You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2015/08/11 12:55:35 UTC
svn commit: r1695243 - in /webservices/wss4j/trunk:
ws-security-dom/src/main/java/org/apache/wss4j/dom/message/
ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/
ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/
Author: coheigea
Date: Tue Aug 11 10:55:35 2015
New Revision: 1695243
URL: http://svn.apache.org/r1695243
Log:
Don't process MGF algorithm unless the key transport algorithm is XENC11
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java?rev=1695243&r1=1695242&r2=1695243&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java Tue Aug 11 10:55:35 2015
@@ -256,7 +256,7 @@ public class WSSecEncryptedKey extends W
}
MGF1ParameterSpec mgf1ParameterSpec = new MGF1ParameterSpec("SHA-1");
- if (mgfAlgo != null) {
+ if (WSConstants.KEYTRANSPORT_RSAOEP_XENC11.equals(keyEncAlgo)) {
if (WSConstants.MGF_SHA224.equals(mgfAlgo)) {
mgf1ParameterSpec = new MGF1ParameterSpec("SHA-224");
} if (WSConstants.MGF_SHA256.equals(mgfAlgo)) {
@@ -562,7 +562,7 @@ public class WSSecEncryptedKey extends W
digestElement.setAttributeNS(null, "Algorithm", digestAlgo);
encryptionMethod.appendChild(digestElement);
}
- if (mgfAlgo != null) {
+ if (WSConstants.KEYTRANSPORT_RSAOEP_XENC11.equals(keyEncAlgo) && mgfAlgo != null) {
Element mgfElement =
doc.createElementNS(WSConstants.ENC11_NS, WSConstants.ENC11_PREFIX + ":MGF");
mgfElement.setAttributeNS(null, "Algorithm", mgfAlgo);
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java?rev=1695243&r1=1695242&r2=1695243&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java Tue Aug 11 10:55:35 2015
@@ -267,9 +267,9 @@ public class EncryptedKeyProcessor imple
jceDigestAlgorithm = JCEMapper.translateURItoJCEID(digestAlgorithm);
}
- String mgfAlgorithm = EncryptionUtils.getMGFAlgorithm(encryptedKeyElement);
MGF1ParameterSpec mgfParameterSpec = new MGF1ParameterSpec("SHA-1");
- if (mgfAlgorithm != null) {
+ if (WSConstants.KEYTRANSPORT_RSAOEP_XENC11.equals(encryptedKeyTransportMethod)) {
+ String mgfAlgorithm = EncryptionUtils.getMGFAlgorithm(encryptedKeyElement);
if (WSConstants.MGF_SHA224.equals(mgfAlgorithm)) {
mgfParameterSpec = new MGF1ParameterSpec("SHA-224");
} else if (WSConstants.MGF_SHA256.equals(mgfAlgorithm)) {
@@ -289,8 +289,8 @@ public class EncryptedKeyProcessor imple
oaepParameterSpec =
new OAEPParameterSpec(
- jceDigestAlgorithm, "MGF1", mgfParameterSpec, pSource
- );
+ jceDigestAlgorithm, "MGF1", mgfParameterSpec, pSource
+ );
}
if (oaepParameterSpec == null) {
cipher.init(Cipher.UNWRAP_MODE, privateKey);
@@ -577,8 +577,9 @@ public class EncryptedKeyProcessor imple
}
// EncryptionAlgorithm must be RSA15, or RSAOEP.
- if (!WSConstants.KEYTRANSPORT_RSA15.equals(encAlgo)
- && !WSConstants.KEYTRANSPORT_RSAOEP.equals(encAlgo)) {
+ if (!(WSConstants.KEYTRANSPORT_RSA15.equals(encAlgo)
+ || WSConstants.KEYTRANSPORT_RSAOEP.equals(encAlgo)
+ || WSConstants.KEYTRANSPORT_RSAOEP_XENC11.equals(encAlgo))) {
bspEnforcer.handleBSPRule(BSPRule.R5621);
}
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java?rev=1695243&r1=1695242&r2=1695243&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java Tue Aug 11 10:55:35 2015
@@ -103,8 +103,9 @@ public class WSSEncryptedKeyInputHandler
securityContext.handleBSPRule(BSPRule.R5603);
} else {
String encryptionMethod = encryptionMethodType.getAlgorithm();
- if (!WSSConstants.NS_XENC_RSA15.equals(encryptionMethod)
- && !WSSConstants.NS_XENC_RSAOAEPMGF1P.equals(encryptionMethod)) {
+ if (!(WSSConstants.NS_XENC_RSA15.equals(encryptionMethod)
+ || WSSConstants.NS_XENC_RSAOAEPMGF1P.equals(encryptionMethod)
+ || WSSConstants.NS_XENC11_RSAOAEP.equals(encryptionMethod))) {
securityContext.handleBSPRule(BSPRule.R5621);
}
}