Skip to content

Commit

Permalink
Compute AAD to encrypty/decrypt SO only if needed (#75818)
Browse files Browse the repository at this point in the history
  • Loading branch information
nchaulet authored Aug 26, 2020
1 parent 86d7050 commit 63265b6
Showing 1 changed file with 8 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -198,12 +198,15 @@ export class EncryptedSavedObjectsService {
if (typeDefinition === undefined) {
return attributes;
}
let encryptionAAD: string | undefined;

const encryptionAAD = this.getAAD(typeDefinition, descriptor, attributes);
const encryptedAttributes: Record<string, string> = {};
for (const attributeName of typeDefinition.attributesToEncrypt) {
const attributeValue = attributes[attributeName];
if (attributeValue != null) {
if (!encryptionAAD) {
encryptionAAD = this.getAAD(typeDefinition, descriptor, attributes);
}
try {
encryptedAttributes[attributeName] = (yield [attributeValue, encryptionAAD])!;
} catch (err) {
Expand Down Expand Up @@ -376,8 +379,7 @@ export class EncryptedSavedObjectsService {
if (typeDefinition === undefined) {
return attributes;
}

const encryptionAAD = this.getAAD(typeDefinition, descriptor, attributes);
let encryptionAAD: string | undefined;
const decryptedAttributes: Record<string, EncryptOutput> = {};
for (const attributeName of typeDefinition.attributesToEncrypt) {
const attributeValue = attributes[attributeName];
Expand All @@ -393,7 +395,9 @@ export class EncryptedSavedObjectsService {
)}`
);
}

if (!encryptionAAD) {
encryptionAAD = this.getAAD(typeDefinition, descriptor, attributes);
}
try {
decryptedAttributes[attributeName] = (yield [attributeValue, encryptionAAD])!;
} catch (err) {
Expand Down

0 comments on commit 63265b6

Please sign in to comment.