You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by gi...@apache.org on 2012/09/17 21:32:09 UTC
svn commit: r1386786 [1/2] - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/stax/ext/
main/java/org/apache/xml/security/stax/impl/processor/input/
main/java/org/apache/xml/security/stax/impl/processor/output/
main/java/org...
Author: giger
Date: Mon Sep 17 19:32:08 2012
New Revision: 1386786
URL: http://svn.apache.org/viewvc?rev=1386786&view=rev
Log:
SANTUARIO-338 - Implement XML Encryption 1.1 testcases using streaming code.
TODO we should warn the users about potential unsecure algorithms and combinations. E.g. only use
rsa-oaep together with aes-gcm to be fully secure.
Added:
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/XMLEncryption11Test.java
- copied, changed from r1385260, santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/encryption/XMLEncryption11Test.java
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityProperties.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSecurityInputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/util/IVSplittingOutputStream.java
santuario/xml-security-java/trunk/src/main/resources/security-config.xml
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java?rev=1386786&r1=1386785&r2=1386786&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java Mon Sep 17 19:32:08 2012
@@ -140,6 +140,12 @@ public class XMLSec {
//@see http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-oaep-mgf1p
securityProperties.setEncryptionKeyTransportAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
}
+ if (securityProperties.getEncryptionKeyTransportDigestAlgorithm() == null) {
+ securityProperties.setEncryptionKeyTransportDigestAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1");
+ }
+ if (securityProperties.getEncryptionKeyTransportMGFAlgorithm() == null) {
+ securityProperties.setEncryptionKeyTransportMGFAlgorithm("http://www.w3.org/2009/xmlenc11#mgf1sha1");
+ }
if (securityProperties.getEncryptionSymAlgorithm() == null) {
securityProperties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#aes256-cbc");
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java?rev=1386786&r1=1386785&r2=1386786&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java Mon Sep 17 19:32:08 2012
@@ -65,7 +65,7 @@ public class XMLSecurityConstants {
}
try {
- setJaxbContext(JAXBContext.newInstance("org.apache.xml.security.binding.xmlenc:org.apache.xml.security.binding.xmldsig:org.apache.xml.security.binding.xmldsig11:org.apache.xml.security.binding.excc14n"));
+ setJaxbContext(JAXBContext.newInstance("org.apache.xml.security.binding.xmlenc:org.apache.xml.security.binding.xmlenc11:org.apache.xml.security.binding.xmldsig:org.apache.xml.security.binding.xmldsig11:org.apache.xml.security.binding.excc14n"));
SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
schemaFactory.setResourceResolver(new LSResourceResolver() {
@Override
@@ -99,6 +99,7 @@ public class XMLSecurityConstants {
new StreamSource(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("bindings/schemas/exc-c14n.xsd")),
new StreamSource(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("bindings/schemas/xmldsig-core-schema.xsd")),
new StreamSource(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("bindings/schemas/xenc-schema.xsd")),
+ new StreamSource(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("bindings/schemas/xenc-schema-11.xsd")),
new StreamSource(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("bindings/schemas/xmldsig11-schema.xsd")),
}
);
@@ -145,12 +146,13 @@ public class XMLSecurityConstants {
public static final String NS_XML = "http://www.w3.org/2000/xmlns/";
public static final String NS_XMLENC = "http://www.w3.org/2001/04/xmlenc#";
- public static final String NS_XMLENC11 = "http://www.w3.org/2009/xmlenc11";
+ public static final String NS_XMLENC11 = "http://www.w3.org/2009/xmlenc11#";
public static final String NS_DSIG = "http://www.w3.org/2000/09/xmldsig#";
public static final String NS_DSIG11 = "http://www.w3.org/2009/xmldsig11#";
public static final String NS_WSSE11 = "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
public static final String PREFIX_XENC = "xenc";
+ public static final String PREFIX_XENC11 = "xenc11";
public static final QName TAG_xenc_EncryptedKey = new QName(NS_XMLENC, "EncryptedKey", PREFIX_XENC);
public static final QName ATT_NULL_Id = new QName(null, "Id");
public static final QName ATT_NULL_Type = new QName(null, "Type");
@@ -160,6 +162,10 @@ public class XMLSecurityConstants {
public static final QName TAG_xenc_EncryptionMethod = new QName(NS_XMLENC, "EncryptionMethod", PREFIX_XENC);
public static final QName ATT_NULL_Algorithm = new QName(null, "Algorithm");
+ public static final QName TAG_xenc_OAEPparams = new QName(NS_XMLENC, "OAEPparams", PREFIX_XENC);
+
+ public static final QName TAG_xenc11_MGF = new QName(NS_XMLENC11, "MGF", PREFIX_XENC11);
+
public static final String PREFIX_DSIG = "dsig";
public static final QName TAG_dsig_KeyInfo = new QName(NS_DSIG, "KeyInfo", PREFIX_DSIG);
@@ -233,7 +239,14 @@ public class XMLSecurityConstants {
public static final String NS_XENC_AES256 = NS_XMLENC + "aes256-cbc";
public static final String NS_XENC11_AES256_GCM = NS_XMLENC11 + "aes256-gcm";
public static final String NS_XENC_RSA15 = NS_XMLENC + "rsa-1_5";
- public static final String NS_XENC_RSAOAEP = NS_XMLENC + "rsa-oaep-mgf1p";
+ public static final String NS_XENC_RSAOAEPMGF1P = NS_XMLENC + "rsa-oaep-mgf1p";
+ public static final String NS_XENC11_RSAOAEP = NS_XMLENC11 + "rsa-oaep";
+
+ public static final String NS_MGF1_SHA1 = NS_XMLENC11 + "mgf1sha1";
+ public static final String NS_MGF1_SHA224 = NS_XMLENC11 + "mgf1sha224";
+ public static final String NS_MGF1_SHA256 = NS_XMLENC11 + "mgf1sha256";
+ public static final String NS_MGF1_SHA384 = NS_XMLENC11 + "mgf1sha384";
+ public static final String NS_MGF1_SHA512 = NS_XMLENC11 + "mgf1sha512";
public static final String PREFIX_C14N_EXCL = "c14nEx";
public static final QName ATT_NULL_PrefixList = new QName(null, "PrefixList");
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityProperties.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityProperties.java?rev=1386786&r1=1386785&r2=1386786&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityProperties.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityProperties.java Mon Sep 17 19:32:08 2012
@@ -91,6 +91,9 @@ public class XMLSecurityProperties {
private String encryptionSymAlgorithm;
private String encryptionCompressionAlgorithm;
private String encryptionKeyTransportAlgorithm;
+ private String encryptionKeyTransportDigestAlgorithm;
+ private String encryptionKeyTransportMGFAlgorithm;
+ private byte[] encryptionKeyTransportOAEPParams;
private final List<SecurePart> encryptionParts = new LinkedList<SecurePart>();
private Key encryptionKey;
private Key encryptionTransportKey;
@@ -175,6 +178,30 @@ public class XMLSecurityProperties {
this.encryptionKeyTransportAlgorithm = encryptionKeyTransportAlgorithm;
}
+ public String getEncryptionKeyTransportDigestAlgorithm() {
+ return encryptionKeyTransportDigestAlgorithm;
+ }
+
+ public void setEncryptionKeyTransportDigestAlgorithm(String encryptionKeyTransportDigestAlgorithm) {
+ this.encryptionKeyTransportDigestAlgorithm = encryptionKeyTransportDigestAlgorithm;
+ }
+
+ public String getEncryptionKeyTransportMGFAlgorithm() {
+ return encryptionKeyTransportMGFAlgorithm;
+ }
+
+ public void setEncryptionKeyTransportMGFAlgorithm(String encryptionKeyTransportMGFAlgorithm) {
+ this.encryptionKeyTransportMGFAlgorithm = encryptionKeyTransportMGFAlgorithm;
+ }
+
+ public byte[] getEncryptionKeyTransportOAEPParams() {
+ return encryptionKeyTransportOAEPParams;
+ }
+
+ public void setEncryptionKeyTransportOAEPParams(byte[] encryptionKeyTransportOAEPParams) {
+ this.encryptionKeyTransportOAEPParams = encryptionKeyTransportOAEPParams;
+ }
+
public X509Certificate getEncryptionUseThisCertificate() {
return encryptionUseThisCertificate;
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java?rev=1386786&r1=1386785&r2=1386786&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java Mon Sep 17 19:32:08 2012
@@ -386,6 +386,12 @@ public abstract class AbstractDecryptInp
Cipher symCipher;
try {
AlgorithmType symEncAlgo = JCEAlgorithmMapper.getAlgorithmMapping(algorithmURI);
+ if (symEncAlgo == null) {
+ throw new XMLSecurityException(
+ XMLSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, "unsupportedKeyTransp",
+ "No such algorithm: " + algorithmURI
+ );
+ }
if (symEncAlgo.getJCEProvider() != null) {
symCipher = Cipher.getInstance(symEncAlgo.getJCEName(), symEncAlgo.getJCEProvider());
} else {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java?rev=1386786&r1=1386785&r2=1386786&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java Mon Sep 17 19:32:08 2012
@@ -18,28 +18,13 @@
*/
package org.apache.xml.security.stax.impl.processor.input;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.util.Deque;
-
-import javax.crypto.Cipher;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.SecretKeySpec;
-import javax.xml.bind.JAXBElement;
-
+import org.apache.xml.security.algorithms.JCEMapper;
+import org.apache.xml.security.binding.xmldsig.DigestMethodType;
import org.apache.xml.security.binding.xmldsig.KeyInfoType;
import org.apache.xml.security.binding.xmlenc.EncryptedKeyType;
+import org.apache.xml.security.binding.xmlenc11.MGFType;
import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
-import org.apache.xml.security.stax.ext.AbstractInputSecurityHeaderHandler;
-import org.apache.xml.security.stax.ext.InputProcessorChain;
-import org.apache.xml.security.stax.ext.SecurityContext;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.SecurityTokenProvider;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.ext.XMLSecurityException;
-import org.apache.xml.security.stax.ext.XMLSecurityProperties;
+import org.apache.xml.security.stax.ext.*;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
import org.apache.xml.security.stax.impl.securityToken.SecurityTokenFactory;
@@ -48,6 +33,16 @@ import org.apache.xml.security.stax.secu
import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
import org.xmlsecurity.ns.configuration.AlgorithmType;
+import javax.crypto.Cipher;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.OAEPParameterSpec;
+import javax.crypto.spec.PSource;
+import javax.crypto.spec.SecretKeySpec;
+import javax.xml.bind.JAXBElement;
+import java.security.*;
+import java.security.spec.MGF1ParameterSpec;
+import java.util.Deque;
+
/**
* An input handler for the EncryptedKey XML Structure
*
@@ -64,14 +59,14 @@ public class XMLEncryptedKeyInputHandler
((JAXBElement<EncryptedKeyType>) parseStructure(eventQueue, index, securityProperties)).getValue();
final XMLSecEvent responsibleXMLSecStartXMLEvent = getResponsibleStartXMLEvent(eventQueue, index);
-
+
handle(inputProcessorChain, encryptedKeyType, responsibleXMLSecStartXMLEvent, securityProperties);
}
-
- public void handle(final InputProcessorChain inputProcessorChain,
- final EncryptedKeyType encryptedKeyType,
- final XMLSecEvent responsibleXMLSecStartXMLEvent,
- final XMLSecurityProperties securityProperties) throws XMLSecurityException {
+
+ public void handle(final InputProcessorChain inputProcessorChain,
+ final EncryptedKeyType encryptedKeyType,
+ final XMLSecEvent responsibleXMLSecStartXMLEvent,
+ final XMLSecurityProperties securityProperties) throws XMLSecurityException {
if (encryptedKeyType.getEncryptionMethod() == null) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, "noEncAlgo");
@@ -153,8 +148,8 @@ public class XMLEncryptedKeyInputHandler
if (algorithmURI == null) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, "noEncAlgo");
}
- AlgorithmType asyncEncAlgo = JCEAlgorithmMapper.getAlgorithmMapping(algorithmURI);
- if (asyncEncAlgo == null) {
+ AlgorithmType encAlgo = JCEAlgorithmMapper.getAlgorithmMapping(algorithmURI);
+ if (encAlgo == null) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, "noEncAlgo");
}
@@ -168,18 +163,51 @@ public class XMLEncryptedKeyInputHandler
}
Cipher cipher;
- if (asyncEncAlgo.getJCEProvider() == null) {
- cipher = Cipher.getInstance(asyncEncAlgo.getJCEName());
+ if (encAlgo.getJCEProvider() == null) {
+ cipher = Cipher.getInstance(encAlgo.getJCEName());
+ } else {
+ cipher = Cipher.getInstance(encAlgo.getJCEName(), encAlgo.getJCEProvider());
+ }
+ if (XMLSecurityConstants.NS_XENC11_RSAOAEP.equals(algorithmURI) ||
+ XMLSecurityConstants.NS_XENC_RSAOAEPMGF1P.equals(algorithmURI)) {
+
+ final DigestMethodType digestMethodType =
+ XMLSecurityUtils.getQNameType(encryptedKeyType.getEncryptionMethod().getContent(), XMLSecurityConstants.TAG_dsig_DigestMethod);
+ String jceDigestAlgorithm = "SHA-1";
+ if (digestMethodType != null) {
+ jceDigestAlgorithm = JCEMapper.translateURItoJCEID(digestMethodType.getAlgorithm());
+ }
+
+ PSource.PSpecified pSource = PSource.PSpecified.DEFAULT;
+ final byte[] oaepParams =
+ XMLSecurityUtils.getQNameType(encryptedKeyType.getEncryptionMethod().getContent(), XMLSecurityConstants.TAG_xenc_OAEPparams);
+ if (oaepParams != null) {
+ pSource = new PSource.PSpecified(oaepParams);
+ }
+
+ MGF1ParameterSpec mgfParameterSpec = new MGF1ParameterSpec("SHA-1");
+ final MGFType mgfType =
+ XMLSecurityUtils.getQNameType(encryptedKeyType.getEncryptionMethod().getContent(), XMLSecurityConstants.TAG_xenc11_MGF);
+ if (mgfType != null) {
+ if (XMLSecurityConstants.NS_MGF1_SHA256.equals(mgfType.getAlgorithm())) {
+ mgfParameterSpec = new MGF1ParameterSpec("SHA-256");
+ } else if (XMLSecurityConstants.NS_MGF1_SHA384.equals(mgfType.getAlgorithm())) {
+ mgfParameterSpec = new MGF1ParameterSpec("SHA-384");
+ } else if (XMLSecurityConstants.NS_MGF1_SHA512.equals(mgfType.getAlgorithm())) {
+ mgfParameterSpec = new MGF1ParameterSpec("SHA-512");
+ }
+ }
+ OAEPParameterSpec oaepParameterSpec = new OAEPParameterSpec(jceDigestAlgorithm, "MGF1", mgfParameterSpec, pSource);
+ cipher.init(Cipher.UNWRAP_MODE, wrappingSecurityToken.getSecretKey(algorithmURI, keyUsage, correlationID), oaepParameterSpec);
} else {
- cipher = Cipher.getInstance(asyncEncAlgo.getJCEName(), asyncEncAlgo.getJCEProvider());
+ cipher.init(Cipher.UNWRAP_MODE, wrappingSecurityToken.getSecretKey(algorithmURI, keyUsage, correlationID));
}
- cipher.init(Cipher.UNWRAP_MODE, wrappingSecurityToken.getSecretKey(algorithmURI, keyUsage, correlationID));
if (encryptedKeyType.getCipherData() == null
|| encryptedKeyType.getCipherData().getCipherValue() == null) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY, "noCipher");
}
Key key = cipher.unwrap(encryptedKeyType.getCipherData().getCipherValue(),
- asyncEncAlgo.getJCEName(),
+ encAlgo.getJCEName(),
Cipher.SECRET_KEY);
return this.decryptedKey = key.getEncoded();
@@ -193,6 +221,11 @@ public class XMLEncryptedKeyInputHandler
XMLSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, "unsupportedKeyTransp",
e, "No such algorithm: " + algorithmURI
);
+ } catch (InvalidAlgorithmParameterException e) {
+ throw new XMLSecurityException(
+ XMLSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, "unsupportedKeyTransp",
+ e, "No such algorithm: " + algorithmURI
+ );
} catch (InvalidKeyException e) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
} catch (NoSuchProviderException e) {
@@ -216,7 +249,7 @@ public class XMLEncryptedKeyInputHandler
//fire a tokenSecurityEvent
TokenSecurityEvent tokenSecurityEvent = new EncryptedKeyTokenSecurityEvent();
- tokenSecurityEvent.setSecurityToken((SecurityToken)securityTokenProvider.getSecurityToken());
+ tokenSecurityEvent.setSecurityToken((SecurityToken) securityTokenProvider.getSecurityToken());
tokenSecurityEvent.setCorrelationID(encryptedKeyType.getId());
securityContext.registerSecurityEvent(tokenSecurityEvent);
@@ -230,10 +263,10 @@ public class XMLEncryptedKeyInputHandler
throws XMLSecurityException {
// do nothing
}
-
- protected void handleReferenceList(final InputProcessorChain inputProcessorChain,
- final EncryptedKeyType encryptedKeyType,
- final XMLSecurityProperties securityProperties) throws XMLSecurityException {
+
+ protected void handleReferenceList(final InputProcessorChain inputProcessorChain,
+ final EncryptedKeyType encryptedKeyType,
+ final XMLSecurityProperties securityProperties) throws XMLSecurityException {
// do nothing
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSecurityInputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSecurityInputProcessor.java?rev=1386786&r1=1386785&r2=1386786&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSecurityInputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSecurityInputProcessor.java Mon Sep 17 19:32:08 2012
@@ -127,6 +127,7 @@ public class XMLSecurityInputProcessor e
} while (!xmlSecEvent.isEndDocument());
//if we reach this state we didn't find a signature
+ //todo exception is wrong. We don't miss a signature when we are decrypting but we miss EncryptedData
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILURE, "missingSignature");
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java?rev=1386786&r1=1386785&r2=1386786&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java Mon Sep 17 19:32:08 2012
@@ -32,6 +32,7 @@ import org.apache.xml.security.stax.impl
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.IvParameterSpec;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLEventWriter;
import javax.xml.stream.XMLOutputFactory;
@@ -42,6 +43,7 @@ import java.io.IOException;
import java.io.OutputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
+import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
@@ -120,8 +122,17 @@ public abstract class AbstractEncryptOut
String jceAlgorithm = JCEAlgorithmMapper.translateURItoJCEID(securityProperties.getEncryptionSymAlgorithm());
Cipher symmetricCipher = Cipher.getInstance(jceAlgorithm);
+ // The Spec mandates a 96-bit IV for GCM algorithms
+ if ("AES/GCM/NoPadding".equals(symmetricCipher.getAlgorithm())) {
+ //todo we should extend the security-config.xml with an iv-length parameter
+ byte[] temp = new byte[12];
+ XMLSecurityConstants.secureRandom.nextBytes(temp);
+ IvParameterSpec ivParameterSpec = new IvParameterSpec(temp);
+ symmetricCipher.init(Cipher.ENCRYPT_MODE, encryptionPartDef.getSymmetricKey(), ivParameterSpec);
+ } else {
+ symmetricCipher.init(Cipher.ENCRYPT_MODE, encryptionPartDef.getSymmetricKey());
+ }
//Should internally generate an IV
- symmetricCipher.init(Cipher.ENCRYPT_MODE, encryptionPartDef.getSymmetricKey());
byte[] iv = symmetricCipher.getIV();
characterEventGeneratorOutputStream = new CharacterEventGeneratorOutputStream(getEncoding());
@@ -157,6 +168,8 @@ public abstract class AbstractEncryptOut
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
} catch (InvalidKeyException e) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
+ } catch (InvalidAlgorithmParameterException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
} catch (InvocationTargetException e) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILURE, e);
} catch (NoSuchMethodException e) {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java?rev=1386786&r1=1386785&r2=1386786&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java Mon Sep 17 19:32:08 2012
@@ -18,29 +18,12 @@
*/
package org.apache.xml.security.stax.impl.processor.output;
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.xml.stream.XMLStreamConstants;
-import javax.xml.stream.XMLStreamException;
-
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
-import org.apache.xml.security.stax.ext.OutputProcessorChain;
-import org.apache.xml.security.stax.ext.SecurePart;
-import org.apache.xml.security.stax.ext.SecurityTokenProvider;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.ext.XMLSecurityException;
+import org.apache.xml.security.stax.ext.*;
import org.apache.xml.security.stax.ext.stax.XMLSecAttribute;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
@@ -48,6 +31,20 @@ import org.apache.xml.security.stax.impl
import org.apache.xml.security.stax.impl.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.impl.util.IDGenerator;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.OAEPParameterSpec;
+import javax.crypto.spec.PSource;
+import javax.xml.stream.XMLStreamConstants;
+import javax.xml.stream.XMLStreamException;
+import java.io.IOException;
+import java.security.*;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.MGF1ParameterSpec;
+import java.util.ArrayList;
+import java.util.List;
+
/**
* Processor to encrypt XML structures
*
@@ -57,11 +54,11 @@ import org.apache.xml.security.stax.impl
public class XMLEncryptOutputProcessor extends AbstractEncryptOutputProcessor {
private static final transient Log logger = LogFactory.getLog(XMLEncryptOutputProcessor.class);
-
+
public XMLEncryptOutputProcessor() throws XMLSecurityException {
super();
}
-
+
@Override
public void processEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
if (xmlSecEvent.getEventType() == XMLStreamConstants.START_ELEMENT) {
@@ -84,7 +81,7 @@ public class XMLEncryptOutputProcessor e
encryptionPartDef.setKeyId(securityTokenProvider.getId());
encryptionPartDef.setSymmetricKey(securityToken.getSecretKey(getSecurityProperties().getEncryptionSymAlgorithm()));
outputProcessorChain.getSecurityContext().putAsList(EncryptionPartDef.class, encryptionPartDef);
-
+
internalEncryptionOutputProcessor =
createInternalEncryptionOutputProcessor(
encryptionPartDef, xmlSecStartElement,
@@ -94,7 +91,7 @@ public class XMLEncryptOutputProcessor e
internalEncryptionOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
internalEncryptionOutputProcessor.setAction(getAction());
internalEncryptionOutputProcessor.init(outputProcessorChain);
-
+
} catch (IOException e) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
}
@@ -106,102 +103,158 @@ public class XMLEncryptOutputProcessor e
outputProcessorChain.processEvent(xmlSecEvent);
}
-
+
/**
* Override this method to return a different AbstractInternalEncryptionOutputProcessor instance
* which will write out the KeyInfo contents in the EncryptedData.
*/
protected AbstractInternalEncryptionOutputProcessor createInternalEncryptionOutputProcessor(
- EncryptionPartDef encryptionPartDef,
- XMLSecStartElement startElement,
- String encoding,
- final OutboundSecurityToken keyWrappingToken
+ EncryptionPartDef encryptionPartDef,
+ XMLSecStartElement startElement,
+ String encoding,
+ final OutboundSecurityToken keyWrappingToken
) throws XMLStreamException, XMLSecurityException {
try {
- final AbstractInternalEncryptionOutputProcessor processor =
+ final AbstractInternalEncryptionOutputProcessor processor =
new AbstractInternalEncryptionOutputProcessor(encryptionPartDef,
- startElement,
- encoding) {
+ startElement,
+ encoding) {
- @Override
- protected void createKeyInfoStructure(OutputProcessorChain outputProcessorChain)
- throws XMLStreamException, XMLSecurityException {
- if (keyWrappingToken == null) {
- // Do not write out a KeyInfo element
- return;
- }
- PublicKey pubKey = keyWrappingToken.getPublicKey();
- Key secretKey = keyWrappingToken.getSecretKey(getSecurityProperties().getEncryptionKeyTransportAlgorithm());
- if (pubKey == null && secretKey == null) {
- // Do not write out a KeyInfo element
- return;
- }
-
- createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, true, null);
-
- List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
- String keyId = getEncryptionPartDef().getKeyId();
- if (keyId == null) {
- keyId = IDGenerator.generateID("EK");
- }
- attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Id, keyId));
- createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptedKey, true, attributes);
+ @Override
+ protected void createKeyInfoStructure(OutputProcessorChain outputProcessorChain)
+ throws XMLStreamException, XMLSecurityException {
+ if (keyWrappingToken == null) {
+ // Do not write out a KeyInfo element
+ return;
+ }
- attributes = new ArrayList<XMLSecAttribute>(1);
- attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, getSecurityProperties().getEncryptionKeyTransportAlgorithm()));
- createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptionMethod, false, attributes);
- createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptionMethod);
- createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherData, false, null);
- createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherValue, false, null);
+ final String encryptionKeyTransportAlgorithm = getSecurityProperties().getEncryptionKeyTransportAlgorithm();
- try {
- //encrypt the symmetric session key with the public key from the receiver:
- String jceid = JCEAlgorithmMapper.translateURItoJCEID(getSecurityProperties().getEncryptionKeyTransportAlgorithm());
- Cipher cipher = Cipher.getInstance(jceid);
- if (pubKey != null) {
- cipher.init(Cipher.WRAP_MODE, pubKey);
- } else {
- cipher.init(Cipher.WRAP_MODE, secretKey);
- }
+ PublicKey pubKey = keyWrappingToken.getPublicKey();
+ Key secretKey = keyWrappingToken.getSecretKey(encryptionKeyTransportAlgorithm);
+ if (pubKey == null && secretKey == null) {
+ // Do not write out a KeyInfo element
+ return;
+ }
- String tokenId = outputProcessorChain.getSecurityContext().get(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
- SecurityTokenProvider securityTokenProvider = outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, true, null);
- final OutboundSecurityToken securityToken = securityTokenProvider.getSecurityToken();
- Key ephemeralKey =
- securityToken.getSecretKey(getSecurityProperties().getEncryptionSymAlgorithm());
- if (pubKey != null) {
- int blockSize = cipher.getBlockSize();
- if (blockSize > 0 && blockSize < ephemeralKey.getEncoded().length) {
- throw new XMLSecurityException(
- XMLSecurityException.ErrorCode.FAILURE,
- "unsupportedKeyTransp",
- "public key algorithm too weak to encrypt symmetric key"
- );
+ List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
+ String keyId = getEncryptionPartDef().getKeyId();
+ if (keyId == null) {
+ keyId = IDGenerator.generateID("EK");
}
- }
- byte[] encryptedEphemeralKey = cipher.wrap(ephemeralKey);
+ attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Id, keyId));
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptedKey, true, attributes);
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(encryptedEphemeralKey));
+ attributes = new ArrayList<XMLSecAttribute>(1);
+ attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, encryptionKeyTransportAlgorithm));
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptionMethod, false, attributes);
+
+ final String encryptionKeyTransportMGFAlgorithm = getSecurityProperties().getEncryptionKeyTransportMGFAlgorithm();
+
+ if (XMLSecurityConstants.NS_XENC11_RSAOAEP.equals(encryptionKeyTransportAlgorithm) ||
+ XMLSecurityConstants.NS_XENC_RSAOAEPMGF1P.equals(encryptionKeyTransportAlgorithm)) {
+
+ byte[] oaepParams = getSecurityProperties().getEncryptionKeyTransportOAEPParams();
+ if (oaepParams != null) {
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_OAEPparams, false, null);
+ createCharactersAndOutputAsEvent(outputProcessorChain, Base64.encodeBase64String(oaepParams));
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_OAEPparams);
+ }
+
+ attributes = new ArrayList<XMLSecAttribute>(1);
+ attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, getSecurityProperties().getEncryptionKeyTransportDigestAlgorithm()));
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestMethod, true, attributes);
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestMethod);
+
+ attributes = new ArrayList<XMLSecAttribute>(1);
+ attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, encryptionKeyTransportMGFAlgorithm));
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc11_MGF, true, attributes);
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc11_MGF);
+ }
- } catch (NoSuchPaddingException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
- } catch (NoSuchAlgorithmException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
- } catch (InvalidKeyException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
- } catch (IllegalBlockSizeException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
- }
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptionMethod);
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherData, false, null);
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherValue, false, null);
+
+ try {
+ //encrypt the symmetric session key with the public key from the receiver:
+ String jceid = JCEAlgorithmMapper.translateURItoJCEID(encryptionKeyTransportAlgorithm);
+ Cipher cipher = Cipher.getInstance(jceid);
+
+ AlgorithmParameterSpec algorithmParameterSpec = null;
+ if (XMLSecurityConstants.NS_XENC11_RSAOAEP.equals(encryptionKeyTransportAlgorithm) ||
+ XMLSecurityConstants.NS_XENC_RSAOAEPMGF1P.equals(encryptionKeyTransportAlgorithm)) {
+
+ String jceDigestAlgorithm = JCEMapper.translateURItoJCEID(getSecurityProperties().getEncryptionKeyTransportDigestAlgorithm());
+
+ PSource.PSpecified pSource = PSource.PSpecified.DEFAULT;
+ byte[] oaepParams = getSecurityProperties().getEncryptionKeyTransportOAEPParams();
+ if (oaepParams != null) {
+ pSource = new PSource.PSpecified(oaepParams);
+ }
+
+ MGF1ParameterSpec mgfParameterSpec = null;
+
+ if (XMLSecurityConstants.NS_MGF1_SHA1.equals(encryptionKeyTransportMGFAlgorithm)) {
+ mgfParameterSpec = new MGF1ParameterSpec("SHA-1");
+ } else if (XMLSecurityConstants.NS_MGF1_SHA256.equals(encryptionKeyTransportMGFAlgorithm)) {
+ mgfParameterSpec = new MGF1ParameterSpec("SHA-256");
+ } else if (XMLSecurityConstants.NS_MGF1_SHA384.equals(encryptionKeyTransportMGFAlgorithm)) {
+ mgfParameterSpec = new MGF1ParameterSpec("SHA-384");
+ } else if (XMLSecurityConstants.NS_MGF1_SHA512.equals(encryptionKeyTransportMGFAlgorithm)) {
+ mgfParameterSpec = new MGF1ParameterSpec("SHA-512");
+ }
+ algorithmParameterSpec = new OAEPParameterSpec(jceDigestAlgorithm, "MGF1", mgfParameterSpec, pSource);
+ }
+
+ if (pubKey != null) {
+ cipher.init(Cipher.WRAP_MODE, pubKey, algorithmParameterSpec);
+ } else {
+ cipher.init(Cipher.WRAP_MODE, secretKey, algorithmParameterSpec);
+ }
+
+ String tokenId = outputProcessorChain.getSecurityContext().get(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
+ SecurityTokenProvider securityTokenProvider = outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
+
+ final OutboundSecurityToken securityToken = securityTokenProvider.getSecurityToken();
+ Key sessionKey =
+ securityToken.getSecretKey(getSecurityProperties().getEncryptionSymAlgorithm());
+ if (pubKey != null) {
+ int blockSize = cipher.getBlockSize();
+ if (blockSize > 0 && blockSize < sessionKey.getEncoded().length) {
+ throw new XMLSecurityException(
+ XMLSecurityException.ErrorCode.FAILURE,
+ "unsupportedKeyTransp",
+ "public key algorithm too weak to encrypt symmetric key"
+ );
+ }
+ }
+ byte[] encryptedEphemeralKey = cipher.wrap(sessionKey);
+
+ createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(encryptedEphemeralKey));
+
+ } catch (NoSuchPaddingException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
+ } catch (InvalidKeyException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
+ } catch (IllegalBlockSizeException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
+ } catch (InvalidAlgorithmParameterException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
+ }
- createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherValue);
- createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherData);
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherValue);
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherData);
- createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptedKey);
-
- createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
- }
- };
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptedKey);
+
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
+ }
+ };
return processor;
} catch (NoSuchAlgorithmException e) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
@@ -213,6 +266,4 @@ public class XMLEncryptOutputProcessor e
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
}
}
-
-
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/util/IVSplittingOutputStream.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/util/IVSplittingOutputStream.java?rev=1386786&r1=1386785&r2=1386786&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/util/IVSplittingOutputStream.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/util/IVSplittingOutputStream.java Mon Sep 17 19:32:08 2012
@@ -48,7 +48,12 @@ public class IVSplittingOutputStream ext
public IVSplittingOutputStream(OutputStream out, Cipher cipher, Key secretKey) {
super(out);
- ivLength = cipher.getBlockSize();
+ //todo we should extend the security-config.xml with an iv-length parameter
+ if ("AES/GCM/NoPadding".equals(cipher.getAlgorithm())) {
+ ivLength = 12;
+ } else {
+ ivLength = cipher.getBlockSize();
+ }
iv = new byte[ivLength];
this.cipher = cipher;
this.secretKey = secretKey;
Modified: santuario/xml-security-java/trunk/src/main/resources/security-config.xml
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/resources/security-config.xml?rev=1386786&r1=1386785&r2=1386786&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/resources/security-config.xml (original)
+++ santuario/xml-security-java/trunk/src/main/resources/security-config.xml Mon Sep 17 19:32:08 2012
@@ -289,6 +289,30 @@
RequiredKey="AES"
JCEName="AES/CBC/ISO10126Padding"/>
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#aes128-gcm"
+ Description="Block encryption using AES with a key length of 128 bit in GCM"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="128"
+ RequiredKey="AES"
+ JCEName="AES/GCM/NoPadding"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#aes192-gcm"
+ Description="Block encryption using AES with a key length of 192 bit in GCM"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="192"
+ RequiredKey="AES"
+ JCEName="AES/GCM/NoPadding"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#aes256-gcm"
+ Description="Block encryption using AES with a key length of 256 bit in GCM"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="256"
+ RequiredKey="AES"
+ JCEName="AES/GCM/NoPadding"/>
+
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
Description="Key Transport RSA-v1.5"
AlgorithmClass="KeyTransport"
@@ -303,6 +327,13 @@
RequiredKey="RSA"
JCEName="RSA/ECB/OAEPWithSHA1AndMGF1Padding"/>
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#rsa-oaep"
+ Description="Key Transport RSA-OAEP"
+ AlgorithmClass="KeyTransport"
+ RequirementLevel="OPTIONAL"
+ RequiredKey="RSA"
+ JCEName="RSA/ECB/OAEPPadding"/>
+
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#dh"
Description="Key Agreement Diffie-Hellman"
AlgorithmClass="KeyAgreement"