEncryption {
         byte[] macKey = new byte[size];
         System.arraycopy(secretKey, 0, macKey, 0, size);
 
-        String hmacAlgoJava = 
AesCbcContentEncryptionAlgorithm.AES_HMAC_MAP.get(algoJwt);
+        String hmacAlgoJava = 
AesCbcContentEncryptionAlgorithm.getHMACAlgorithm(algoJwt);
         Mac mac = HmacUtils.getInitializedMac(macKey, hmacAlgoJava, null);
 
         byte[] aad = 
JweUtils.getAdditionalAuthenticationData(protectedHeadersJson, extraAad);
@@ -147,5 +147,5 @@ public class AesCbcHmacJweEncryption extends JweEncryption {
         protected Mac mac;
         private byte[] al;
     }
-    
+
 }

Reply via email to