[ACC-2372] Consolidate skip handling in CipherInputStream subclass

AFaust · AFaust · commit 41b094f34bba · 2025-12-19T14:48:11.000+01:00
diff --git a/contentgrid-appserver-contentstore-impl-encryption/src/main/java/com/contentgrid/appserver/contentstore/impl/encryption/engine/AesCtrEncryptionEngine.java b/contentgrid-appserver-contentstore-impl-encryption/src/main/java/com/contentgrid/appserver/contentstore/impl/encryption/engine/AesCtrEncryptionEngine.java
@@ -6,8 +6,10 @@
 import com.contentgrid.appserver.contentstore.api.range.ResolvedContentRange;
 import com.contentgrid.appserver.contentstore.impl.encryption.UndecryptableContentException;
 import com.contentgrid.appserver.contentstore.impl.encryption.keys.KeyBytes;
+import com.contentgrid.appserver.contentstore.impl.utils.SkippableCipherInputStream;
 import com.contentgrid.appserver.contentstore.impl.utils.SkippingInputStream;
 import com.contentgrid.appserver.contentstore.impl.utils.ZeroPrefixedInputStream;
+
 import java.io.InputStream;
 import java.math.BigInteger;
 import java.security.InvalidAlgorithmParameterException;
@@ -18,10 +20,12 @@
 import java.util.List;
 import java.util.Objects;
 import java.util.stream.Collectors;
+
 import javax.crypto.Cipher;
 import javax.crypto.CipherInputStream;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.spec.IvParameterSpec;
+
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 
@@ -172,18 +176,17 @@ private static class DecryptingContentReader implements ContentReader {
         @Override
         public InputStream getContentInputStream() throws UnreadableContentException {
             return new ZeroPrefixedInputStream(
-                    new CipherInputStream(
+                    // CipherInputStream does not skip(n) into not-yet-decrypted data
+                    // Spring StreamUtils.copyRange needs that behaviour
+                    // so we use our SkippableCipherInputStream
+                    new SkippableCipherInputStream(
                             new SkippingInputStream(
                                     delegate.getContentInputStream(),
                                     byteStartOffset
                             ),
                             cipher
                     ),
-                    byteStartOffset,
-                    // CipherInputStream does not skip(n) into not-yet-decrypted data
-                    // Spring StreamUtils.copyRange needs that behaviour
-                    // so we have to tell prefixed input stream to use skipNBytes
-                    true
+                    byteStartOffset
             );
         }
 
diff --git a/contentgrid-appserver-contentstore-impl-encryption/src/main/java/com/contentgrid/appserver/contentstore/impl/encryption/engine/AlfrescoCompatibleEncryptionEngine.java b/contentgrid-appserver-contentstore-impl-encryption/src/main/java/com/contentgrid/appserver/contentstore/impl/encryption/engine/AlfrescoCompatibleEncryptionEngine.java
@@ -5,7 +5,7 @@
 import com.contentgrid.appserver.contentstore.api.UnreadableContentException;
 import com.contentgrid.appserver.contentstore.api.range.ResolvedContentRange;
 import com.contentgrid.appserver.contentstore.impl.encryption.UndecryptableContentException;
-import com.contentgrid.appserver.contentstore.impl.utils.SkippingInputStream;
+import com.contentgrid.appserver.contentstore.impl.utils.SkippableCipherInputStream;
 
 import java.io.InputStream;
 import java.security.InvalidAlgorithmParameterException;
@@ -15,7 +15,6 @@
 import java.util.Map;
 
 import javax.crypto.Cipher;
-import javax.crypto.CipherInputStream;
 import javax.crypto.KeyGenerator;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.spec.IvParameterSpec;
@@ -144,8 +143,8 @@ public InputStream getContentInputStream() throws UnreadableContentException {
             InputStream raw = delegate.getContentInputStream();
             // CipherInputStream does not skip(n) into not-yet-decrypted data
             // Spring StreamUtils.copyRange needs that behaviour
-            // so we have to tell prefixed input stream to use skipNBytes
-            return new SkippingInputStream(new CipherInputStream(raw, cipher), 0, true);
+            // so we use our SkippableCipherInputStream
+            return new SkippableCipherInputStream(raw, cipher);
         }
 
         @Override
diff --git a/contentgrid-appserver-contentstore-impl-utils/src/main/java/com/contentgrid/appserver/contentstore/impl/utils/SkippableCipherInputStream.java b/contentgrid-appserver-contentstore-impl-utils/src/main/java/com/contentgrid/appserver/contentstore/impl/utils/SkippableCipherInputStream.java
@@ -0,0 +1,43 @@
+package com.contentgrid.appserver.contentstore.impl.utils;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import javax.crypto.Cipher;
+import javax.crypto.CipherInputStream;
+
+public class SkippableCipherInputStream extends CipherInputStream
+{
+
+    public SkippableCipherInputStream(InputStream is, Cipher c)
+    {
+        super(is, c);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public long skip(long n) throws IOException
+    {
+        var skipped = super.skip(n);
+        var remaining = n - skipped;
+        var eof = false;
+        while (!eof && remaining > 0) {
+            if (read() == -1) {
+                eof = true;
+            } else {
+                skipped += 1;
+                remaining = n - skipped;
+            }
+            if (!eof && remaining > 0) {
+                skipped += super.skip(remaining);
+                remaining = n - skipped;
+            }
+        }
+
+        return skipped;
+    }
+
+    
+}
diff --git a/contentgrid-appserver-contentstore-impl-utils/src/main/java/com/contentgrid/appserver/contentstore/impl/utils/SkippingInputStream.java b/contentgrid-appserver-contentstore-impl-utils/src/main/java/com/contentgrid/appserver/contentstore/impl/utils/SkippingInputStream.java
@@ -13,17 +13,8 @@ public class SkippingInputStream extends InputStream {
     @NonNull
     private final InputStream delegate;
     private final long skipBytes;
-    // some delegates' skip may not skip into unread data
-    // allow case-by-case option to use skipNBytes on delegate
-    private boolean useDelegateSkipN = false;
     private boolean hasSkipped = false;
 
-    public SkippingInputStream(@NonNull InputStream delegate, long skipBytes, boolean useDelegateSkipN)
-    {
-        this(delegate, skipBytes);
-        this.useDelegateSkipN = useDelegateSkipN;
-    }
-
     private void ensureSkipped() throws IOException {
         if(!hasSkipped) {
             delegate.skipNBytes(skipBytes);
@@ -37,10 +28,6 @@ public long skip(long n) throws IOException {
             return 0;
         }
         ensureSkipped();
-        if (useDelegateSkipN) {
-            delegate.skipNBytes(n);
-            return n;
-        }
         return delegate.skip(n);
     }
 
diff --git a/contentgrid-appserver-contentstore-impl-utils/src/main/java/com/contentgrid/appserver/contentstore/impl/utils/ZeroPrefixedInputStream.java b/contentgrid-appserver-contentstore-impl-utils/src/main/java/com/contentgrid/appserver/contentstore/impl/utils/ZeroPrefixedInputStream.java
@@ -8,21 +8,11 @@
  */
 public class ZeroPrefixedInputStream extends InputStream {
     private final InputStream delegate;
-    // some delegates' skip may not skip into unread data
-    // allow case-by-case option to use skipNBytes on delegate
-    private final boolean useDelegateSkipN;
     private long prefixBytes;
 
     public ZeroPrefixedInputStream(InputStream delegate, long prefixBytes) {
         this.delegate = delegate;
         this.prefixBytes = prefixBytes;
-        this.useDelegateSkipN = false;
-    }
-
-    public ZeroPrefixedInputStream(InputStream delegate, long prefixBytes, boolean useDelegateSkipN) {
-        this.delegate = delegate;
-        this.prefixBytes = prefixBytes;
-        this.useDelegateSkipN = useDelegateSkipN;
     }
 
     @Override
@@ -37,20 +27,12 @@ public long skip(long n) throws IOException {
         if(prefixBytes > 0) {
             n = n - prefixBytes; // Still skipping so many bytes from the offset
             try {
-                if (useDelegateSkipN) {
-                    delegate.skipNBytes(n);
-                    return prefixBytes + n;
-                }
                 return prefixBytes + delegate.skip(n);
             } finally {
                 prefixBytes = 0; // Now the whole offset is consumed; skip to the delegate
             }
         }
 
-        if (useDelegateSkipN) {
-            delegate.skipNBytes(n);
-            return n;
-        }
         return delegate.skip(n);
     }
 
diff --git a/contentgrid-appserver-contentstore-impl-utils/src/test/java/com/contentgrid/appserver/contentstore/impl/utils/AbstractDelegatingInputStreamTest.java b/contentgrid-appserver-contentstore-impl-utils/src/test/java/com/contentgrid/appserver/contentstore/impl/utils/AbstractDelegatingInputStreamTest.java
@@ -21,35 +21,36 @@ abstract class AbstractDelegatingInputStreamTest<T extends InputStream>
 
     @Test
     void skipNegative() throws IOException {
-        try (InputStream is = wrapDelegate(new ByteArrayInputStream(FULL_DATA), false)) {
+        try (InputStream is = wrapDelegate(new ByteArrayInputStream(FULL_DATA))) {
             assertEquals(0, is.skip(-100));
         }
     }
 
     @Test
-    void skipNWithUnskippingDelegate() throws Exception {
+    void skipWithUnskippingDelegate() throws Exception {
         // if no data was read yet (decrypted), the underlying cipher stream can not skip
-        try (var sis = wrapDelegate(getUnskippingInputStream(), false)) {
+        try (var sis = wrapDelegate(getUnskippableInputStream())) {
             assertEquals(0, sis.skip(5));
         }
 
         // if some data was read, the underlying cipher stream can only skip up to the block size
         // AES block size is 16 byte, test data is longer
-        try (var sis = wrapDelegate(getUnskippingInputStream(), false)) {
+        try (var sis = wrapDelegate(getUnskippableInputStream())) {
             assertEquals(FULL_DATA[0], sis.read());
             assertEquals(5, sis.skip(5));
             assertEquals(10, sis.skip(12));
         }
+    }
 
-        // with us forcing skipNBytes on the delegate, everything should be fine
-        // this is only safe unless trying to skip beyond the limit, due to implicit read
-        try (var sis = wrapDelegate(getUnskippingInputStream(), true)) {
+    @Test
+    void skipWithSkippingDelegate() throws Exception {
+        try (var sis = wrapDelegate(getProperSkippableInputStream())) {
             assertEquals(5, sis.skip(5));
             assertEquals(15, sis.skip(15));
         }
     }
 
-    protected InputStream getUnskippingInputStream() throws Exception {
+    protected InputStream getUnskippableInputStream() throws Exception {
         var bos = new ByteArrayOutputStream();
         var keygen = KeyGenerator.getInstance("AES");
         var key = keygen.generateKey();
@@ -67,5 +68,23 @@ protected InputStream getUnskippingInputStream() throws Exception {
         return new CipherInputStream(bis, cipher);
     }
 
-    protected abstract T wrapDelegate(InputStream is, boolean useDelegateSkipN);
+    protected InputStream getProperSkippableInputStream() throws Exception {
+        var bos = new ByteArrayOutputStream();
+        var keygen = KeyGenerator.getInstance("AES");
+        var key = keygen.generateKey();
+        var cipher = Cipher.getInstance("AES");
+        cipher.init(Cipher.ENCRYPT_MODE, key);
+
+        try (var cos = new CipherOutputStream(bos, cipher)) {
+            cos.write(FULL_DATA);
+        }
+
+        var bis = new ByteArrayInputStream(bos.toByteArray());
+        cipher = Cipher.getInstance("AES");
+        cipher.init(Cipher.DECRYPT_MODE, key);
+
+        return new SkippableCipherInputStream(bis, cipher);
+    }
+
+    protected abstract T wrapDelegate(InputStream is);
 }
diff --git a/contentgrid-appserver-contentstore-impl-utils/src/test/java/com/contentgrid/appserver/contentstore/impl/utils/SkippingInputStreamTest.java b/contentgrid-appserver-contentstore-impl-utils/src/test/java/com/contentgrid/appserver/contentstore/impl/utils/SkippingInputStreamTest.java
@@ -41,25 +41,28 @@ void onlySkipsOnce() throws IOException {
     }
     
     @Test
-    void skipNWithUnskippingDelegateAndPrefixSkip() throws Exception {
+    void skipWithUnskippingDelegateAndPrefixSkip() throws Exception {
         // if some data was read, the underlying cipher stream can only skip up to the block size
         // AES block size is 16 byte, test data is longer
         // SkippingInputStream#ensureSkipped uses skipNBytes to read during initial skip
-        try (var sis = new SkippingInputStream(getUnskippingInputStream(), 5, false)) {
+        try (var sis = new SkippingInputStream(getUnskippableInputStream(), 5)) {
             assertEquals(5, sis.skip(5));
             // reaching 16 byte block size and not going beyond
             assertEquals(6, sis.skip(10));
         }
+    }
 
+    @Test
+    void skipWithSkippingDelegateAndPrefixSkip() throws Exception {
         // with us forcing skipNBytes on the delegate, everything should be fine
         // this is only safe unless trying to skip beyond the limit, due to implicit read
-        try (var sis = new SkippingInputStream(getUnskippingInputStream(), 5, true)) {
+        try (var sis = new SkippingInputStream(getProperSkippableInputStream(), 5)) {
             assertEquals(5, sis.skip(5));
             assertEquals(10, sis.skip(10));
         }
     }
 
-    protected SkippingInputStream wrapDelegate(InputStream is, boolean useDelegateSkipN) {
-        return new SkippingInputStream(is, 0, useDelegateSkipN);
+    protected SkippingInputStream wrapDelegate(InputStream is) {
+        return new SkippingInputStream(is, 0);
     }
 }
diff --git a/contentgrid-appserver-contentstore-impl-utils/src/test/java/com/contentgrid/appserver/contentstore/impl/utils/ZeroPrefixedInputStreamTest.java b/contentgrid-appserver-contentstore-impl-utils/src/test/java/com/contentgrid/appserver/contentstore/impl/utils/ZeroPrefixedInputStreamTest.java
@@ -65,34 +65,37 @@ void skipsZeroBytesAndMore() throws IOException {
     }
     
     @Test
-    void skipNWithUnskippingDelegateAndPrefixSkip() throws Exception {
+    void skipWithUnskippingDelegateAndPrefixSkip() throws Exception {
         // if no data was read yet (decrypted), the underlying cipher stream can not skip
         // skip is limited to the zero prefix
-        try (var sis = new ZeroPrefixedInputStream(getUnskippingInputStream(), 5, false)) {
+        try (var sis = new ZeroPrefixedInputStream(getUnskippableInputStream(), 5)) {
             assertEquals(5, sis.skip(10));
         }
 
         // if some data was read, the underlying cipher stream can only skip up to the block size
         // AES block size is 16 byte, test data is longer
-        try (var sis = new ZeroPrefixedInputStream(getUnskippingInputStream(), 5, false)) {
+        try (var sis = new ZeroPrefixedInputStream(getUnskippableInputStream(), 5)) {
             // can only skip as much as zero prefix, but not into actual content
             assertEquals(5, sis.skip(10));
             assertEquals(FULL_DATA[0], sis.read());
             // can skip until end of decrypted block
             assertEquals(15, sis.skip(20));
         }
+    }
 
+    @Test
+    void skipWithSkippingDelegateAndPrefixSkip() throws Exception {
         // with us forcing skipNBytes on the delegate, everything should be fine
         // this is only safe unless trying to skip beyond the limit, due to implicit read
-        try (var sis = new ZeroPrefixedInputStream(getUnskippingInputStream(), 5, true)) {
+        try (var sis = new ZeroPrefixedInputStream(getProperSkippableInputStream(), 5)) {
             assertEquals(3, sis.skip(3));
             // this skips prefix and some real data
             assertEquals(3, sis.skip(3));
             assertEquals(10, sis.skip(10));
         }
     }
 
-    protected ZeroPrefixedInputStream wrapDelegate(InputStream is, boolean useDelegateSkipN) {
-        return new ZeroPrefixedInputStream(is, 0, useDelegateSkipN);
+    protected ZeroPrefixedInputStream wrapDelegate(InputStream is) {
+        return new ZeroPrefixedInputStream(is, 0);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -41,25 +41,28 @@ void onlySkipsOnce() throws IOException {`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`@Test`
`44`		`- void skipNWithUnskippingDelegateAndPrefixSkip() throws Exception {`
	`44`	`+ void skipWithUnskippingDelegateAndPrefixSkip() throws Exception {`
`45`	`45`	`// if some data was read, the underlying cipher stream can only skip up to the block size`
`46`	`46`	`// AES block size is 16 byte, test data is longer`
`47`	`47`	`// SkippingInputStream#ensureSkipped uses skipNBytes to read during initial skip`
`48`		`- try (var sis = new SkippingInputStream(getUnskippingInputStream(), 5, false)) {`
	`48`	`+ try (var sis = new SkippingInputStream(getUnskippableInputStream(), 5)) {`
`49`	`49`	`assertEquals(5, sis.skip(5));`
`50`	`50`	`// reaching 16 byte block size and not going beyond`
`51`	`51`	`assertEquals(6, sis.skip(10));`
`52`	`52`	`}`
	`53`	`+ }`
`53`	`54`
	`55`	`+ @Test`
	`56`	`+ void skipWithSkippingDelegateAndPrefixSkip() throws Exception {`
`54`	`57`	`// with us forcing skipNBytes on the delegate, everything should be fine`
`55`	`58`	`// this is only safe unless trying to skip beyond the limit, due to implicit read`
`56`		`- try (var sis = new SkippingInputStream(getUnskippingInputStream(), 5, true)) {`
	`59`	`+ try (var sis = new SkippingInputStream(getProperSkippableInputStream(), 5)) {`
`57`	`60`	`assertEquals(5, sis.skip(5));`
`58`	`61`	`assertEquals(10, sis.skip(10));`
`59`	`62`	`}`
`60`	`63`	`}`
`61`	`64`
`62`		`- protected SkippingInputStream wrapDelegate(InputStream is, boolean useDelegateSkipN) {`
`63`		`- return new SkippingInputStream(is, 0, useDelegateSkipN);`
	`65`	`+ protected SkippingInputStream wrapDelegate(InputStream is) {`
	`66`	`+ return new SkippingInputStream(is, 0);`
`64`	`67`	`}`
`65`	`68`	`}`