axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boris Dushanov (JIRA)" <j...@apache.org>
Subject [jira] [Created] (RAMPART-394) BindingBuilder.getEncryptedKeyBuilder() does not set symmetric encryption algorithm to the created WSSecEncryptedKey
Date Thu, 11 Oct 2012 12:49:02 GMT 
Boris Dushanov created RAMPART-394:
--------------------------------------

             Summary: BindingBuilder.getEncryptedKeyBuilder() does not set symmetric encryption
algorithm to the created WSSecEncryptedKey
                 Key: RAMPART-394
                 URL: https://issues.apache.org/jira/browse/RAMPART-394
             Project: Rampart
          Issue Type: Bug
          Components: rampart-core
    Affects Versions: 1.6.2
            Reporter: Boris Dushanov


Here are code snippets from BindingBuilder.getEncryptedKeyBuilder() before and after upgrade
to WSS4J version to 1.6.4.

Before:

WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
        
        try {
            RampartUtil.setKeyIdentifierType(rpd, encrKey, token);
            RampartUtil.setEncryptionUser(rmd, encrKey);
            encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength());
            encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
            
            encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader()));
            
            return encrKey;

After :

        WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
        
        
        try {
            RampartUtil.setKeyIdentifierType(rmd, encrKey, token);
            RampartUtil.setEncryptionUser(rmd, encrKey);

            //TODO we do not need to pass keysize as it is taken from algorithm it self -
verify-
            encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
            
            encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader()));


The problem is in not setting the symmetric key size to the encrypted key.By default WSSecEncryptedKey
 assumes it is AES_128 and does not care for the encryption in the RampartPolicyData.In my
specific case the expected encryption is 3DES which leads to throwing InvalidKeyException
because of a wrong key size.The size of 3DES is 192 bits but a 128bits AES key is created
instead.

I propose the following solution:

        WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
        
        
        try {
            RampartUtil.setKeyIdentifierType(rmd, encrKey, token);
            RampartUtil.setEncryptionUser(rmd, encrKey);

            encrKey.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
            encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
            
            encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader()));
            
            return encrKey;


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org
Mime
View raw message