You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Sergey Beryozkin (JIRA)" <ji...@apache.org> on 2012/04/30 19:41:48 UTC

[jira] [Commented] (CXF-4145) Add the ability to restrict what algorithms were used for encryption/signature

    [ https://issues.apache.org/jira/browse/CXF-4145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13265045#comment-13265045 ] 

Sergey Beryozkin commented on CXF-4145:
---------------------------------------

Right now I'm making the assumption that a given endpoint or a client will support single key transport & symmetric enc algorithms, ex, it will only support say 'http://www.w3.org/2009/xmlenc11#aes128-gcm' symmetric algo as opposed to 'http://www.w3.org/2009/xmlenc11#aes128-gcm' &  'http://www.w3.org/2009/xmlenc11#aes128-cbc'; same for all the signature properties.

This will also let me fix CXF-4146 by injecting the reference to the same EncryptionProperties into in and out encryption handlers. Injecting it into the in handler makes sure the restriction is enforced and the fact that the same instance is referenced will make sure that the out handler will use the same algorithms that the client used. Similarly for the signature properies. I think it is reasonable at this early stage.
                
> Add the ability to restrict what algorithms were used for encryption/signature
> ------------------------------------------------------------------------------
>
>                 Key: CXF-4145
>                 URL: https://issues.apache.org/jira/browse/CXF-4145
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>            Reporter: Colm O hEigeartaigh
>            Assignee: Sergey Beryozkin
>             Fix For: 2.6.1, 2.5.4
>
>
> This task is to add some functionality on the inbound side to restrict what algorithms can be used by the client. Examples include the symmetric and Key Transport algorithms for encryption, and signature/c14n/digest algorithms for signature. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira