ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1202202 - /webservices/wss4j/trunk/src/main/java/org/apache/ws/security/util/WSSecurityUtil.java
Date Tue, 15 Nov 2011 14:17:57 GMT
Author: coheigea
Date: Tue Nov 15 14:17:57 2011
New Revision: 1202202

URL: http://svn.apache.org/viewvc?rev=1202202&view=rev
Log:
Adding a key length check to WSSecurityUtil.prepareSecretKey

Modified:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/util/WSSecurityUtil.java

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/util/WSSecurityUtil.java?rev=1202202&r1=1202201&r2=1202202&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/util/WSSecurityUtil.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/util/WSSecurityUtil.java
Tue Nov 15 14:17:57 2011
@@ -762,9 +762,27 @@ public class WSSecurityUtil {
      * Convert the raw key bytes into a SecretKey object of type symEncAlgo.
      */
     public static SecretKey prepareSecretKey(String symEncAlgo, byte[] rawKey) {
-        SecretKeySpec keySpec = 
-            new SecretKeySpec(rawKey, JCEMapper.getJCEKeyAlgorithmFromURI(symEncAlgo));
-        return (SecretKey) keySpec;
+        // Do an additional check on the keysize required by the encryption algorithm
+        int size = 0;
+        try {
+            size = JCEMapper.getKeyLengthFromURI(symEncAlgo) / 8;
+        } catch (Exception e) {
+            // ignore - some unknown (to JCEMapper) encryption algorithm
+            if (log.isDebugEnabled()) {
+                log.debug(e.getMessage());
+            }
+        }
+        String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(symEncAlgo);
+        SecretKeySpec keySpec;
+        if (size > 0) {
+            keySpec = 
+                new SecretKeySpec(
+                    rawKey, 0, ((rawKey.length > size) ? size : rawKey.length), keyAlgorithm
+                );
+        } else {
+            keySpec = new SecretKeySpec(rawKey, keyAlgorithm);
+        }
+        return (SecretKey)keySpec;
     }
 
 



Mime
View raw message