ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1491411 - in /webservices/wss4j/trunk: ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ ws-security-stax/src/test/java/org/apache/wss4j/stax/test/
Date Mon, 10 Jun 2013 10:59:41 GMT
Author: coheigea
Date: Mon Jun 10 10:59:41 2013
New Revision: 1491411

URL: http://svn.apache.org/r1491411
Log:
Fixed an error in not validating EncryptionAlgorithms against the BSP spec when referenced
via an EncryptedKey.

Modified:
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java?rev=1491411&r1=1491410&r2=1491411&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
Mon Jun 10 10:59:41 2013
@@ -439,6 +439,20 @@ public class EncryptedKeyProcessor imple
         // Prepare the SecretKey object to decrypt EncryptedData
         //
         String symEncAlgo = X509Util.getEncAlgo(encryptedDataElement);
+        
+        // EncryptionAlgorithm cannot be null
+        if (symEncAlgo == null) {
+            data.getBSPEnforcer().handleBSPRule(BSPRule.R5601);
+        }
+        // EncryptionAlgorithm must be 3DES, or AES128, or AES256
+        if (!WSConstants.TRIPLE_DES.equals(symEncAlgo)
+            && !WSConstants.AES_128.equals(symEncAlgo)
+            && !WSConstants.AES_128_GCM.equals(symEncAlgo)
+            && !WSConstants.AES_256.equals(symEncAlgo)
+            && !WSConstants.AES_256_GCM.equals(symEncAlgo)) {
+            data.getBSPEnforcer().handleBSPRule(BSPRule.R5620);
+        }
+        
         SecretKey symmetricKey = null;
         try {
             symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, decryptedData);

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java?rev=1491411&r1=1491410&r2=1491411&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java
Mon Jun 10 10:59:41 2013
@@ -180,6 +180,7 @@ public class EncryptionGCMTest extends o
         RequestData requestData = new RequestData();
         List<BSPRule> bspRules = new ArrayList<BSPRule>();
         bspRules.add(BSPRule.R5621);
+        bspRules.add(BSPRule.R5620);
         requestData.setIgnoredBSPRules(bspRules);
         requestData.setCallbackHandler(handler);
         requestData.setDecCrypto(crypto);

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java?rev=1491411&r1=1491410&r2=1491411&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
Mon Jun 10 10:59:41 2013
@@ -280,6 +280,7 @@ public abstract class AbstractTestBase {
         ignoredRules.add(BSPRule.R5407);
         ignoredRules.add(BSPRule.R5417);
         ignoredRules.add(BSPRule.R3063);
+        ignoredRules.add(BSPRule.R5620);
         ignoredRules.add(BSPRule.R5621);
         //ignoredRules.add(BSPRule.R5215);
         requestData.setIgnoredBSPRules(ignoredRules);



Mime
View raw message