Skip to content

Commit 236e1c8

Browse files
tholenstcopybara-github
tholenst
authored and
copybara-github
committed
Call getPrimitiveForEntry only once in JwtMacWrapper.
In the future, getPrimitiveForEntry will create the primitive on the fly. Hence we should not call this each time the primitive is implemented, but simply when wrap is called. PiperOrigin-RevId: 732092421 Change-Id: Ia18f0b234fcd1f465510540642d42b9c815ce260
1 parent 1240f41 commit 236e1c8

File tree

1 file changed

+54
-23
lines changed

1 file changed

+54
-23
lines changed

src/main/java/com/google/crypto/tink/jwt/JwtMacWrapper.java

Lines changed: 54 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -26,11 +26,22 @@
2626
import com.google.crypto.tink.internal.PrimitiveWrapper;
2727
import com.google.errorprone.annotations.Immutable;
2828
import java.security.GeneralSecurityException;
29+
import java.util.ArrayList;
30+
import java.util.List;
2931

3032
/**
3133
* JwtMacWrapper is the implementation of {@link PrimitiveWrapper} for the {@link JwtMac} primitive.
3234
*/
3335
class JwtMacWrapper implements PrimitiveWrapper<JwtMac, JwtMac> {
36+
private static class JwtMacWithId {
37+
JwtMacWithId(JwtMac jwtMac, int id) {
38+
this.jwtMac = jwtMac;
39+
this.id = id;
40+
}
41+
42+
final JwtMac jwtMac;
43+
final int id;
44+
}
3445

3546
private static final JwtMacWrapper WRAPPER = new JwtMacWrapper();
3647

@@ -42,35 +53,34 @@ private static void validate(PrimitiveSet<JwtMac> primitiveSet) throws GeneralSe
4253

4354
@Immutable
4455
private static class WrappedJwtMac implements JwtMac {
56+
@SuppressWarnings("Immutable")
57+
private final JwtMacWithId primary;
58+
4559
@SuppressWarnings("Immutable") // We do not mutate the primitive set.
46-
private final PrimitiveSet<JwtMac> primitives;
60+
private final List<JwtMacWithId> allMacs;
4761

4862
@SuppressWarnings("Immutable")
4963
private final MonitoringClient.Logger computeLogger;
5064

5165
@SuppressWarnings("Immutable")
5266
private final MonitoringClient.Logger verifyLogger;
5367

54-
private WrappedJwtMac(PrimitiveSet<JwtMac> primitives) {
55-
this.primitives = primitives;
56-
if (!primitives.getAnnotations().isEmpty()) {
57-
MonitoringClient client = MutableMonitoringRegistry.globalInstance().getMonitoringClient();
58-
MonitoringKeysetInfo keysetInfo = MonitoringUtil.getMonitoringKeysetInfo(primitives);
59-
this.computeLogger = client.createLogger(keysetInfo, "jwtmac", "compute");
60-
this.verifyLogger = client.createLogger(keysetInfo, "jwtmac", "verify");
61-
} else {
62-
this.computeLogger = MonitoringUtil.DO_NOTHING_LOGGER;
63-
this.verifyLogger = MonitoringUtil.DO_NOTHING_LOGGER;
64-
}
68+
private WrappedJwtMac(
69+
JwtMacWithId primary,
70+
List<JwtMacWithId> allMacs,
71+
MonitoringClient.Logger computeLogger,
72+
MonitoringClient.Logger verifyLogger) {
73+
this.primary = primary;
74+
this.allMacs = allMacs;
75+
this.computeLogger = computeLogger;
76+
this.verifyLogger = verifyLogger;
6577
}
6678

6779
@Override
6880
public String computeMacAndEncode(RawJwt token) throws GeneralSecurityException {
6981
try {
70-
KeysetHandleInterface.Entry primary = primitives.getKeysetHandle().getPrimary();
71-
JwtMac primaryJwtMac = primitives.getPrimitiveForEntry(primary);
72-
String result = primaryJwtMac.computeMacAndEncode(token);
73-
computeLogger.log(primary.getId(), 1);
82+
String result = primary.jwtMac.computeMacAndEncode(token);
83+
computeLogger.log(primary.id, 1);
7484
return result;
7585
} catch (GeneralSecurityException e) {
7686
computeLogger.logFailure();
@@ -82,13 +92,10 @@ public String computeMacAndEncode(RawJwt token) throws GeneralSecurityException
8292
public VerifiedJwt verifyMacAndDecode(String compact, JwtValidator validator)
8393
throws GeneralSecurityException {
8494
GeneralSecurityException interestingException = null;
85-
KeysetHandleInterface keysetHandle = primitives.getKeysetHandle();
86-
for (int i = 0; i < keysetHandle.size(); i++) {
87-
KeysetHandleInterface.Entry entry = keysetHandle.getAt(i);
88-
JwtMac jwtMac = primitives.getPrimitiveForEntry(entry);
95+
for (JwtMacWithId macAndId : allMacs) {
8996
try {
90-
VerifiedJwt result = jwtMac.verifyMacAndDecode(compact, validator);
91-
verifyLogger.log(entry.getId(), 1);
97+
VerifiedJwt result = macAndId.jwtMac.verifyMacAndDecode(compact, validator);
98+
verifyLogger.log(macAndId.id, 1);
9299
return result;
93100
} catch (GeneralSecurityException e) {
94101
if (e instanceof JwtInvalidException) {
@@ -111,7 +118,31 @@ public VerifiedJwt verifyMacAndDecode(String compact, JwtValidator validator)
111118
@Override
112119
public JwtMac wrap(final PrimitiveSet<JwtMac> primitives) throws GeneralSecurityException {
113120
validate(primitives);
114-
return new WrappedJwtMac(primitives);
121+
KeysetHandleInterface keysetHandle = primitives.getKeysetHandle();
122+
List<JwtMacWithId> allMacs = new ArrayList<>(keysetHandle.size());
123+
for (int i = 0; i < keysetHandle.size(); i++) {
124+
KeysetHandleInterface.Entry entry = keysetHandle.getAt(i);
125+
JwtMac jwtMac = primitives.getPrimitiveForEntry(entry);
126+
allMacs.add(new JwtMacWithId(jwtMac, entry.getId()));
127+
}
128+
MonitoringClient.Logger computeLogger;
129+
MonitoringClient.Logger verifyLogger;
130+
if (!primitives.getAnnotations().isEmpty()) {
131+
MonitoringClient client = MutableMonitoringRegistry.globalInstance().getMonitoringClient();
132+
MonitoringKeysetInfo keysetInfo = MonitoringUtil.getMonitoringKeysetInfo(primitives);
133+
computeLogger = client.createLogger(keysetInfo, "jwtmac", "compute");
134+
verifyLogger = client.createLogger(keysetInfo, "jwtmac", "verify");
135+
} else {
136+
computeLogger = MonitoringUtil.DO_NOTHING_LOGGER;
137+
verifyLogger = MonitoringUtil.DO_NOTHING_LOGGER;
138+
}
139+
JwtMac primaryMac = primitives.getPrimitiveForEntry(keysetHandle.getPrimary());
140+
141+
return new WrappedJwtMac(
142+
new JwtMacWithId(primaryMac, keysetHandle.getPrimary().getId()),
143+
allMacs,
144+
computeLogger,
145+
verifyLogger);
115146
}
116147

117148
@Override

0 commit comments

Comments
 (0)