axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Suresh Attanayake (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RAMPART-394) BindingBuilder.getEncryptedKeyBuilder() does not set symmetric encryption algorithm to the created WSSecEncryptedKey
Date Thu, 05 Sep 2013 16:20:56 GMT

    [ https://issues.apache.org/jira/browse/RAMPART-394?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13759198#comment-13759198
] 

Suresh Attanayake commented on RAMPART-394:
-------------------------------------------

Fixed with https://issues.apache.org/jira/browse/RAMPART-287
                
> BindingBuilder.getEncryptedKeyBuilder() does not set symmetric encryption algorithm to
the created WSSecEncryptedKey
> --------------------------------------------------------------------------------------------------------------------
>
>                 Key: RAMPART-394
>                 URL: https://issues.apache.org/jira/browse/RAMPART-394
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>    Affects Versions: 1.6.2
>            Reporter: Boris Dushanov
>
> Here are code snippets from BindingBuilder.getEncryptedKeyBuilder() before and after
upgrade to WSS4J version to 1.6.4.
> Before:
> WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
>         
>         try {
>             RampartUtil.setKeyIdentifierType(rpd, encrKey, token);
>             RampartUtil.setEncryptionUser(rmd, encrKey);
>             encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength());
>             encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
>             
>             encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(),
rmd.getCustomClassLoader()));
>             
>             return encrKey;
> After :
>         WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
>         
>         
>         try {
>             RampartUtil.setKeyIdentifierType(rmd, encrKey, token);
>             RampartUtil.setEncryptionUser(rmd, encrKey);
>             //TODO we do not need to pass keysize as it is taken from algorithm it self
- verify-
>             encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
>             
>             encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(),
rmd.getCustomClassLoader()));
> The problem is in not setting the symmetric key size to the encrypted key.By default
WSSecEncryptedKey  assumes it is AES_128 and does not care for the encryption in the RampartPolicyData.In
my specific case the expected encryption is 3DES which leads to throwing InvalidKeyException
because of a wrong key size.The size of 3DES is 192 bits but a 128bits AES key is created
instead.
> I propose the following solution:
>         WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
>         
>         
>         try {
>             RampartUtil.setKeyIdentifierType(rmd, encrKey, token);
>             RampartUtil.setEncryptionUser(rmd, encrKey);
>             encrKey.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
>             encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
>             
>             encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(),
rmd.getCustomClassLoader()));
>             
>             return encrKey;

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message