[PATCH] WSEncryptBody

[Dimuthu Leelarathne <mu...@opensource.lk>]

Hi All,

I want to commit the code that handled DerivedKey/SCT encryption (for
WS Secure Conversation). I want your ideas on this issue.

Wss4j currently supports only keyName element inside the
EncryptedData/xenc:KeyInfo/KeyName (Look at the line 598 of
WSEncryptBody).
But I need KeyInfo/SecurityTokenReference inside the EncryptedData.

So why do I need it?

The WS-Sec Conversation specification says "The SCT token does not
support references to it using key identifiers or key names. All
references MUST either use an ID (to a wsu:Id attribute) or a
<wsse:Reference> to the <wsc:Identifier> element." (Please refer the
example on the page 8).

I can have two approaches to supporting my requirement.

1) Rewriting the whole method in WSEncryptBody with minor changes -
basically here we are reinventing the wheel. Here WS-Security and WS
SecConv will have a clear line.

2) Or introducing a small patch as given in the attachment. I have
implemented this approach right now at the encryption side. I will have
to handle it at WSSecurityEngine.

I am open to either of the above choices. I am not sure which decision
to make?

Any comment is really helpful.

Regards,
Dimuthu.
-- 
Lanka Software Foundation  http://www.opensource.lk