You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2014/12/10 18:06:09 UTC
svn commit: r1644481 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/wss4j/common/crypto/
ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/
Author: coheigea
Date: Wed Dec 10 17:06:08 2014
New Revision: 1644481
URL: http://svn.apache.org/r1644481
Log:
Also check key sizes of the signing certs
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java?rev=1644481&r1=1644480&r2=1644481&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java Wed Dec 10 17:06:08 2014
@@ -149,6 +149,21 @@ public class AlgorithmSuiteValidator {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
}
}
+
+ /**
+ * Check the asymmetric key length
+ */
+ public void checkAsymmetricKeyLength(
+ X509Certificate[] x509Certificates
+ ) throws WSSecurityException {
+ if (x509Certificates == null) {
+ return;
+ }
+
+ for (X509Certificate cert : x509Certificates) {
+ checkAsymmetricKeyLength(cert.getPublicKey());
+ }
+ }
/**
* Check the asymmetric key length
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java?rev=1644481&r1=1644480&r2=1644481&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java Wed Dec 10 17:06:08 2014
@@ -217,7 +217,12 @@ public class SAMLTokenProcessor implemen
AlgorithmSuiteValidator(algorithmSuite);
algorithmSuiteValidator.checkSignatureAlgorithms(xmlSignature);
- algorithmSuiteValidator.checkAsymmetricKeyLength(key);
+
+ if (samlKeyInfo.getCerts() != null && samlKeyInfo.getCerts().length > 0) {
+ algorithmSuiteValidator.checkAsymmetricKeyLength(samlKeyInfo.getCerts());
+ } else {
+ algorithmSuiteValidator.checkAsymmetricKeyLength(key);
+ }
}
samlAssertion.verifySignature(samlKeyInfo);
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java?rev=1644481&r1=1644480&r2=1644481&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java Wed Dec 10 17:06:08 2014
@@ -208,16 +208,11 @@ public class SignatureProcessor implemen
((WSDerivedKeyTokenPrincipal)principal).getLength()
);
} else {
- Key key = null;
- if (certs != null && certs[0] != null) {
- key = certs[0].getPublicKey();
+ if (certs != null && certs.length > 0) {
+ algorithmSuiteValidator.checkAsymmetricKeyLength(certs);
} else if (publicKey != null) {
- key = publicKey;
- }
-
- if (key instanceof PublicKey) {
- algorithmSuiteValidator.checkAsymmetricKeyLength((PublicKey)key);
- } else {
+ algorithmSuiteValidator.checkAsymmetricKeyLength(publicKey);
+ } else if (secretKey != null) {
algorithmSuiteValidator.checkSymmetricKeyLength(secretKey.length);
}
}