Author: coheigea
Date: Mon Jun 10 10:59:41 2013
New Revision: 1491411
URL: http://svn.apache.org/r1491411
Log:
Fixed an error in not validating EncryptionAlgorithms against the BSP spec when referenced
via an EncryptedKey.
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java?rev=1491411&r1=1491410&r2=1491411&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
Mon Jun 10 10:59:41 2013
@@ -439,6 +439,20 @@ public class EncryptedKeyProcessor imple
// Prepare the SecretKey object to decrypt EncryptedData
//
String symEncAlgo = X509Util.getEncAlgo(encryptedDataElement);
+
+ // EncryptionAlgorithm cannot be null
+ if (symEncAlgo == null) {
+ data.getBSPEnforcer().handleBSPRule(BSPRule.R5601);
+ }
+ // EncryptionAlgorithm must be 3DES, or AES128, or AES256
+ if (!WSConstants.TRIPLE_DES.equals(symEncAlgo)
+ && !WSConstants.AES_128.equals(symEncAlgo)
+ && !WSConstants.AES_128_GCM.equals(symEncAlgo)
+ && !WSConstants.AES_256.equals(symEncAlgo)
+ && !WSConstants.AES_256_GCM.equals(symEncAlgo)) {
+ data.getBSPEnforcer().handleBSPRule(BSPRule.R5620);
+ }
+
SecretKey symmetricKey = null;
try {
symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, decryptedData);
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java?rev=1491411&r1=1491410&r2=1491411&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java
Mon Jun 10 10:59:41 2013
@@ -180,6 +180,7 @@ public class EncryptionGCMTest extends o
RequestData requestData = new RequestData();
List<BSPRule> bspRules = new ArrayList<BSPRule>();
bspRules.add(BSPRule.R5621);
+ bspRules.add(BSPRule.R5620);
requestData.setIgnoredBSPRules(bspRules);
requestData.setCallbackHandler(handler);
requestData.setDecCrypto(crypto);
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java?rev=1491411&r1=1491410&r2=1491411&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
Mon Jun 10 10:59:41 2013
@@ -280,6 +280,7 @@ public abstract class AbstractTestBase {
ignoredRules.add(BSPRule.R5407);
ignoredRules.add(BSPRule.R5417);
ignoredRules.add(BSPRule.R3063);
+ ignoredRules.add(BSPRule.R5620);
ignoredRules.add(BSPRule.R5621);
//ignoredRules.add(BSPRule.R5215);
requestData.setIgnoredBSPRules(ignoredRules);
|