From 027c828e7b2958157267759fd3284feb29db02ff Mon Sep 17 00:00:00 2001
From: YouTube Embedded Player <yt-embedded-player-eng@google.com>
Date: Wed, 20 Dec 2023 08:29:47 -0800
Subject: [PATCH] No public description

PiperOrigin-RevId: 592568106
---
 .../java/com/google/rcat/RcatTinkCrypto.java  | 37 +++++++++++++------
 1 file changed, 25 insertions(+), 12 deletions(-)

diff --git a/java/src/main/java/com/google/rcat/RcatTinkCrypto.java b/java/src/main/java/com/google/rcat/RcatTinkCrypto.java
index b4292f6..94a3241 100644
--- a/java/src/main/java/com/google/rcat/RcatTinkCrypto.java
+++ b/java/src/main/java/com/google/rcat/RcatTinkCrypto.java
@@ -35,7 +35,7 @@ public final class RcatTinkCrypto {
   /** A {@code Signer} that performs public key signing operation with Tink. */
   public static class Signer implements RcatCrypto.Signer {
 
-    private final KeysetHandle privateKeysetHandle;
+    private final PublicKeySign signer;
 
     /**
      * Computes the signature for {@code data}.
@@ -46,7 +46,6 @@ public static class Signer implements RcatCrypto.Signer {
     @Override
     public byte[] sign(byte[] data) throws RcatSigningException {
       try {
-        PublicKeySign signer = this.privateKeysetHandle.getPrimitive(PublicKeySign.class);
         return signer.sign(data);
       } catch (GeneralSecurityException e) {
         throw new RcatSigningException("Unable to create signature for payload bytes.", e);
@@ -64,14 +63,18 @@ public static RcatTinkCrypto.Signer withPrivateKeysetHandle(KeysetHandle private
     }
 
     private Signer(KeysetHandle privateKeysetHandle) {
-      this.privateKeysetHandle = privateKeysetHandle;
+      try {
+        this.signer = privateKeysetHandle.getPrimitive(PublicKeySign.class);
+      } catch (GeneralSecurityException e) {
+        throw new RuntimeException("Unable to create signer", e);
+      }
     }
   }
 
   /** A {@code Verifier} that performs public key signing verification operation with Tink. */
   public static class Verifier implements RcatCrypto.Verifier {
 
-    private final KeysetHandle publicKeysetHandle;
+    private final PublicKeyVerify verifier;
 
     /**
      * Verifies whether {@code signature} is a valid signature for {@code data}.
@@ -82,7 +85,6 @@ public static class Verifier implements RcatCrypto.Verifier {
     @Override
     public void verify(byte[] signature, byte[] data) throws RcatSignatureValidationException {
       try {
-        PublicKeyVerify verifier = this.publicKeysetHandle.getPrimitive(PublicKeyVerify.class);
         verifier.verify(signature, data);
       } catch (GeneralSecurityException e) {
         throw new RcatSignatureValidationException(
@@ -102,14 +104,19 @@ public static RcatTinkCrypto.Verifier withPublicKeysetHandle(KeysetHandle public
     }
 
     private Verifier(KeysetHandle publicKeysetHandle) {
-      this.publicKeysetHandle = publicKeysetHandle;
+      try {
+        this.verifier = publicKeysetHandle.getPrimitive(PublicKeyVerify.class);
+      } catch (GeneralSecurityException e) {
+        throw new RuntimeException("Unable to create verifier", e);
+      }
+      ;
     }
   }
 
   /** An {@code Encrypter} that performs encryption operation with Tink. */
   public static class Encrypter implements RcatCrypto.Encrypter {
 
-    private final KeysetHandle publicKeysetHandle;
+    private final HybridEncrypt encrypter;
 
     /**
      * Encrypts {@code plaintext} binding {@code contextInfo} to the resulting ciphertext.
@@ -120,7 +127,6 @@ public static class Encrypter implements RcatCrypto.Encrypter {
     @Override
     public byte[] encrypt(byte[] plaintext, byte[] contextInfo) throws RcatEncryptionException {
       try {
-        HybridEncrypt encrypter = this.publicKeysetHandle.getPrimitive(HybridEncrypt.class);
         return encrypter.encrypt(plaintext, contextInfo);
       } catch (GeneralSecurityException e) {
         throw new RcatEncryptionException("Unable to encrypt RCAT token envelope.", e);
@@ -138,14 +144,18 @@ public static RcatTinkCrypto.Encrypter withPublicKeysetHandle(KeysetHandle publi
     }
 
     private Encrypter(KeysetHandle publicKeysetHandle) {
-      this.publicKeysetHandle = publicKeysetHandle;
+      try {
+        this.encrypter = publicKeysetHandle.getPrimitive(HybridEncrypt.class);
+      } catch (GeneralSecurityException e) {
+        throw new RuntimeException("Unable to create encrypter", e);
+      }
     }
   }
 
   /** An {@code Decrypter} that performs decryption operation with Tink. */
   public static class Decrypter implements RcatCrypto.Decrypter {
 
-    private final KeysetHandle privateKeysetHandle;
+    private final HybridDecrypt decrypter;
 
     /**
      * Decrypts {@code ciphertext} verifying the integrity of {@code contextInfo}.
@@ -156,7 +166,6 @@ public static class Decrypter implements RcatCrypto.Decrypter {
     @Override
     public byte[] decrypt(byte[] ciphertext, byte[] contextInfo) throws RcatDecryptionException {
       try {
-        HybridDecrypt decrypter = this.privateKeysetHandle.getPrimitive(HybridDecrypt.class);
         return decrypter.decrypt(ciphertext, contextInfo);
       } catch (GeneralSecurityException e) {
         throw new RcatDecryptionException("Unable to decrypt RCAT token envelope.", e);
@@ -175,7 +184,11 @@ public static RcatTinkCrypto.Decrypter withPrivateKeysetHandle(
     }
 
     private Decrypter(KeysetHandle privateKeysetHandle) {
-      this.privateKeysetHandle = privateKeysetHandle;
+      try {
+        this.decrypter = privateKeysetHandle.getPrimitive(HybridDecrypt.class);
+      } catch (GeneralSecurityException e) {
+        throw new RuntimeException("Unable to create decrypter", e);
+      }
     }
   }