This is all sorted now
https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+JOSE#JAX-RSJOSE-JWEJSON
This shows an updated producer code - the old way of using the utility
to create a content algo provider with an algorithm property only is
still OK if it is a single recipient - but indeed to avoid the CEK
auto-generation one needs to prepare a byte[] or SecretKey and pass it
to AES GCM provider.
In the test in the source IV is also passed - only to match the expected
output, not required otherwise
Sergey
On 20/07/16 11:36, Sergey Beryozkin wrote:
Hi Ella
On 20/07/16 06:32, ellachen wrote:
Hi Sergey,
Thanks for the quick response and fix the problem in such a short time.
Np, some work still needs to be done to make it a bit simpler.
Specifically, extending JweJsonProducer to get CEK & IV shared is all
right but ideally one would just reuse the same instance of
ContentEncryptionProvider initialized with CEK & IV - but currently
ContentEncryptionProvider implementations (AES GCM, etc which can accept
CEK and IV in constructors) would fail if they are asked to return IV
for more than once - this is correct but in this case it is safe as the
cipher text is created only once, it is only CEK which is encrypted more
than once.
There's also some sub-optimal code there that results in a redundant (
but harmless) Cipher creation for the 2nd/etc recipient
Could you please let us know when are we going to have version 3.1.7?
We are working toward the release, I honestly hope it will be out by the
end of the month
Cheers, Sergey
Cheers,
Ella
--
View this message in context:
http://cxf.547215.n5.nabble.com/Multiple-Recipient-for-JAX-RS-JOSE-tp5770495p5770521.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
