You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2014/12/10 18:06:09 UTC

svn commit: r1644481 - in /webservices/wss4j/trunk: ws-security-common/src/main/java/org/apache/wss4j/common/crypto/ ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/

Author: coheigea
Date: Wed Dec 10 17:06:08 2014
New Revision: 1644481

URL: http://svn.apache.org/r1644481
Log:
Also check key sizes of the signing certs

Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java?rev=1644481&r1=1644480&r2=1644481&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java Wed Dec 10 17:06:08 2014
@@ -149,6 +149,21 @@ public class AlgorithmSuiteValidator {
             throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
         }
     }
+    
+    /**
+     * Check the asymmetric key length
+     */
+    public void checkAsymmetricKeyLength(
+        X509Certificate[] x509Certificates
+    ) throws WSSecurityException {
+        if (x509Certificates == null) {
+            return;
+        }
+        
+        for (X509Certificate cert : x509Certificates) {
+            checkAsymmetricKeyLength(cert.getPublicKey());
+        }
+    }
 
     /**
      * Check the asymmetric key length

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java?rev=1644481&r1=1644480&r2=1644481&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java Wed Dec 10 17:06:08 2014
@@ -217,7 +217,12 @@ public class SAMLTokenProcessor implemen
                     AlgorithmSuiteValidator(algorithmSuite);
 
                 algorithmSuiteValidator.checkSignatureAlgorithms(xmlSignature);
-                algorithmSuiteValidator.checkAsymmetricKeyLength(key);
+                
+                if (samlKeyInfo.getCerts() != null && samlKeyInfo.getCerts().length > 0) {
+                    algorithmSuiteValidator.checkAsymmetricKeyLength(samlKeyInfo.getCerts());
+                } else {
+                    algorithmSuiteValidator.checkAsymmetricKeyLength(key);
+                }
             }
 
             samlAssertion.verifySignature(samlKeyInfo);

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java?rev=1644481&r1=1644480&r2=1644481&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java Wed Dec 10 17:06:08 2014
@@ -208,16 +208,11 @@ public class SignatureProcessor implemen
                     ((WSDerivedKeyTokenPrincipal)principal).getLength()
                 );
             } else {
-                Key key = null;
-                if (certs != null && certs[0] != null) {
-                    key = certs[0].getPublicKey();
+                if (certs != null && certs.length > 0) {
+                    algorithmSuiteValidator.checkAsymmetricKeyLength(certs);
                 } else if (publicKey != null) {
-                    key = publicKey;
-                }
-
-                if (key instanceof PublicKey) {
-                    algorithmSuiteValidator.checkAsymmetricKeyLength((PublicKey)key);
-                } else {
+                    algorithmSuiteValidator.checkAsymmetricKeyLength(publicKey);
+                } else if (secretKey != null) {
                     algorithmSuiteValidator.checkSymmetricKeyLength(secretKey.length);
                 }
             }