You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2013/07/31 17:35:47 UTC
svn commit: r1508931 - in /webservices/wss4j/trunk:
ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/
ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/
Author: giger
Date: Wed Jul 31 15:35:46 2013
New Revision: 1508931
URL: http://svn.apache.org/r1508931
Log:
WSS-472 - Incorrect Symmetric Key Derivation Length validation
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/WSSecurityTokenConstants.java
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java?rev=1508931&r1=1508930&r2=1508931&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java Wed Jul 31 15:35:46 2013
@@ -57,11 +57,17 @@ public class AlgorithmSuiteAssertionStat
setAsserted(false);
setErrorMessage("Symmetric signature algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
}
- if (algorithmSuite.getAlgorithmSuiteType() != null
+ if (algorithmSuite.getAlgorithmSuiteType() != null) {
+ if (!algorithmSuiteSecurityEvent.isDerivedKey()
&& (algorithmSuite.getAlgorithmSuiteType().getMinimumSymmetricKeyLength() > algorithmSuiteSecurityEvent.getKeyLength()
|| algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength() < algorithmSuiteSecurityEvent.getKeyLength())) {
- setAsserted(false);
- setErrorMessage("Symmetric signature algorithm key length " + algorithmSuiteSecurityEvent.getKeyLength() + " does not meet policy");
+ setAsserted(false);
+ setErrorMessage("Symmetric signature algorithm key length " + algorithmSuiteSecurityEvent.getKeyLength() + " does not meet policy");
+ } else if (algorithmSuiteSecurityEvent.isDerivedKey()
+ && algorithmSuite.getAlgorithmSuiteType().getSignatureDerivedKeyLength() != algorithmSuiteSecurityEvent.getKeyLength()) {
+ setAsserted(false);
+ setErrorMessage("Symmetric signature algorithm derived key length " + algorithmSuiteSecurityEvent.getKeyLength() + " does not meet policy");
+ }
}
} else if (WSSConstants.Asym_Sig.equals(keyUsage)) {
if (algorithmSuite.getAsymmetricSignature() != null
@@ -87,11 +93,17 @@ public class AlgorithmSuiteAssertionStat
setAsserted(false);
setErrorMessage("Encryption algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
}
- if (algorithmSuite.getAlgorithmSuiteType() != null
+ if (algorithmSuite.getAlgorithmSuiteType() != null) {
+ if (!algorithmSuiteSecurityEvent.isDerivedKey()
&& (algorithmSuite.getAlgorithmSuiteType().getMinimumSymmetricKeyLength() > algorithmSuiteSecurityEvent.getKeyLength()
|| algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength() < algorithmSuiteSecurityEvent.getKeyLength())) {
- setAsserted(false);
- setErrorMessage("Symmetric encryption algorithm key length " + algorithmSuiteSecurityEvent.getKeyLength() + " does not meet policy");
+ setAsserted(false);
+ setErrorMessage("Symmetric encryption algorithm key length " + algorithmSuiteSecurityEvent.getKeyLength() + " does not meet policy");
+ } else if (algorithmSuiteSecurityEvent.isDerivedKey()
+ && algorithmSuite.getAlgorithmSuiteType().getEncryptionDerivedKeyLength() != algorithmSuiteSecurityEvent.getKeyLength()) {
+ setAsserted(false);
+ setErrorMessage("Symmetric encryption algorithm derived key length " + algorithmSuiteSecurityEvent.getKeyLength() + " does not meet policy");
+ }
}
} else if (WSSConstants.Sym_Key_Wrap.equals(keyUsage)) {
if (algorithmSuite.getAlgorithmSuiteType() != null
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/WSSecurityTokenConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/WSSecurityTokenConstants.java?rev=1508931&r1=1508930&r2=1508931&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/WSSecurityTokenConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/WSSecurityTokenConstants.java Wed Jul 31 15:35:46 2013
@@ -53,5 +53,4 @@ public class WSSecurityTokenConstants ex
public static final TokenType KerberosToken = new TokenType("KerberosToken");
public static final TokenType SpnegoContextToken = new TokenType("SpnegoContextToken");
public static final TokenType RelToken = new TokenType("RelToken");
- public static final TokenType DerivedKeyToken = new TokenType("DerivedKeyToken");
}