You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Sergey Beryozkin <sb...@gmail.com> on 2012/02/24 13:19:21 UTC
Re: svn commit: r1293213 - /cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
Wow, thanks Colm :-) The black magic security stuff in action :-)
Cheers, Sergey
On 24/02/12 12:17, coheigea@apache.org wrote:
> Author: coheigea
> Date: Fri Feb 24 12:17:22 2012
> New Revision: 1293213
>
> URL: http://svn.apache.org/viewvc?rev=1293213&view=rev
> Log:
> Fixed failing RS-Security tests with the IBM JDK and Santuario 1.5.x
>
> Modified:
> cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
>
> Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
> URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java?rev=1293213&r1=1293212&r2=1293213&view=diff
> ==============================================================================
> --- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java (original)
> +++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java Fri Feb 24 12:17:22 2012
> @@ -18,11 +18,15 @@
> */
> package org.apache.cxf.rs.security.xml;
>
> +import java.security.InvalidAlgorithmParameterException;
> import java.security.InvalidKeyException;
> import java.security.Key;
> import java.security.cert.X509Certificate;
> +import java.security.spec.MGF1ParameterSpec;
>
> import javax.crypto.Cipher;
> +import javax.crypto.spec.OAEPParameterSpec;
> +import javax.crypto.spec.PSource;
>
> import org.apache.ws.security.WSSecurityException;
> import org.apache.ws.security.util.WSSecurityUtil;
> @@ -38,11 +42,25 @@ public final class EncryptionUtils {
> throws WSSecurityException {
> Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
> try {
> - cipher.init(mode, cert);
> + OAEPParameterSpec oaepParameterSpec = null;
> + if (XMLCipher.RSA_OAEP.equals(keyEncAlgo)) {
> + oaepParameterSpec = new OAEPParameterSpec(
> + "SHA-1", "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT
> + );
> + }
> + if (oaepParameterSpec == null) {
> + cipher.init(mode, cert);
> + } else {
> + cipher.init(mode, cert.getPublicKey(), oaepParameterSpec);
> + }
> } catch (InvalidKeyException e) {
> throw new WSSecurityException(
> WSSecurityException.FAILED_ENCRYPTION, null, null, e
> );
> + } catch (InvalidAlgorithmParameterException e) {
> + throw new WSSecurityException(
> + WSSecurityException.FAILED_ENCRYPTION, null, null, e
> + );
> }
> return cipher;
> }
> @@ -51,11 +69,25 @@ public final class EncryptionUtils {
> throws WSSecurityException {
> Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
> try {
> - cipher.init(mode, key);
> + OAEPParameterSpec oaepParameterSpec = null;
> + if (XMLCipher.RSA_OAEP.equals(keyEncAlgo)) {
> + oaepParameterSpec = new OAEPParameterSpec(
> + "SHA-1", "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT
> + );
> + }
> + if (oaepParameterSpec == null) {
> + cipher.init(mode, key);
> + } else {
> + cipher.init(mode, key, oaepParameterSpec);
> + }
> } catch (InvalidKeyException e) {
> throw new WSSecurityException(
> WSSecurityException.FAILED_ENCRYPTION, null, null, e
> );
> + } catch (InvalidAlgorithmParameterException e) {
> + throw new WSSecurityException(
> + WSSecurityException.FAILED_ENCRYPTION, null, null, e
> + );
> }
> return cipher;
> }
>
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com