Merge pull request #24 from Mastercard/feature/aes-cbc-cleanup

danny-gallagher · web-flow · commit 1eace0d3c276 · 2021-10-18T13:23:27.000+01:00
* Removing un-neccessary SecretKeySpec for AESCBC and AESGCM classes
diff --git a/src/main/java/com/mastercard/developer/encryption/aes/AESCBC.java b/src/main/java/com/mastercard/developer/encryption/aes/AESCBC.java
@@ -19,13 +19,12 @@ private AESCBC() {
 
     @java.lang.SuppressWarnings("squid:S3329")
     public static byte[] decrypt(Key secretKey, JweObject object) throws GeneralSecurityException {
+        // First 16 bytes are the MAC key, so we only use the second 16 bytes
         SecretKeySpec aesKey = new SecretKeySpec(secretKey.getEncoded(), 16, 16, "AES");
-
         byte[] cipherText = EncodingUtils.base64Decode(object.getCipherText());
         byte[] iv = EncodingUtils.base64Decode(object.getIv());
-        SecretKeySpec keyspec = new SecretKeySpec(aesKey.getEncoded(), "AES");
 
-        return cipher(keyspec, new IvParameterSpec(iv), cipherText, Cipher.DECRYPT_MODE);
+        return cipher(aesKey, new IvParameterSpec(iv), cipherText, Cipher.DECRYPT_MODE);
     }
 
     public static byte[] cipher(Key key, AlgorithmParameterSpec iv, byte[] bytes, int mode) throws GeneralSecurityException {
diff --git a/src/main/java/com/mastercard/developer/encryption/aes/AESGCM.java b/src/main/java/com/mastercard/developer/encryption/aes/AESGCM.java
@@ -5,9 +5,7 @@
 import com.mastercard.developer.utils.EncodingUtils;
 
 import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
 import javax.crypto.spec.GCMParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
 import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
 import java.security.Key;
@@ -22,10 +20,9 @@ private AESGCM() {
 
     public static byte[] decrypt(Key cek, JweObject object) throws GeneralSecurityException {
         byte[] aad = object.getRawHeader().getBytes(StandardCharsets.US_ASCII);
-        SecretKey aesKey = new SecretKeySpec(cek.getEncoded(), "AES");
         GCMParameterSpec gcmSpec = new GCMParameterSpec(128, EncodingUtils.base64Decode(object.getIv()));
         byte[] bytes = ByteUtils.concat(EncodingUtils.base64Decode(object.getCipherText()), EncodingUtils.base64Decode(object.getAuthTag()));
-        return cipher(aesKey, gcmSpec, bytes, aad, Cipher.DECRYPT_MODE);
+        return cipher(cek, gcmSpec, bytes, aad, Cipher.DECRYPT_MODE);
     }
 
     public static byte[] cipher(Key key, GCMParameterSpec gcpSpec, byte[] bytes, byte[] aad, int mode) throws GeneralSecurityException {
