ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1560669 - in /webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken: KerberosClientSecurityToken.java KerberosServiceSecurityTokenImpl.java
Date Thu, 23 Jan 2014 12:36:32 GMT
Author: coheigea
Date: Thu Jan 23 12:36:31 2014
New Revision: 1560669

URL: http://svn.apache.org/r1560669
Log:
Using the correct key length for Kerberos

Modified:
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java?rev=1560669&r1=1560668&r2=1560669&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java
Thu Jan 23 12:36:31 2014
@@ -21,12 +21,11 @@ package org.apache.wss4j.stax.impl.secur
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.kerberos.KerberosClientAction;
 import org.apache.wss4j.common.kerberos.KerberosContextAndServiceNameCallback;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
 import org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken;
 
-import javax.crypto.spec.SecretKeySpec;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
@@ -34,6 +33,7 @@ import javax.security.auth.callback.Unsu
 import javax.security.auth.kerberos.KerberosTicket;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
+
 import java.io.IOException;
 import java.security.Key;
 import java.security.Principal;
@@ -141,18 +141,7 @@ public class KerberosClientSecurityToken
 
         byte[] sk = this.secretKey.getEncoded();
 
-        String algoFamily = JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
-        int keyLength = JCEAlgorithmMapper.getKeyLengthFromURI(algorithmURI) / 8;
-        if (sk.length < keyLength) {
-            //normally we should throw an exception here because we don't have
-            //enough key material for the requested algorithm
-            //but I haven't found any documentation about how this case should be handled
-            //and the second thing is that we would need a kerberos key with minimum 160
bits
-            //to be able to sign with a more or less secure algo like hmacsha1
-            keyLength = sk.length;
-        }
-
-        key = new SecretKeySpec(sk, 0, keyLength, algoFamily);
+        key = KeyUtils.prepareSecretKey(algorithmURI, sk);
         setSecretKey(algorithmURI, key);
         return key;
     }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java?rev=1560669&r1=1560668&r2=1560669&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java
Thu Jan 23 12:36:31 2014
@@ -20,21 +20,21 @@ package org.apache.wss4j.stax.impl.secur
 
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.kerberos.*;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
 import org.apache.wss4j.stax.securityToken.KerberosServiceSecurityToken;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
 import org.apache.xml.security.stax.ext.XMLSecurityConstants;
 import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
 
-import javax.crypto.spec.SecretKeySpec;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
+
 import java.io.IOException;
 import java.security.Key;
 import java.security.Principal;
@@ -143,18 +143,7 @@ public class KerberosServiceSecurityToke
             throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN,
e);
         }
 
-        String algoFamily = JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
-        int keyLength = JCEAlgorithmMapper.getKeyLengthFromURI(algorithmURI) / 8;
-        if (sk.length < keyLength) {
-            //normally we should throw an exception here because we don't have
-            //enough key material for the requested algorithm
-            //but I haven't found any documentation about how this case should be handled
-            //and the second thing is that we would need a kerberos key with minimum 160
bits
-            //to be able to sign with a more or less secure algo like hmacsha1
-            keyLength = sk.length;
-        }
-
-        key = new SecretKeySpec(sk, 0, keyLength, algoFamily);
+        key = KeyUtils.prepareSecretKey(algorithmURI, sk);
         setSecretKey(algorithmURI, key);
         return key;
     }



Mime
View raw message