This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch 3.3.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 2958089f0520883ad9021ee383c9cc7c62ba04a6 Author: Colm O hEigeartaigh <[email protected]> AuthorDate: Fri Dec 20 11:21:14 2019 +0000 Jose cleanup to make fields final (cherry picked from commit c4b981355bf51b67662d722cf757b0442af48327) --- .../AbstractContentEncryptionCipherProperties.java | 5 +++-- .../security/jose/jwe/AbstractJweDecryption.java | 5 +++-- .../security/jose/jwe/AbstractJweEncryption.java | 7 ++++--- .../jwe/AbstractWrapKeyEncryptionAlgorithm.java | 9 +++++---- .../security/jose/jwe/AesCbcHmacJweDecryption.java | 3 ++- .../jose/jwe/DirectKeyDecryptionAlgorithm.java | 3 ++- .../jwe/EcdhAesGcmContentEncryptionAlgorithm.java | 3 ++- .../jwe/EcdhAesWrapKeyDecryptionAlgorithm.java | 7 ++++--- .../jwe/EcdhAesWrapKeyEncryptionAlgorithm.java | 4 ++-- .../jose/jwe/EcdhDirectKeyDecryptionAlgorithm.java | 2 +- .../cxf/rs/security/jose/jwe/EcdhHelper.java | 15 +++++++------- .../rs/security/jose/jwe/JweCompactBuilder.java | 7 ++++--- .../rs/security/jose/jwe/JweCompactConsumer.java | 3 ++- .../rs/security/jose/jwe/JweCompactProducer.java | 5 +++-- .../rs/security/jose/jwe/JweDecryptionInput.java | 14 ++++++------- .../rs/security/jose/jwe/JweDecryptionOutput.java | 5 +++-- .../rs/security/jose/jwe/JweEncryptionOutput.java | 16 +++++++-------- .../cxf/rs/security/jose/jwe/JweException.java | 3 ++- .../cxf/rs/security/jose/jwe/JweHeaders.java | 1 + .../cxf/rs/security/jose/jwe/JweJsonConsumer.java | 2 +- .../security/jose/jwe/JweJsonEncryptionEntry.java | 5 +++-- .../cxf/rs/security/jose/jwe/JweJsonProducer.java | 23 +++++++++++----------- .../security/jose/jwe/JweJwtCompactConsumer.java | 5 +++-- .../cxf/rs/security/jose/jwe/JweOutputStream.java | 7 ++++--- .../jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java | 5 +++-- .../jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java | 6 +++--- .../jose/jwe/WrappedKeyDecryptionAlgorithm.java | 7 ++++--- .../jose/jws/AbstractJwsSignatureProvider.java | 2 +- .../jose/jws/HmacJwsSignatureProvider.java | 5 +++-- .../jose/jws/HmacJwsSignatureVerifier.java | 12 +++++------ .../rs/security/jose/jws/JwsCompactConsumer.java | 7 ++++--- .../rs/security/jose/jws/JwsCompactProducer.java | 5 +++-- .../rs/security/jose/jws/JwsDetachedSignature.java | 13 ++++++------ .../cxf/rs/security/jose/jws/JwsException.java | 2 +- .../cxf/rs/security/jose/jws/JwsInputStream.java | 15 +++++++------- .../rs/security/jose/jws/JwsJsonOutputStream.java | 7 ++++--- .../cxf/rs/security/jose/jws/JwsJsonProducer.java | 11 ++++++----- .../security/jose/jws/JwsJsonSignatureEntry.java | 14 +++++++------ .../cxf/rs/security/jose/jws/JwsOutputStream.java | 5 +++-- .../jose/jws/PrivateKeyJwsSignatureProvider.java | 6 +++--- .../jose/jws/PublicKeyJwsSignatureVerifier.java | 15 ++++++++------ 41 files changed, 165 insertions(+), 131 deletions(-) diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java index c16f611..2c3ee90 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java @@ -30,8 +30,9 @@ public abstract class AbstractContentEncryptionCipherProperties implements Conte protected static final Logger LOG = LogUtils.getL7dLogger(AbstractContentEncryptionCipherProperties.class); private static final int DEFAULT_AUTH_TAG_LENGTH = 128; - private int authTagLen = DEFAULT_AUTH_TAG_LENGTH; - private ContentAlgorithm algo; + private final int authTagLen = DEFAULT_AUTH_TAG_LENGTH; + private final ContentAlgorithm algo; + public AbstractContentEncryptionCipherProperties(ContentAlgorithm algo) { this.algo = algo; } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java index cd4faf9..1d6809a 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java @@ -37,8 +37,9 @@ import org.apache.cxf.rt.security.crypto.KeyProperties; public abstract class AbstractJweDecryption implements JweDecryptionProvider { protected static final Logger LOG = LogUtils.getL7dLogger(JwsUtils.class); - private KeyDecryptionProvider keyDecryptionAlgo; - private ContentDecryptionProvider contentDecryptionAlgo; + private final KeyDecryptionProvider keyDecryptionAlgo; + private final ContentDecryptionProvider contentDecryptionAlgo; + protected AbstractJweDecryption(KeyDecryptionProvider keyDecryptionAlgo, ContentDecryptionProvider contentDecryptionAlgo) { this.keyDecryptionAlgo = keyDecryptionAlgo; diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java index 591f759..a1b226e 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java @@ -38,9 +38,10 @@ import org.apache.cxf.rt.security.crypto.KeyProperties; public abstract class AbstractJweEncryption implements JweEncryptionProvider { protected static final Logger LOG = LogUtils.getL7dLogger(AbstractJweEncryption.class); protected static final int DEFAULT_AUTH_TAG_LENGTH = 128; - private ContentEncryptionProvider contentEncryptionAlgo; - private KeyEncryptionProvider keyEncryptionAlgo; - private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter(); + private final ContentEncryptionProvider contentEncryptionAlgo; + private final KeyEncryptionProvider keyEncryptionAlgo; + private final JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter(); + protected AbstractJweEncryption(ContentEncryptionProvider contentEncryptionAlgo, KeyEncryptionProvider keyEncryptionAlgo) { this.keyEncryptionAlgo = keyEncryptionAlgo; diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java index 73db703..4f67106 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java @@ -31,10 +31,11 @@ import org.apache.cxf.rt.security.crypto.KeyProperties; public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider { protected static final Logger LOG = LogUtils.getL7dLogger(AbstractWrapKeyEncryptionAlgorithm.class); - private Key keyEncryptionKey; - private boolean wrap; - private KeyAlgorithm algorithm; - private Set<String> supportedAlgorithms; + private final Key keyEncryptionKey; + private final boolean wrap; + private final KeyAlgorithm algorithm; + private final Set<String> supportedAlgorithms; + protected AbstractWrapKeyEncryptionAlgorithm(Key key, Set<String> supportedAlgorithms) { this(key, null, true, supportedAlgorithms); } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java index 2ecba38..1daf841 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java @@ -27,7 +27,8 @@ import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; public class AesCbcHmacJweDecryption extends JweDecryption { - private String supportedAlgo; + private final String supportedAlgo; + public AesCbcHmacJweDecryption(KeyDecryptionProvider keyDecryptionAlgo) { this(keyDecryptionAlgo, null); } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java index a9159a0..59730f1 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java @@ -27,7 +27,8 @@ import org.apache.cxf.rt.security.crypto.CryptoUtils; public class DirectKeyDecryptionAlgorithm implements KeyDecryptionProvider { private static final Logger LOG = LogUtils.getL7dLogger(DirectKeyDecryptionAlgorithm.class); - private byte[] contentDecryptionKey; + private final byte[] contentDecryptionKey; + public DirectKeyDecryptionAlgorithm(Key contentDecryptionKey) { this(contentDecryptionKey.getEncoded()); } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesGcmContentEncryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesGcmContentEncryptionAlgorithm.java index 12d62aa..34c893f 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesGcmContentEncryptionAlgorithm.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesGcmContentEncryptionAlgorithm.java @@ -23,7 +23,8 @@ import java.security.interfaces.ECPublicKey; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; public class EcdhAesGcmContentEncryptionAlgorithm extends AesGcmContentEncryptionAlgorithm { - private EcdhHelper helper; + private final EcdhHelper helper; + public EcdhAesGcmContentEncryptionAlgorithm(ECPublicKey peerPublicKey, String curve, String apuString, diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java index d78d6fa..687dc2d 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java @@ -27,8 +27,9 @@ import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwk.JwkUtils; public class EcdhAesWrapKeyDecryptionAlgorithm implements KeyDecryptionProvider { - private ECPrivateKey key; - private KeyAlgorithm algo; + private final ECPrivateKey key; + private final KeyAlgorithm algo; + public EcdhAesWrapKeyDecryptionAlgorithm(ECPrivateKey key) { this(key, KeyAlgorithm.ECDH_ES_A128KW); } @@ -52,7 +53,7 @@ public class EcdhAesWrapKeyDecryptionAlgorithm implements KeyDecryptionProvider public KeyAlgorithm getAlgorithm() { return algo; } - + protected byte[] getDecryptedContentEncryptionKeyFromHeaders(JweHeaders headers, ECPrivateKey privateKey) { KeyAlgorithm jwtAlgo = headers.getKeyEncryptionAlgorithm(); JsonWebKey publicJwk = headers.getJsonWebKey("epk"); diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java index 2589eb8..d5d4a1b 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java @@ -36,8 +36,8 @@ public class EcdhAesWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider ECDH_AES_MAP.put(KeyAlgorithm.ECDH_ES_A192KW.getJwaName(), KeyAlgorithm.A192KW.getJwaName()); ECDH_AES_MAP.put(KeyAlgorithm.ECDH_ES_A256KW.getJwaName(), KeyAlgorithm.A256KW.getJwaName()); } - private KeyAlgorithm keyAlgo; - private EcdhHelper helper; + private final KeyAlgorithm keyAlgo; + private final EcdhHelper helper; public EcdhAesWrapKeyEncryptionAlgorithm(ECPublicKey peerPublicKey, KeyAlgorithm keyAlgo) { diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyDecryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyDecryptionAlgorithm.java index daab2e9..c170363 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyDecryptionAlgorithm.java @@ -27,7 +27,7 @@ import org.apache.cxf.rs.security.jose.jwk.JwkUtils; public class EcdhDirectKeyDecryptionAlgorithm extends DirectKeyDecryptionAlgorithm { - private ECPrivateKey privateKey; + private final ECPrivateKey privateKey; public EcdhDirectKeyDecryptionAlgorithm(ECPrivateKey privateKey) { super((byte[]) null); diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhHelper.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhHelper.java index 20801d1..ab2ad87 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhHelper.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhHelper.java @@ -31,11 +31,12 @@ import org.apache.cxf.rt.security.crypto.CryptoUtils; class EcdhHelper { - private ECPublicKey peerPublicKey; - private String ecurve; - private byte[] apuBytes; - private byte[] apvBytes; - private String ctAlgo; + private final ECPublicKey peerPublicKey; + private final String ecurve; + private final byte[] apuBytes; + private final byte[] apvBytes; + private final String ctAlgo; + EcdhHelper(ECPublicKey peerPublicKey, String curve, String apuString, @@ -57,7 +58,7 @@ class EcdhHelper { ContentAlgorithm contentAlgo = ContentAlgorithm.valueOf(ctAlgo); String algorithm = (KeyAlgorithm.isDirect(keyAlgo)) ? contentAlgo.getJwaName() : keyAlgo.getJwaName(); int keySizeBits = (KeyAlgorithm.isDirect(keyAlgo)) ? contentAlgo.getKeySizeBits() : keyAlgo.getKeySizeBits(); - + if (apuBytes != null) { headers.setHeader("apu", Base64UrlUtility.encode(apuBytes)); } @@ -79,5 +80,5 @@ class EcdhHelper { private byte[] toBytes(String str) { return str == null ? null : StringUtils.toBytesUTF8(str); } - + } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactBuilder.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactBuilder.java index c11322a..b3f9722 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactBuilder.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactBuilder.java @@ -28,9 +28,10 @@ import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter; public class JweCompactBuilder { - private StringBuilder jweContentBuilder; - private String encodedEncryptedContent; - private String encodedAuthTag; + private final StringBuilder jweContentBuilder; + private final String encodedEncryptedContent; + private final String encodedAuthTag; + public JweCompactBuilder(JweHeaders headers, byte[] encryptedContentEncryptionKey, byte[] cipherInitVector, diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java index 15cb760..f059835 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java @@ -32,7 +32,8 @@ import org.apache.cxf.rs.security.jose.common.JoseUtils; public class JweCompactConsumer { protected static final Logger LOG = LogUtils.getL7dLogger(JweCompactConsumer.class); - private JweDecryptionInput jweDecryptionInput; + private final JweDecryptionInput jweDecryptionInput; + public JweCompactConsumer(String jweContent) { String[] parts = JoseUtils.getCompactParts(jweContent); if (parts.length != 5) { diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java index c2aed7f..8ce8d77 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java @@ -26,8 +26,9 @@ import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; public class JweCompactProducer { - private JweHeaders headers; - private String data; + private final JweHeaders headers; + private final String data; + public JweCompactProducer(String data) { this(new JweHeaders(), data); } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionInput.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionInput.java index f97268f..3c0fe51 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionInput.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionInput.java @@ -20,13 +20,13 @@ package org.apache.cxf.rs.security.jose.jwe; public class JweDecryptionInput { - private String headersJson; - private byte[] encryptedCEK; - private byte[] initVector; - private byte[] encryptedContent; - private byte[] authTag; - private byte[] aad; - private JweHeaders jweHeaders; + private final String headersJson; + private final byte[] encryptedCEK; + private final byte[] initVector; + private final byte[] encryptedContent; + private final byte[] authTag; + private final byte[] aad; + private final JweHeaders jweHeaders; public JweDecryptionInput(byte[] encryptedCEK, byte[] initVector, diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionOutput.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionOutput.java index bb68424..c4a3e29 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionOutput.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionOutput.java @@ -21,8 +21,9 @@ package org.apache.cxf.rs.security.jose.jwe; import java.nio.charset.StandardCharsets; public class JweDecryptionOutput { - private JweHeaders headers; - private byte[] content; + private final JweHeaders headers; + private final byte[] content; + public JweDecryptionOutput(JweHeaders headers, byte[] content) { this.headers = headers; this.content = content; diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java index b28a416..58322b3 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java @@ -23,14 +23,14 @@ import javax.crypto.Cipher; import org.apache.cxf.rt.security.crypto.KeyProperties; public class JweEncryptionOutput { - private Cipher cipher; - private JweHeaders headers; - private byte[] encryptedContentEncryptionKey; - private byte[] iv; - private AuthenticationTagProducer authTagProducer; - private byte[] encryptedContent; - private byte[] authTag; - private KeyProperties keyProps; + private final Cipher cipher; + private final JweHeaders headers; + private final byte[] encryptedContentEncryptionKey; + private final byte[] iv; + private final AuthenticationTagProducer authTagProducer; + private final byte[] encryptedContent; + private final byte[] authTag; + private final KeyProperties keyProps; //CHECKSTYLE:OFF public JweEncryptionOutput(Cipher cipher, diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java index 16077d9..a44c807 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java @@ -23,7 +23,8 @@ import org.apache.cxf.rs.security.jose.common.JoseException; public class JweException extends JoseException { private static final long serialVersionUID = 4118589816228511524L; - private Error status; + private final Error status; + public JweException(Error status) { this(status, null); } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java index f673cac..c1fbba2 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java @@ -37,6 +37,7 @@ import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; public class JweHeaders extends JoseHeaders { private static final long serialVersionUID = 2405157132884168551L; private JweHeaders protectedHeaders; + public JweHeaders() { } public JweHeaders(JoseType type) { diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java index 87bb1ed..99db56e 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java @@ -93,7 +93,7 @@ public class JweJsonConsumer { for (Map.Entry<JweJsonEncryptionEntry, JweHeaders> entry : recipientsMap.entrySet()) { KeyAlgorithm keyAlgo = entry.getValue().getKeyEncryptionAlgorithm(); if (keyAlgo != null && keyAlgo.equals(jwe.getKeyAlgorithm()) - || keyAlgo == null + || keyAlgo == null && (jwe.getKeyAlgorithm() == null || KeyAlgorithm.DIRECT.equals(jwe.getKeyAlgorithm()))) { if (recipientProps != null && !entry.getValue().asMap().entrySet().containsAll(recipientProps.entrySet())) { diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonEncryptionEntry.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonEncryptionEntry.java index 089d475..89d5234 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonEncryptionEntry.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonEncryptionEntry.java @@ -26,8 +26,9 @@ import org.apache.cxf.jaxrs.json.basic.JsonObject; import org.apache.cxf.rs.security.jose.common.JoseUtils; public class JweJsonEncryptionEntry implements JsonObject { - private JweHeaders unprotectedHeader; - private String encodedEncryptedKey; + private final JweHeaders unprotectedHeader; + private final String encodedEncryptedKey; + public JweJsonEncryptionEntry(String encodedEncryptedKey) { this(null, encodedEncryptedKey); } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java index 486cc40..6bb5fe7 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java @@ -35,12 +35,13 @@ import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; public class JweJsonProducer { protected static final Logger LOG = LogUtils.getL7dLogger(JweJsonProducer.class); - private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter(); - private JweHeaders protectedHeader; - private JweHeaders unprotectedHeader; - private byte[] content; - private byte[] aad; - private boolean canBeFlat; + private final JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter(); + private final JweHeaders protectedHeader; + private final JweHeaders unprotectedHeader; + private final byte[] content; + private final byte[] aad; + private final boolean canBeFlat; + public JweJsonProducer(JweHeaders protectedHeader, byte[] content) { this(protectedHeader, content, false); } @@ -48,17 +49,17 @@ public class JweJsonProducer { this(protectedHeader, content, null, canBeFlat); } public JweJsonProducer(JweHeaders protectedHeader, byte[] content, byte[] aad, boolean canBeFlat) { - this.protectedHeader = protectedHeader; - this.content = content; - this.aad = aad; - this.canBeFlat = canBeFlat; + this(protectedHeader, null, content, aad, canBeFlat); } public JweJsonProducer(JweHeaders protectedHeader, JweHeaders unprotectedHeader, byte[] content, byte[] aad, boolean canBeFlat) { - this(protectedHeader, content, aad, canBeFlat); + this.protectedHeader = protectedHeader; + this.content = content; + this.aad = aad; + this.canBeFlat = canBeFlat; this.unprotectedHeader = unprotectedHeader; } public JweJsonProducer(JweHeaders protectedHeader, diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java index 1910308..988dd8d 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java @@ -29,8 +29,9 @@ import org.apache.cxf.rs.security.jose.jwt.JwtUtils; public class JweJwtCompactConsumer { - private JweCompactConsumer jweConsumer; - private JweHeaders headers; + private final JweCompactConsumer jweConsumer; + private final JweHeaders headers; + public JweJwtCompactConsumer(String content) { jweConsumer = new JweCompactConsumer(content); headers = jweConsumer.getJweHeaders(); diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java index 059fc57..697a87f 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java @@ -31,12 +31,13 @@ import org.apache.cxf.common.util.Base64UrlUtility; public class JweOutputStream extends FilterOutputStream { protected static final Logger LOG = LogUtils.getL7dLogger(JweOutputStream.class); - private Cipher encryptingCipher; - private int blockSize; - private AuthenticationTagProducer authTagProducer; + private final Cipher encryptingCipher; + private final int blockSize; + private final AuthenticationTagProducer authTagProducer; private byte[] lastRawDataChunk; private byte[] lastEncryptedDataChunk; private boolean flushed; + public JweOutputStream(OutputStream out, Cipher encryptingCipher, AuthenticationTagProducer authTagProducer) { diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java index 3010d64..505049b 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java @@ -24,8 +24,9 @@ import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; public class PbesHmacAesWrapKeyDecryptionAlgorithm implements KeyDecryptionProvider { - private byte[] password; - private KeyAlgorithm algo; + private final byte[] password; + private final KeyAlgorithm algo; + public PbesHmacAesWrapKeyDecryptionAlgorithm(String password) { this(password, KeyAlgorithm.PBES2_HS256_A128KW, false); } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java index 510e43a..e70ed88 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java @@ -61,10 +61,10 @@ public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionProvi DERIVED_KEY_SIZE_MAP.put(KeyAlgorithm.PBES2_HS512_A256KW.getJwaName(), 32); } + private final byte[] password; + private final int pbesCount; + private final KeyAlgorithm keyAlgoJwt; - private byte[] password; - private int pbesCount; - private KeyAlgorithm keyAlgoJwt; public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, KeyAlgorithm keyAlgoJwt) { this(stringToBytes(password), keyAlgoJwt); } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java index afe8293..69eeb0c 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java @@ -30,9 +30,10 @@ import org.apache.cxf.rt.security.crypto.KeyProperties; public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionProvider { protected static final Logger LOG = LogUtils.getL7dLogger(WrappedKeyDecryptionAlgorithm.class); - private Key cekDecryptionKey; - private boolean unwrap; - private KeyAlgorithm supportedAlgo; + private final Key cekDecryptionKey; + private final boolean unwrap; + private final KeyAlgorithm supportedAlgo; + public WrappedKeyDecryptionAlgorithm(Key cekDecryptionKey, KeyAlgorithm supportedAlgo) { this(cekDecryptionKey, supportedAlgo, true); } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java index 0054a96..1d4ecdb 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java @@ -26,7 +26,7 @@ import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvider { protected static final Logger LOG = LogUtils.getL7dLogger(AbstractJwsSignatureProvider.class); - private SignatureAlgorithm algorithm; + private final SignatureAlgorithm algorithm; protected AbstractJwsSignatureProvider(SignatureAlgorithm algo) { this.algorithm = algo; diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java index 7d52514..910fb79 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java @@ -29,8 +29,8 @@ import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rt.security.crypto.HmacUtils; public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider { - private byte[] key; - private AlgorithmParameterSpec hmacSpec; + private final byte[] key; + private final AlgorithmParameterSpec hmacSpec; public HmacJwsSignatureProvider(byte[] key, SignatureAlgorithm algo) { this(key, null, algo); @@ -42,6 +42,7 @@ public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider { } public HmacJwsSignatureProvider(String encodedKey, SignatureAlgorithm algo) { super(algo); + hmacSpec = null; try { this.key = Base64UrlUtility.decode(encodedKey); } catch (Base64Exception ex) { diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java index 56b3c62..a16262f 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java @@ -32,9 +32,9 @@ import org.apache.cxf.rt.security.crypto.HmacUtils; public class HmacJwsSignatureVerifier implements JwsSignatureVerifier { protected static final Logger LOG = LogUtils.getL7dLogger(HmacJwsSignatureVerifier.class); - private byte[] key; - private AlgorithmParameterSpec hmacSpec; - private SignatureAlgorithm supportedAlgo; + private final byte[] key; + private final AlgorithmParameterSpec hmacSpec; + private final SignatureAlgorithm supportedAlgo; public HmacJwsSignatureVerifier(String encodedKey) { this(JoseUtils.decode(encodedKey), SignatureAlgorithm.HS256); @@ -92,11 +92,11 @@ public class HmacJwsSignatureVerifier implements JwsSignatureVerifier { hmacSpec); return new HmacJwsVerificationSignature(mac); } - + private static class HmacJwsVerificationSignature implements JwsVerificationSignature { private Mac mac; - + HmacJwsVerificationSignature(Mac mac) { this.mac = mac; } @@ -111,6 +111,6 @@ public class HmacJwsSignatureVerifier implements JwsSignatureVerifier { byte[] macBytes = mac.doFinal(); return MessageDigest.isEqual(macBytes, signature); } - + } } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java index 5152363..7871cb6 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java @@ -33,12 +33,13 @@ import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; public class JwsCompactConsumer { protected static final Logger LOG = LogUtils.getL7dLogger(JwsCompactConsumer.class); private JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter(); - private String encodedSequence; - private String encodedSignature; - private String headersJson; + private final String encodedSequence; + private final String encodedSignature; + private final String headersJson; private String jwsPayload; private String decodedJwsPayload; private JwsHeaders jwsHeaders; + public JwsCompactConsumer(String encodedJws) { this(encodedJws, null); } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java index dbbe0e4..e725322 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java @@ -32,9 +32,10 @@ import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; public class JwsCompactProducer { private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter(); private JwsHeaders headers; - private String plainJwsPayload; private String signature; - private boolean detached; + private final String plainJwsPayload; + private final boolean detached; + public JwsCompactProducer(String plainJwsPayload) { this(plainJwsPayload, false); } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsDetachedSignature.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsDetachedSignature.java index 8e82be9..b53c6e8 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsDetachedSignature.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsDetachedSignature.java @@ -19,13 +19,14 @@ package org.apache.cxf.rs.security.jose.jws; public class JwsDetachedSignature { - private JwsHeaders headers; - private String base64UrlEncodedHeaders; - private JwsSignature signature; - private boolean useJwsJsonSignatureFormat; + private final JwsHeaders headers; + private final String base64UrlEncodedHeaders; + private final JwsSignature signature; + private final boolean useJwsJsonSignatureFormat; + public JwsDetachedSignature(JwsHeaders headers, String base64UrlEncodedHeaders, - JwsSignature signature, + JwsSignature signature, boolean useJwsJsonSignatureFormat) { this.headers = headers; this.base64UrlEncodedHeaders = base64UrlEncodedHeaders; @@ -44,5 +45,5 @@ public class JwsDetachedSignature { public boolean isUseJwsJsonSignatureFormat() { return useJwsJsonSignatureFormat; } - + } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsException.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsException.java index 4521d52..cdd2a8a 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsException.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsException.java @@ -23,7 +23,7 @@ import org.apache.cxf.rs.security.jose.common.JoseException; public class JwsException extends JoseException { private static final long serialVersionUID = 4118589816228511524L; - private Error status; + private final Error status; public JwsException(Error status) { this(status, null); } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsInputStream.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsInputStream.java index 148d3dd..6225e35 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsInputStream.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsInputStream.java @@ -24,10 +24,11 @@ import java.io.InputStream; import java.nio.ByteBuffer; public class JwsInputStream extends FilterInputStream { - private JwsVerificationSignature signature; - private byte[] signatureBytes; - private boolean verifyOnLastRead; - public JwsInputStream(InputStream out, + private final JwsVerificationSignature signature; + private final byte[] signatureBytes; + private final boolean verifyOnLastRead; + + public JwsInputStream(InputStream out, JwsVerificationSignature signature, byte[] signatureBytes, boolean verifyOnLastRead) { @@ -48,7 +49,7 @@ public class JwsInputStream extends FilterInputStream { } return value; } - + public int read(byte[] b, int off, int len) throws IOException { int num = in.read(b, off, len); if (num != -1) { @@ -58,10 +59,10 @@ public class JwsInputStream extends FilterInputStream { } return num; } - + private void verify() { if (verifyOnLastRead && !signature.verify(signatureBytes)) { - throw new JwsException(JwsException.Error.INVALID_SIGNATURE); + throw new JwsException(JwsException.Error.INVALID_SIGNATURE); } } } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonOutputStream.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonOutputStream.java index 7018024..75d9774 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonOutputStream.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonOutputStream.java @@ -32,9 +32,10 @@ import org.apache.cxf.common.util.StringUtils; public class JwsJsonOutputStream extends FilterOutputStream { private boolean flushed; - private List<String> protectedHeaders; - private List<JwsSignature> signatures; - private ExecutorService executor; + private final List<String> protectedHeaders; + private final List<JwsSignature> signatures; + private final ExecutorService executor; + public JwsJsonOutputStream(OutputStream out, List<String> protectedHeaders, List<JwsSignature> signatures) { diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java index b18d969..4ddda6e 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java @@ -37,12 +37,13 @@ import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; public class JwsJsonProducer { protected static final Logger LOG = LogUtils.getL7dLogger(JwsJsonProducer.class); - private boolean supportFlattened; - private boolean supportDetached; - private String plainPayload; + private final boolean supportFlattened; + private final boolean supportDetached; + private final String plainPayload; private String encodedPayload; - private List<JwsJsonSignatureEntry> signatures = new LinkedList<>(); - private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter(); + private final List<JwsJsonSignatureEntry> signatures = new LinkedList<>(); + private final JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter(); + public JwsJsonProducer(String tbsDocument) { this(tbsDocument, false); } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java index 3b43503..13b45c0 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java @@ -33,13 +33,13 @@ import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; public class JwsJsonSignatureEntry implements JsonObject { protected static final Logger LOG = LogUtils.getL7dLogger(JwsJsonSignatureEntry.class); - private String jwsPayload; - private String encodedProtectedHeader; - private String encodedSignature; - private JwsHeaders protectedHeader; - private JwsHeaders unprotectedHeader; + private final String jwsPayload; + private final String encodedProtectedHeader; + private final String encodedSignature; + private final JwsHeaders protectedHeader; + private final JwsHeaders unprotectedHeader; private JwsHeaders unionHeaders; - private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter(); + private final JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter(); public JwsJsonSignatureEntry(String jwsPayload, String encodedProtectedHeader, @@ -56,6 +56,8 @@ public class JwsJsonSignatureEntry implements JsonObject { this.unprotectedHeader = unprotectedHeader; if (encodedProtectedHeader != null) { this.protectedHeader = new JwsHeaders(writer.fromJson(JoseUtils.decodeToString(encodedProtectedHeader))); + } else { + this.protectedHeader = null; } prepare(); } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsOutputStream.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsOutputStream.java index 7aaebf2..b9d2547 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsOutputStream.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsOutputStream.java @@ -27,8 +27,9 @@ import org.apache.cxf.common.util.Base64UrlUtility; public class JwsOutputStream extends FilterOutputStream { private boolean flushed; - private JwsSignature signature; - private boolean writeSignature; + private final JwsSignature signature; + private final boolean writeSignature; + public JwsOutputStream(OutputStream out, JwsSignature signature, boolean writeSignature) { super(out); this.signature = signature; diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java index 948fdbf..7869725 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java @@ -29,9 +29,9 @@ import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rt.security.crypto.CryptoUtils; public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider { - private PrivateKey key; - private SecureRandom random; - private AlgorithmParameterSpec signatureSpec; + private final PrivateKey key; + private final SecureRandom random; + private final AlgorithmParameterSpec signatureSpec; public PrivateKeyJwsSignatureProvider(PrivateKey key, SignatureAlgorithm algo) { this(key, null, algo); diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java index 5b1faae..bcc15ed 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java @@ -32,16 +32,17 @@ import org.apache.cxf.rt.security.crypto.CryptoUtils; public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier { protected static final Logger LOG = LogUtils.getL7dLogger(PublicKeyJwsSignatureVerifier.class); - private PublicKey key; - private AlgorithmParameterSpec signatureSpec; - private SignatureAlgorithm supportedAlgo; - private X509Certificate cert; + private final PublicKey key; + private final AlgorithmParameterSpec signatureSpec; + private final SignatureAlgorithm supportedAlgo; + private final X509Certificate cert; public PublicKeyJwsSignatureVerifier(PublicKey key, SignatureAlgorithm supportedAlgorithm) { this(key, null, supportedAlgorithm); } public PublicKeyJwsSignatureVerifier(PublicKey key, AlgorithmParameterSpec spec, SignatureAlgorithm supportedAlgo) { this.key = key; + cert = null; this.signatureSpec = spec; this.supportedAlgo = supportedAlgo; JwsUtils.checkSignatureKeySize(key); @@ -54,6 +55,8 @@ public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier { SignatureAlgorithm supportedAlgo) { if (cert != null) { this.key = cert.getPublicKey(); + } else { + this.key = null; } this.cert = cert; this.signatureSpec = spec; @@ -106,7 +109,7 @@ public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier { signatureSpec); return new PublicKeyJwsVerificationSignature(sig); } - + private class PublicKeyJwsVerificationSignature implements JwsVerificationSignature { private Signature sig; PublicKeyJwsVerificationSignature(Signature sig) { @@ -130,6 +133,6 @@ public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier { throw new JwsException(JwsException.Error.INVALID_SIGNATURE, ex); } } - + } }
