You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ws.apache.org by gi...@apache.org on 2012/12/17 14:38:51 UTC

svn commit: r1422927 - /webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/EncryptedKeyProcessor.java

Author: giger
Date: Mon Dec 17 13:38:51 2012
New Revision: 1422927

URL: http://svn.apache.org/viewvc?rev=1422927&view=rev
Log:
Use UNWRAP instead of DECRYTP mode for unwrapping keys

Modified:
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/EncryptedKeyProcessor.java

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/EncryptedKeyProcessor.java?rev=1422927&r1=1422926&r2=1422927&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/EncryptedKeyProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/EncryptedKeyProcessor.java Mon Dec 17 13:38:51 2012
@@ -165,9 +165,9 @@ public class EncryptedKeyProcessor imple
                     );
             }
             if (oaepParameterSpec == null) {
-                cipher.init(Cipher.DECRYPT_MODE, privateKey);
+                cipher.init(Cipher.UNWRAP_MODE, privateKey);
             } else {
-                cipher.init(Cipher.DECRYPT_MODE, privateKey, oaepParameterSpec);
+                cipher.init(Cipher.UNWRAP_MODE, privateKey, oaepParameterSpec);
             }
         } catch (Exception ex) {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, ex);
@@ -179,7 +179,8 @@ public class EncryptedKeyProcessor imple
         byte[] decryptedBytes = null;
         try {
             encryptedEphemeralKey = getDecodedBase64EncodedData(xencCipherValue);
-            decryptedBytes = cipher.doFinal(encryptedEphemeralKey);
+            String keyAlgorithm = JCEMapper.translateURItoJCEID(encryptedKeyTransportMethod);
+            decryptedBytes = cipher.unwrap(encryptedEphemeralKey, keyAlgorithm, Cipher.SECRET_KEY).getEncoded();
         } catch (IllegalStateException ex) {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, ex);
         } catch (Exception ex) {