[jira] [Updated] (CXF-8816) Deflater and Inflater initialized with different 'nowrap' value

Sat, 04 Feb 2023 18:08:05 -0800 

     [ 
https://issues.apache.org/jira/browse/CXF-8816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]
Andriy Redko updated CXF-8816:
------------------------------
    Description: 
As for now Deflater and Inflater initialized with different 'nowrap' value. As 
result we are getting the folowing Exeption:
```
java.lang.SecurityException: java.util.zip.DataFormatException: invalid stored 
block lengths
        at 
org.apache.cxf.rt.security.crypto.CryptoUtils.processBytes(CryptoUtils.java:587)
        at 
org.apache.cxf.rt.security.crypto.CryptoUtils.decryptBytes(CryptoUtils.java:483)
        at 
org.apache.cxf.rs.security.jose.jwe.AbstractJweDecryption.doDecrypt(AbstractJweDecryption.java:72)
        at 
org.apache.cxf.rs.security.jose.jwe.AbstractJweDecryption.decrypt(AbstractJweDecryption.java:57)
        at 
org.apache.cxf.rs.security.jose.jwe.JweJsonConsumer.decryptWith(JweJsonConsumer.java:64)

```

This PR will fix the Jwe Compression by setting the 'nowrap' parameter for both 
Deflater and Inflater to 'true' (RAW DEF) as specified in the RFC1951.

> Deflater and Inflater initialized with different 'nowrap' value
> ---------------------------------------------------------------
>
>                 Key: CXF-8816
>                 URL: https://issues.apache.org/jira/browse/CXF-8816
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 3.4.10, 3.5.5, 4.0.0
>            Reporter: Andriy Redko
>            Priority: Major
>
> As for now Deflater and Inflater initialized with different 'nowrap' value. 
> As result we are getting the folowing Exeption:
> ```
> java.lang.SecurityException: java.util.zip.DataFormatException: invalid 
> stored block lengths
>         at 
> org.apache.cxf.rt.security.crypto.CryptoUtils.processBytes(CryptoUtils.java:587)
>         at 
> org.apache.cxf.rt.security.crypto.CryptoUtils.decryptBytes(CryptoUtils.java:483)
>         at 
> org.apache.cxf.rs.security.jose.jwe.AbstractJweDecryption.doDecrypt(AbstractJweDecryption.java:72)
>         at 
> org.apache.cxf.rs.security.jose.jwe.AbstractJweDecryption.decrypt(AbstractJweDecryption.java:57)
>         at 
> org.apache.cxf.rs.security.jose.jwe.JweJsonConsumer.decryptWith(JweJsonConsumer.java:64)
> ```
> This PR will fix the Jwe Compression by setting the 'nowrap' parameter for 
> both Deflater and Inflater to 'true' (RAW DEF) as specified in the RFC1951.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to