ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1695243 - in /webservices/wss4j/trunk: ws-security-dom/src/main/java/org/apache/wss4j/dom/message/ ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/
Date Tue, 11 Aug 2015 10:55:35 GMT
Author: coheigea
Date: Tue Aug 11 10:55:35 2015
New Revision: 1695243

URL: http://svn.apache.org/r1695243
Log:
Don't process MGF algorithm unless the key transport algorithm is XENC11

Modified:
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java?rev=1695243&r1=1695242&r2=1695243&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
Tue Aug 11 10:55:35 2015
@@ -256,7 +256,7 @@ public class WSSecEncryptedKey extends W
                 }
 
                 MGF1ParameterSpec mgf1ParameterSpec = new MGF1ParameterSpec("SHA-1");
-                if (mgfAlgo != null) {
+                if (WSConstants.KEYTRANSPORT_RSAOEP_XENC11.equals(keyEncAlgo)) {
                     if (WSConstants.MGF_SHA224.equals(mgfAlgo)) {
                         mgf1ParameterSpec = new MGF1ParameterSpec("SHA-224");
                     } if (WSConstants.MGF_SHA256.equals(mgfAlgo)) {
@@ -562,7 +562,7 @@ public class WSSecEncryptedKey extends W
             digestElement.setAttributeNS(null, "Algorithm", digestAlgo);
             encryptionMethod.appendChild(digestElement);
         }
-        if (mgfAlgo != null) {
+        if (WSConstants.KEYTRANSPORT_RSAOEP_XENC11.equals(keyEncAlgo) && mgfAlgo
!= null) {
             Element mgfElement =
                 doc.createElementNS(WSConstants.ENC11_NS, WSConstants.ENC11_PREFIX + ":MGF");
             mgfElement.setAttributeNS(null, "Algorithm", mgfAlgo);

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java?rev=1695243&r1=1695242&r2=1695243&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
Tue Aug 11 10:55:35 2015
@@ -267,9 +267,9 @@ public class EncryptedKeyProcessor imple
                     jceDigestAlgorithm = JCEMapper.translateURItoJCEID(digestAlgorithm);
                 }
 
-                String mgfAlgorithm = EncryptionUtils.getMGFAlgorithm(encryptedKeyElement);
                 MGF1ParameterSpec mgfParameterSpec = new MGF1ParameterSpec("SHA-1");
-                if (mgfAlgorithm != null) {
+                if (WSConstants.KEYTRANSPORT_RSAOEP_XENC11.equals(encryptedKeyTransportMethod))
{
+                    String mgfAlgorithm = EncryptionUtils.getMGFAlgorithm(encryptedKeyElement);
                     if (WSConstants.MGF_SHA224.equals(mgfAlgorithm)) {
                         mgfParameterSpec = new MGF1ParameterSpec("SHA-224");
                     } else if (WSConstants.MGF_SHA256.equals(mgfAlgorithm)) {
@@ -289,8 +289,8 @@ public class EncryptedKeyProcessor imple
 
                 oaepParameterSpec = 
                     new OAEPParameterSpec(
-                                          jceDigestAlgorithm, "MGF1", mgfParameterSpec, pSource
-                        );
+                        jceDigestAlgorithm, "MGF1", mgfParameterSpec, pSource
+                    );
             }
             if (oaepParameterSpec == null) {
                 cipher.init(Cipher.UNWRAP_MODE, privateKey);
@@ -577,8 +577,9 @@ public class EncryptedKeyProcessor imple
         }
         
         // EncryptionAlgorithm must be RSA15, or RSAOEP.
-        if (!WSConstants.KEYTRANSPORT_RSA15.equals(encAlgo)
-            && !WSConstants.KEYTRANSPORT_RSAOEP.equals(encAlgo)) {
+        if (!(WSConstants.KEYTRANSPORT_RSA15.equals(encAlgo)
+            || WSConstants.KEYTRANSPORT_RSAOEP.equals(encAlgo)
+            || WSConstants.KEYTRANSPORT_RSAOEP_XENC11.equals(encAlgo))) {
             bspEnforcer.handleBSPRule(BSPRule.R5621);
         }
     }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java?rev=1695243&r1=1695242&r2=1695243&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java
Tue Aug 11 10:55:35 2015
@@ -103,8 +103,9 @@ public class WSSEncryptedKeyInputHandler
             securityContext.handleBSPRule(BSPRule.R5603);
         } else {
             String encryptionMethod = encryptionMethodType.getAlgorithm();
-            if (!WSSConstants.NS_XENC_RSA15.equals(encryptionMethod)
-                && !WSSConstants.NS_XENC_RSAOAEPMGF1P.equals(encryptionMethod)) {
+            if (!(WSSConstants.NS_XENC_RSA15.equals(encryptionMethod)
+                || WSSConstants.NS_XENC_RSAOAEPMGF1P.equals(encryptionMethod)
+                || WSSConstants.NS_XENC11_RSAOAEP.equals(encryptionMethod))) {
                 securityContext.handleBSPRule(BSPRule.R5621);
             }
         }



Mime
View raw message