You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2014/11/24 12:21:22 UTC
svn commit: r1641364 -
/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
Author: coheigea
Date: Mon Nov 24 11:21:22 2014
New Revision: 1641364
URL: http://svn.apache.org/r1641364
Log:
[SANTUARIO-406] - RSA/ECB/OAEPWithSHA-256AndMGF1Padding not working. Thanks to Thomas Konstantinides for the patch.
Modified:
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/encryption/XMLCipher.java?rev=1641364&r1=1641363&r2=1641364&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/encryption/XMLCipher.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/encryption/XMLCipher.java Mon Nov 24 11:21:22 2014
@@ -1606,21 +1606,7 @@ public class XMLCipher {
} catch (NoSuchAlgorithmException nsae) {
// Check to see if an RSA OAEP MGF-1 with SHA-1 algorithm was requested
// Some JDKs don't support RSA/ECB/OAEPPadding
- if (XMLCipher.RSA_OAEP.equals(algorithm)
- && (digestAlgorithm == null
- || MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1.equals(digestAlgorithm))) {
- try {
- if (requestedJCEProvider == null) {
- c = Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding");
- } else {
- c = Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding", requestedJCEProvider);
- }
- } catch (Exception ex) {
- throw new XMLEncryptionException("empty", ex);
- }
- } else {
- throw new XMLEncryptionException("empty", nsae);
- }
+ c = constructCipher(algorithm, digestAlgorithm, nsae);
} catch (NoSuchProviderException nspre) {
throw new XMLEncryptionException("empty", nspre);
} catch (NoSuchPaddingException nspae) {
@@ -1629,6 +1615,57 @@ public class XMLCipher {
return c;
}
+
+ private Cipher constructCipher(String algorithm, String digestAlgorithm, Exception nsae) throws XMLEncryptionException {
+ if (!XMLCipher.RSA_OAEP.equals(algorithm)) {
+ throw new XMLEncryptionException("empty", nsae);
+ }
+
+ if (digestAlgorithm == null
+ || MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1.equals(digestAlgorithm)) {
+ try {
+ if (requestedJCEProvider == null) {
+ return Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding");
+ } else {
+ return Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding", requestedJCEProvider);
+ }
+ } catch (Exception ex) {
+ throw new XMLEncryptionException("empty", ex);
+ }
+ } else if (MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA256.equals(digestAlgorithm)) {
+ try {
+ if (requestedJCEProvider == null) {
+ return Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
+ } else {
+ return Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", requestedJCEProvider);
+ }
+ } catch (Exception ex) {
+ throw new XMLEncryptionException("empty", ex);
+ }
+ } else if (MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA384.equals(digestAlgorithm)) {
+ try {
+ if (requestedJCEProvider == null) {
+ return Cipher.getInstance("RSA/ECB/OAEPWithSHA-384AndMGF1Padding");
+ } else {
+ return Cipher.getInstance("RSA/ECB/OAEPWithSHA-384AndMGF1Padding", requestedJCEProvider);
+ }
+ } catch (Exception ex) {
+ throw new XMLEncryptionException("empty", ex);
+ }
+ } else if (MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA512.equals(digestAlgorithm)) {
+ try {
+ if (requestedJCEProvider == null) {
+ return Cipher.getInstance("RSA/ECB/OAEPWithSHA-512AndMGF1Padding");
+ } else {
+ return Cipher.getInstance("RSA/ECB/OAEPWithSHA-512AndMGF1Padding", requestedJCEProvider);
+ }
+ } catch (Exception ex) {
+ throw new XMLEncryptionException("empty", ex);
+ }
+ } else {
+ throw new XMLEncryptionException("empty", nsae);
+ }
+ }
/**
* Decrypt a key from a passed in EncryptedKey structure. This version