Refactor around CMSInputAEADDecryptor

Author: gefeili

…ncycastle/cms/CMSInputAEADDecryptor.java …le/cms/jcajce/CMSInputAEADDecryptor.javapkix/src/main/java/org/bouncycastle/cms/CMSInputAEADDecryptor.java renamed to pkix/src/main/java/org/bouncycastle/cms/jcajce/CMSInputAEADDecryptor.java pkix/src/main/java/org/bouncycastle/cms/CMSInputAEADDecryptor.java renamed to pkix/src/main/java/org/bouncycastle/cms/jcajce/CMSInputAEADDecryptor.java

@@ -1,24 +1,25 @@
-package org.bouncycastle.cms;
+package org.bouncycastle.cms.jcajce;
+
+import java.io.InputStream;
+import java.io.OutputStream;
+
+import javax.crypto.Cipher;
 
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.cms.InputStreamWithMAC;
 import org.bouncycastle.jcajce.io.CipherInputStream;
 import org.bouncycastle.operator.InputAEADDecryptor;
 
-import javax.crypto.Cipher;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-public class CMSInputAEADDecryptor
-        implements InputAEADDecryptor
+class CMSInputAEADDecryptor
+    implements InputAEADDecryptor
 {
-    final AlgorithmIdentifier contentEncryptionAlgorithm;
+    private final AlgorithmIdentifier contentEncryptionAlgorithm;
 
-    final Cipher dataCipher;
+    private final Cipher dataCipher;
 
     private InputStream inputStream;
 
-    public CMSInputAEADDecryptor(AlgorithmIdentifier contentEncryptionAlgorithm, Cipher dataCipher)
+    CMSInputAEADDecryptor(AlgorithmIdentifier contentEncryptionAlgorithm, Cipher dataCipher)
     {
         this.contentEncryptionAlgorithm = contentEncryptionAlgorithm;
         this.dataCipher = dataCipher;
@@ -37,7 +38,7 @@ public InputStream getInputStream(InputStream dataIn)
 
     public OutputStream getAADStream()
     {
-        return new AADStream(dataCipher);
+        return new JceAADStream(dataCipher);
     }
 
     public byte[] getMAC()
@@ -48,30 +49,4 @@ public byte[] getMAC()
         }
         return null;
     }
-
-    private static class AADStream
-            extends OutputStream
-    {
-        private Cipher cipher;
-        private byte[] oneByte = new byte[1];
-
-        public AADStream(Cipher cipher)
-        {
-            this.cipher = cipher;
-        }
-
-        public void write(byte[] buf, int off, int len)
-                throws IOException
-        {
-            cipher.updateAAD(buf, off, len);
-        }
-
-        public void write(int b)
-                throws IOException
-        {
-            oneByte[0] = (byte)b;
-
-            cipher.updateAAD(oneByte);
-        }
-    }
 }

pkix/src/main/java/org/bouncycastle/cms/jcajce/JceAADStream.java

@@ -8,7 +8,7 @@
 class JceAADStream
     extends OutputStream
 {
-     private static final byte[] SINGLE_BYTE = new byte[1];
+     private final byte[] SINGLE_BYTE = new byte[1];
      private Cipher cipher;
 
      JceAADStream(Cipher cipher)

pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEKAuthEnvelopedRecipient.java

@@ -2,23 +2,27 @@
 
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSInputAEADDecryptor;
 import org.bouncycastle.cms.RecipientOperator;
 
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
+
 import java.security.Key;
 
+/**
+ * A recipient for CMS authenticated enveloped data encrypted with a KEK (Key Encryption Key).
+ * Handles key extraction and decryption of the content.
+ */
 public class JceKEKAuthEnvelopedRecipient
-        extends JceKEKRecipient
+    extends JceKEKRecipient
 {
     public JceKEKAuthEnvelopedRecipient(SecretKey recipientKey)
     {
         super(recipientKey);
     }
 
     public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey)
-            throws CMSException
+        throws CMSException
     {
         Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, encryptedContentEncryptionKey);
 

pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeAuthEnvelopedRecipient.java

@@ -4,23 +4,27 @@
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSInputAEADDecryptor;
 import org.bouncycastle.cms.RecipientOperator;
 
 import javax.crypto.Cipher;
+
 import java.security.Key;
 import java.security.PrivateKey;
 
+/**
+ * A recipient class for CMS authenticated enveloped data using key agreement (Key Agreement Recipient).
+ * Handles private key-based key extraction and content decryption.
+ */
 public class JceKeyAgreeAuthEnvelopedRecipient
-        extends JceKeyAgreeRecipient
+    extends JceKeyAgreeRecipient
 {
     public JceKeyAgreeAuthEnvelopedRecipient(PrivateKey recipientKey)
     {
         super(recipientKey);
     }
 
     public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, SubjectPublicKeyInfo senderPublicKey, ASN1OctetString userKeyingMaterial, byte[] encryptedContentKey)
-            throws CMSException
+        throws CMSException
     {
         Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, senderPublicKey, userKeyingMaterial, encryptedContentKey);
 

pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransAuthEnvelopedRecipient.java

@@ -7,7 +7,6 @@
 
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSInputAEADDecryptor;
 import org.bouncycastle.cms.RecipientOperator;
 
 public class JceKeyTransAuthEnvelopedRecipient