ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: TLS 1.2 support
Date Wed, 24 Aug 2016 12:39:58 GMT
MG>axis-rampart 1.6.2 implements <wss4j.version>1.6.4</wss4j.version>
MG>if i grep experimental branch wss4j-1.6.19 
MG>org.apache.ws.security.conversation.dkalgo.P_SHA1.java where P_SHA1 is TLS  V 1.0 implementation?/**
* <pre> P_SHA-1 DEFINITION ================== <b>P_SHA-1(secret, seed)</b>
= HMAC_SHA-1(secret, A(1) + seed) + HMAC_SHA-1(secret, A(2) + seed) + HMAC_SHA-1(secret, A(3)
+ seed) + ... <i>Where + indicates concatenation.</i> <br> A() is defined
as: A(0) = seed A(i) = HMAC_SHA-1(secret, A(i-1)) <br> <i>Source : RFC 2246 -
The TLS Protocol Version 1.0 Section 5. HMAC and the pseudorandom function</i> </pre>
* * @author Ruchith Fernando */
MG>org.apache.ws.security.saml.ext.builder.SAML1Constants.java seems to contain authentication
definition for RFC 2246 ?/**     * The authentication was performed using either the SSL or
TLS protocol with certificate      * based client authentication. TLS is described in [RFC
2246].     */    public static final String AUTH_METHOD_TLS_CLIENT = "urn:ietf:rfc:2246";MG>Nota
Bene: RFC2246 is TLS 1.0

MG>org.apache.ws.security.message.token.UsernameToken seems to implement P_hash function
for RFC 2246 (TLS v 1.0)?    /**     * P_hash as defined in RFC 2246 for TLS.     *      *
@param secret is the key for the HMAC     * @param seed the seed value to start the generation
- A(0)     * @param mac the HMAC algorithm     * @param required number of bytes to generate
    * @return a byte array that contains a secret key     * @throws Exception     */    private
static byte[] P_hash(        byte[] secret,         byte[] seed,         Mac mac,        
int required    ) throws Exception {        byte[] out = new byte[required];        int offset
= 0, tocpy;        byte[] a, tmp;        //        // a(0) is the seed        //        a
= seed;        SecretKeySpec key = new SecretKeySpec(secret, "HMACSHA1");        mac.init(key);
       while (required > 0) {            mac.update(a);            a = mac.doFinal(); 
          mac.update(a);            mac.update(seed);            tmp = mac.doFinal();    
       tocpy = min(required, tmp.length);            System.arraycopy(tmp, 0, out, offset,
tocpy);            offset += tocpy;            required -= tocpy;        }        return out;
   }
MG>axis2-1.6.2 has no mention of AUTH_METHOD_TLS_CLIENT
MG>assuming AUTH_METHOD_TLS_CLIENT  (referenced in SAMLTokenProcessor) defined in WSS4J
SAML1Constants for TLS v1.0
MG>would copying these RFC-2246  attributes/functions to RFC-5246 equivalents allow TLS
V1.2 could be implemented?

MG>Suggestions on implementing TLS V1.2 eagerly solicited


From: coheigea@apache.org
Date: Wed, 24 Aug 2016 09:55:46 +0100
Subject: Re: TLS 1.2 support
To: users@ws.apache.org

Apache WSS4J does not implement TLS at all, it is solely an implementation of the WS-Security
standards. Perhaps you want Apache CXF or Axis instead?

Colm.

On Fri, Aug 19, 2016 at 12:06 PM, Amit Lonkar <amitlonkar@yahoo.com> wrote:
Anyone who could let me know the answer to the question below ?
ThanksAmit

On Aug 18, 2016, at 5:16 AM, Martin Gainty <mgainty@hotmail.com> wrote:

"Could you please let me know which version of wss4j implements TLSv1.2 (rfc5246)"
Please honour this question

Thank You,
Martin
______________________________________________ 
 _____ _          _____             _          _____     ___ _                        _____
              _     _   _         
|_   _| |_ ___   |  _  |___ ___ ___| |_ ___   |   __|___|  _| |_ _ _ _ ___ ___ ___   |   __|___
_ _ ___ _| |___| |_|_|___ ___ 
  | | |   | -_|  |     | . | .'|  _|   | -_|  |__   | . |  _|  _| | | | .'|  _| -_|  |   __|
. | | |   | . | .'|  _| | . |   |
  |_| |_|_|___|  |__|__|  _|__,|___|_|_|___|  |_____|___|_| |_| |_____|__,|_| |___|  |__|
 |___|___|_|_|___|__,|_| |_|___|_|_|
                       |_|                                                               
                                    


From: amitlonkar@yahoo.com
Subject: TLS 1.2 support
Date: Tue, 16 Aug 2016 09:27:56 -0600
To: users@ws.apache.org

Could you please let me know which version of wss4j implements TLSv1.2 (rfc5246)
ThanksAmit


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
 		 	   		  
Mime
View raw message