ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1292757 - in /webservices/wss4j/trunk/src/main/java/org/apache/ws/security: WSConstants.java message/WSSecEncryptedKey.java processor/EncryptedKeyProcessor.java
Date Thu, 23 Feb 2012 11:59:03 GMT
Author: coheigea
Date: Thu Feb 23 11:59:03 2012
New Revision: 1292757

URL: http://svn.apache.org/viewvc?rev=1292757&view=rev
Log:
Fixing failing OAEP tests using the IBM JDK

Modified:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncryptedKey.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java?rev=1292757&r1=1292756&r2=1292757&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java Thu Feb
23 11:59:03 2012
@@ -101,6 +101,8 @@ public class WSConstants {
         "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
     public static final String AES_128_GCM = 
         "http://www.w3.org/2009/xmlenc11#aes128-gcm";
+    public static final String AES_192_GCM = 
+        "http://www.w3.org/2009/xmlenc11#aes192-gcm";
     public static final String AES_256_GCM = 
         "http://www.w3.org/2009/xmlenc11#aes256-gcm";
     public static final String DSA = 

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncryptedKey.java?rev=1292757&r1=1292756&r2=1292757&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncryptedKey.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncryptedKey.java
Thu Feb 23 11:59:03 2012
@@ -19,14 +19,18 @@
 
 package org.apache.ws.security.message;
 
+import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.X509Certificate;
+import java.security.spec.MGF1ParameterSpec;
 
 import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
+import javax.crypto.spec.OAEPParameterSpec;
+import javax.crypto.spec.PSource;
 
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSConfig;
@@ -227,11 +231,26 @@ public class WSSecEncryptedKey extends W
     ) throws WSSecurityException {
         Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
         try {
-            cipher.init(Cipher.WRAP_MODE, remoteCert);
+            OAEPParameterSpec oaepParameterSpec = null;
+            if (WSConstants.KEYTRANSPORT_RSAOEP.equals(keyEncAlgo)) {
+                oaepParameterSpec = 
+                    new OAEPParameterSpec(
+                        "SHA-1", "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT
+                    );
+            }
+            if (oaepParameterSpec == null) {
+                cipher.init(Cipher.WRAP_MODE, remoteCert);
+            } else {
+                cipher.init(Cipher.WRAP_MODE, remoteCert.getPublicKey(), oaepParameterSpec);
+            }
         } catch (InvalidKeyException e) {
             throw new WSSecurityException(
                 WSSecurityException.FAILED_ENCRYPTION, null, null, e
             );
+        } catch (InvalidAlgorithmParameterException e) {
+            throw new WSSecurityException(
+                WSSecurityException.FAILED_ENCRYPTION, null, null, e
+            );
         }
         int blockSize = cipher.getBlockSize();
         if (doDebug) {
@@ -396,7 +415,8 @@ public class WSSecEncryptedKey extends W
             if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)
                 || symEncAlgo.equalsIgnoreCase(WSConstants.AES_128_GCM)) {
                 keyGen.init(128);
-            } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)) {
+            } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)
+                || symEncAlgo.equalsIgnoreCase(WSConstants.AES_192_GCM)) {
                 keyGen.init(192);
             } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)
                 || symEncAlgo.equalsIgnoreCase(WSConstants.AES_256_GCM)) {

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=1292757&r1=1292756&r2=1292757&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
Thu Feb 23 11:59:03 2012
@@ -41,9 +41,12 @@ import org.w3c.dom.Text;
 import javax.crypto.Cipher;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
+import javax.crypto.spec.OAEPParameterSpec;
+import javax.crypto.spec.PSource;
 
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
+import java.security.spec.MGF1ParameterSpec;
 import java.util.ArrayList;
 import java.util.LinkedList;
 import java.util.List;
@@ -101,7 +104,18 @@ public class EncryptedKeyProcessor imple
 
         try {
             PrivateKey privateKey = data.getDecCrypto().getPrivateKey(certs[0], data.getCallbackHandler());
-            cipher.init(Cipher.DECRYPT_MODE, privateKey);
+            OAEPParameterSpec oaepParameterSpec = null;
+            if (WSConstants.KEYTRANSPORT_RSAOEP.equals(encryptedKeyTransportMethod)) {
+                oaepParameterSpec = 
+                    new OAEPParameterSpec(
+                        "SHA-1", "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT
+                    );
+            }
+            if (oaepParameterSpec == null) {
+                cipher.init(Cipher.DECRYPT_MODE, privateKey);
+            } else {
+                cipher.init(Cipher.DECRYPT_MODE, privateKey, oaepParameterSpec);
+            }
         } catch (Exception ex) {
             throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, ex);
         }



Mime
View raw message