Make cipher field in AESCipher and AESCipherCBCnoPad thread safe

DEVSIX-8435

Author: AnhelinaM

kernel/src/main/java/com/itextpdf/kernel/crypto/AESCipher.java

@@ -27,45 +27,28 @@ This file is part of the iText (R) project.
 import com.itextpdf.kernel.exceptions.KernelExceptionMessageConstant;
 import com.itextpdf.kernel.exceptions.PdfException;
 import com.itextpdf.kernel.logs.KernelLogMessageConstant;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.security.GeneralSecurityException;
 
 /**
  * Creates an AES Cipher with CBC and padding PKCS5/7.
  */
 public class AESCipher {
-    
+
     private static final Logger LOGGER = LoggerFactory.getLogger(AESCipher.class);
 
     private static final String CIPHER_WITH_PKCS5_PADDING = "AES/CBC/PKCS5Padding";
 
     private static final IBouncyCastleFactory BOUNCY_CASTLE_FACTORY = BouncyCastleFactoryCreator.getFactory();
 
-    private static Cipher cipher;
-    
-    static {
-        try {
-            if ("BC".equals(BOUNCY_CASTLE_FACTORY.getProviderName())) {
-                // Do not pass bc provider and use default one here not to require bc provider for this functionality
-                // Do not use bc provider in kernel
-                cipher = Cipher.getInstance(CIPHER_WITH_PKCS5_PADDING);
-            } else {
-                cipher = Cipher.getInstance(CIPHER_WITH_PKCS5_PADDING, BOUNCY_CASTLE_FACTORY.getProvider());
-            }
-        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
-            throw new PdfException(KernelExceptionMessageConstant.ERROR_WHILE_INITIALIZING_AES_CIPHER, e);
-        }
-    }
+    private final Cipher cipher;
 
     /**
      * Creates a new instance of AESCipher
@@ -77,10 +60,17 @@ public class AESCipher {
      */
     public AESCipher(boolean forEncryption, byte[] key, byte[] iv) {
         try {
+            if ("BC".equals(BOUNCY_CASTLE_FACTORY.getProviderName())) {
+                // Do not pass bc provider and use default one here not to require bc provider for this functionality
+                // Do not use bc provider in kernel
+                cipher = Cipher.getInstance(CIPHER_WITH_PKCS5_PADDING);
+            } else {
+                cipher = Cipher.getInstance(CIPHER_WITH_PKCS5_PADDING, BOUNCY_CASTLE_FACTORY.getProvider());
+            }
             cipher.init(forEncryption ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE,
                     new SecretKeySpec(key, "AES"),
                     new IvParameterSpec(iv));
-        } catch (InvalidKeyException | InvalidAlgorithmParameterException e) {
+        } catch (GeneralSecurityException e) {
             throw new PdfException(KernelExceptionMessageConstant.ERROR_WHILE_INITIALIZING_AES_CIPHER, e);
         }
     }

kernel/src/main/java/com/itextpdf/kernel/crypto/AESCipherCBCnoPad.java

@@ -27,13 +27,10 @@ This file is part of the iText (R) project.
 import com.itextpdf.kernel.exceptions.KernelExceptionMessageConstant;
 import com.itextpdf.kernel.exceptions.PdfException;
 
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
 import javax.crypto.Cipher;
-import javax.crypto.NoSuchPaddingException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
+import java.security.GeneralSecurityException;
 
 /**
  * Creates an AES Cipher with CBC and no padding.
@@ -44,21 +41,7 @@ public class AESCipherCBCnoPad {
 
     private static final IBouncyCastleFactory BOUNCY_CASTLE_FACTORY = BouncyCastleFactoryCreator.getFactory();
 
-    private static Cipher cipher;
-    
-    static {
-        try {
-            if ("BC".equals(BOUNCY_CASTLE_FACTORY.getProviderName())) {
-                // Do not pass bc provider and use default one here not to require bc provider for this functionality
-                // Do not use bc provider in kernel
-                cipher = Cipher.getInstance(CIPHER_WITHOUT_PADDING);
-            } else {
-                cipher = Cipher.getInstance(CIPHER_WITHOUT_PADDING, BOUNCY_CASTLE_FACTORY.getProvider());
-            }
-        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
-            throw new PdfException(KernelExceptionMessageConstant.ERROR_WHILE_INITIALIZING_AES_CIPHER, e);
-        }
-    }
+    private final Cipher cipher;
 
     /**
      * Creates a new instance of AESCipher with CBC and no padding
@@ -81,10 +64,17 @@ public AESCipherCBCnoPad(boolean forEncryption, byte[] key) {
      */
     public AESCipherCBCnoPad(boolean forEncryption, byte[] key, byte[] initVector) {
         try {
+            if ("BC".equals(BOUNCY_CASTLE_FACTORY.getProviderName())) {
+                // Do not pass bc provider and use default one here not to require bc provider for this functionality
+                // Do not use bc provider in kernel
+                cipher = Cipher.getInstance(CIPHER_WITHOUT_PADDING);
+            } else {
+                cipher = Cipher.getInstance(CIPHER_WITHOUT_PADDING, BOUNCY_CASTLE_FACTORY.getProvider());
+            }
             cipher.init(forEncryption ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE,
                     new SecretKeySpec(key, "AES"),
                     new IvParameterSpec(initVector));
-        } catch (InvalidKeyException | InvalidAlgorithmParameterException e) {
+        } catch (GeneralSecurityException e) {
             throw new PdfException(KernelExceptionMessageConstant.ERROR_WHILE_INITIALIZING_AES_CIPHER, e);
         }
     }

kernel/src/main/java/com/itextpdf/kernel/crypto/securityhandler/EncryptionUtils.java

@@ -50,7 +50,6 @@ This file is part of the iText (R) project.
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.HashSet;
-import java.util.Iterator;
 import java.util.Set;
 import javax.crypto.Cipher;
 import javax.crypto.KeyGenerator;
@@ -114,11 +113,7 @@ static byte[] fetchEnvelopedData(Key certificateKey, Certificate certificate, St
                 ICMSEnvelopedData data;
                 try {
                     data = BOUNCY_CASTLE_FACTORY.createCMSEnvelopedData(recipient.getValueBytes());
-                    Iterator<IRecipientInformation> recipientCertificatesIt =
-                            data.getRecipientInfos().getRecipients().iterator();
-                    while (recipientCertificatesIt.hasNext()) {
-                        IRecipientInformation recipientInfo = recipientCertificatesIt.next();
-
+                    for (IRecipientInformation recipientInfo : data.getRecipientInfos().getRecipients()) {
                         if (recipientInfo.getRID().match(certHolder) && !foundRecipient) {
                             envelopedData = PdfEncryptor.getContent(recipientInfo, (PrivateKey) certificateKey,
                                     certificateKeyProvider);

kernel/src/main/java/com/itextpdf/kernel/pdf/PdfNumTree.java

@@ -80,9 +80,9 @@ public PdfDictionary buildTree() {
         if (numbers.length <= NODE_SIZE) {
             PdfDictionary dic = new PdfDictionary();
             PdfArray ar = new PdfArray();
-            for (int k = 0; k < numbers.length; ++k) {
-                ar.add(new PdfNumber((int) numbers[k]));
-                ar.add(items.get(numbers[k]));
+            for (Integer number : numbers) {
+                ar.add(new PdfNumber((int) number));
+                ar.add(items.get(number));
             }
             dic.put(PdfName.Nums, ar);
             return dic;

kernel/src/main/java/com/itextpdf/kernel/pdf/PdfWriter.java

@@ -120,7 +120,7 @@ public PdfWriter(String filename, WriterProperties properties) throws FileNotFou
      * @return true if to use full compression, false otherwise.
      */
     public boolean isFullCompression() {
-        return properties.isFullCompression != null ? (boolean) properties.isFullCompression : false;
+        return properties.isFullCompression != null && (boolean) properties.isFullCompression;
     }
 
     /**

sign/src/main/java/com/itextpdf/signatures/validation/v1/CRLValidator.java

@@ -325,7 +325,7 @@ private void verifyCrlIntegrity(ValidationReport report, ValidationContext conte
     }
 
     private Certificate getRoot(Certificate cert) {
-        Certificate[] chain = certificateRetriever.retrieveMissingCertificates(new Certificate[] {cert});
+        Certificate[] chain = certificateRetriever.retrieveMissingCertificates(new Certificate[]{cert});
         return chain[chain.length - 1];
     }
 

sign/src/main/java/com/itextpdf/signatures/validation/v1/OCSPValidator.java

@@ -126,8 +126,7 @@ public void validate(ValidationReport report, ValidationContext context, X509Cer
      * @param responseGenerationDate trusted date at which response is generated
      */
     public void validate(ValidationReport report, ValidationContext context, X509Certificate certificate,
-            ISingleResp singleResp, IBasicOCSPResp ocspResp, Date validationDate,
-            Date responseGenerationDate) {
+            ISingleResp singleResp, IBasicOCSPResp ocspResp, Date validationDate, Date responseGenerationDate) {
         ValidationContext localContext = context.setValidatorContext(ValidatorContext.OCSP_VALIDATOR);
         if (CertificateUtil.isSelfSigned(certificate)) {
             report.addReportItem(new CertificateReportItem(certificate, OCSP_CHECK,

sign/src/main/java/com/itextpdf/signatures/validation/v1/SafeCalling.java

@@ -37,6 +37,7 @@ private SafeCalling() {}
 
     /**
      * Adds a report item to the report when an exception is thrown in the action.
+     *
      * @param action            The action to perform
      * @param report            The report to add the ReportItem to
      * @param reportItemCreator A callback to generate a ReportItem
@@ -52,13 +53,14 @@ public static void onExceptionLog(ThrowingAction action, ValidationReport report
 
     /**
      * Adds a report item to the report when an exception is thrown in the action.
+     *
      * @param action            The action to perform
      * @param defaultValue      The value to return when an exception is thrown
      * @param report            The report to add the ReportItem to
      * @param reportItemCreator A callback to generate a ReportItem
+     * @param <T>
      *
      * @return The returned value from the action
-     * @param <T>
      */
     public static <T> T onExceptionLog(ThrowingSupplier<T> action, T defaultValue, ValidationReport report,
                                        Function<Exception, ReportItem> reportItemCreator) {
@@ -72,6 +74,7 @@ public static <T> T onExceptionLog(ThrowingSupplier<T> action, T defaultValue, V
 
     /**
      * Adds a report item to the report when an exception is thrown in the action.
+     *
      * @param action            The action to perform
      * @param report            The report to add the ReportItem to
      * @param reportItemCreator A callback to generate a ReportItem
@@ -85,16 +88,16 @@ public static void onRuntimeExceptionLog(Action action, ValidationReport report,
         }
     }
 
-
     /**
      * Adds a report item to the report when an exception is thrown in the action.
+     *
      * @param action            The action to perform
      * @param defaultValue      The value to return when an exception is thrown
      * @param report            The report to add the ReportItem to
      * @param reportItemCreator A callback to generate a ReportItem
+     * @param <T>
      *
      * @return The returned value from the action
-     * @param <T>
      */
     public static <T> T onRuntimeExceptionLog(Supplier<T> action, T defaultValue, ValidationReport report,
                                               Function<Exception, ReportItem> reportItemCreator) {

sign/src/main/java/com/itextpdf/signatures/validation/v1/SignatureValidationProperties.java

@@ -66,14 +66,14 @@ public class SignatureValidationProperties {
      * Create {@link SignatureValidationProperties} with default values.
      */
     public SignatureValidationProperties() {
-        setContinueAfterFailure(ValidatorContexts.all(),CertificateSources.all(), DEFAULT_CONTINUE_AFTER_FAILURE);
-        setRevocationOnlineFetching(ValidatorContexts.all(),CertificateSources.all(), TimeBasedContexts.all(),
+        setContinueAfterFailure(ValidatorContexts.all(), CertificateSources.all(), DEFAULT_CONTINUE_AFTER_FAILURE);
+        setRevocationOnlineFetching(ValidatorContexts.all(), CertificateSources.all(), TimeBasedContexts.all(),
                 DEFAULT_ONLINE_FETCHING);
 
-        setFreshness(ValidatorContexts.all(),CertificateSources.all(),
+        setFreshness(ValidatorContexts.all(), CertificateSources.all(),
                 TimeBasedContexts.of(TimeBasedContext.HISTORICAL), DEFAULT_FRESHNESS_HISTORICAL);
-        setFreshness(ValidatorContexts.all(),CertificateSources.all(),
-                TimeBasedContexts.of(TimeBasedContext.PRESENT),DEFAULT_FRESHNESS_PRESENT_OCSP);
+        setFreshness(ValidatorContexts.all(), CertificateSources.all(),
+                TimeBasedContexts.of(TimeBasedContext.PRESENT), DEFAULT_FRESHNESS_PRESENT_OCSP);
         setFreshness(ValidatorContexts.of(ValidatorContext.CRL_VALIDATOR), CertificateSources.all(),
                 TimeBasedContexts.of(TimeBasedContext.PRESENT), DEFAULT_FRESHNESS_PRESENT_CRL);