Skip to content

Commit 2e157f4

Browse files
chenkinschenkins
committed
Review UVFMetadata compliance.
1 parent 5393554 commit 2e157f4

File tree

1 file changed

+8
-1
lines changed

1 file changed

+8
-1
lines changed

hub/src/main/java/cloud/katta/crypto/uvf/UvfMetadataPayload.java

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
import java.text.ParseException;
2525
import java.util.Arrays;
2626
import java.util.Base64;
27+
import java.util.Collections;
2728
import java.util.HashMap;
2829
import java.util.Map;
2930
import java.util.Objects;
@@ -296,7 +297,7 @@ public UvfMetadataPayload withStorage(final VaultMetadataJWEBackendDto backend)
296297
*/
297298
public static UvfMetadataPayload decryptWithJWK(final String jwe, final JWK jwk) throws ParseException, JOSEException, JsonProcessingException {
298299
final JWEObjectJSON jweObject = JWEObjectJSON.parse(jwe);
299-
jweObject.decrypt(new MultiDecrypter(jwk));
300+
jweObject.decrypt(new MultiDecrypter(jwk, Collections.singleton("uvf.spec.version")));
300301
final Payload payload = jweObject.getPayload();
301302
return UvfMetadataPayload.fromJWE(payload.toString());
302303
}
@@ -309,10 +310,16 @@ public static UvfMetadataPayload decryptWithJWK(final String jwe, final JWK jwk)
309310
* @param keys recipient keys for whom to encrypt
310311
*/
311312
public String encrypt(final String apiURL, final UUID vaultId, final JWKSet keys) throws JOSEException {
313+
// spec: https://github.com/encryption-alliance/unified-vault-format/tree/develop/vault%20metadata#jose-header
314+
// web frontend implementation: https://github.com/shift7-ch/katta-server/blob/feature/cipherduck-uvf/frontend/src/common/universalVaultFormat.ts#L343-L346
312315
final JWEObjectJSON builder = new JWEObjectJSON(
313316
new JWEHeader.Builder(EncryptionMethod.A256GCM)
317+
// kid goes into recipient-specific header
314318
.customParam("origin", String.format("%s/vaults/%s/uvf/vault.uvf", apiURL, vaultId.toString()))
315319
.jwkURL(URI.create("jwks.json"))
320+
.contentType("json")
321+
.criticalParams(Collections.singleton("uvf.spec.version"))
322+
.customParam("uvf.spec.version", "1")
316323
.build(),
317324
new Payload(new HashMap<String, Object>() {{
318325
put("fileFormat", fileFormat);

0 commit comments

Comments
 (0)