ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1695244 - in /webservices/wss4j/branches/2_0_x-fixes: ws-security-dom/src/main/java/org/apache/wss4j/dom/message/ ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/proce...
Date Tue, 11 Aug 2015 11:03:02 GMT
Author: coheigea
Date: Tue Aug 11 11:03:01 2015
New Revision: 1695244

URL: http://svn.apache.org/r1695244
Log:
Don't process MGF algorithm unless the key transport algorithm is XENC11

Modified:
    webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
    webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
    webservices/wss4j/branches/2_0_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java?rev=1695244&r1=1695243&r2=1695244&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
Tue Aug 11 11:03:01 2015
@@ -269,7 +269,7 @@ public class WSSecEncryptedKey extends W
                 }
 
                 MGF1ParameterSpec mgf1ParameterSpec = new MGF1ParameterSpec("SHA-1");
-                if (mgfAlgo != null) {
+                if (WSConstants.KEYTRANSPORT_RSAOEP_XENC11.equals(keyEncAlgo)) {
                     if (WSConstants.MGF_SHA224.equals(mgfAlgo)) {
                         mgf1ParameterSpec = new MGF1ParameterSpec("SHA-224");
                     } if (WSConstants.MGF_SHA256.equals(mgfAlgo)) {
@@ -616,7 +616,7 @@ public class WSSecEncryptedKey extends W
             digestElement.setAttributeNS(null, "Algorithm", digestAlgo);
             encryptionMethod.appendChild(digestElement);
         }
-        if (mgfAlgo != null) {
+        if (WSConstants.KEYTRANSPORT_RSAOEP_XENC11.equals(keyEncAlgo) && mgfAlgo
!= null) {
             Element mgfElement =
                 doc.createElementNS(WSConstants.ENC11_NS, WSConstants.ENC11_PREFIX + ":MGF");
             mgfElement.setAttributeNS(null, "Algorithm", mgfAlgo);

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java?rev=1695244&r1=1695243&r2=1695244&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
Tue Aug 11 11:03:01 2015
@@ -247,9 +247,9 @@ public class EncryptedKeyProcessor imple
                     jceDigestAlgorithm = JCEMapper.translateURItoJCEID(digestAlgorithm);
                 }
 
-                String mgfAlgorithm = EncryptionUtils.getMGFAlgorithm(encryptedKeyElement);
                 MGF1ParameterSpec mgfParameterSpec = new MGF1ParameterSpec("SHA-1");
-                if (mgfAlgorithm != null) {
+                if (WSConstants.KEYTRANSPORT_RSAOEP_XENC11.equals(encryptedKeyTransportMethod))
{
+                    String mgfAlgorithm = EncryptionUtils.getMGFAlgorithm(encryptedKeyElement);
                     if (WSConstants.MGF_SHA224.equals(mgfAlgorithm)) {
                         mgfParameterSpec = new MGF1ParameterSpec("SHA-224");
                     } else if (WSConstants.MGF_SHA256.equals(mgfAlgorithm)) {
@@ -590,8 +590,9 @@ public class EncryptedKeyProcessor imple
         }
         
         // EncryptionAlgorithm must be RSA15, or RSAOEP.
-        if (!WSConstants.KEYTRANSPORT_RSA15.equals(encAlgo)
-            && !WSConstants.KEYTRANSPORT_RSAOEP.equals(encAlgo)) {
+        if (!(WSConstants.KEYTRANSPORT_RSA15.equals(encAlgo)
+            || WSConstants.KEYTRANSPORT_RSAOEP.equals(encAlgo)
+            || WSConstants.KEYTRANSPORT_RSAOEP_XENC11.equals(encAlgo))) {
             bspEnforcer.handleBSPRule(BSPRule.R5621);
         }
     }

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java?rev=1695244&r1=1695243&r2=1695244&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java
Tue Aug 11 11:03:01 2015
@@ -103,8 +103,9 @@ public class WSSEncryptedKeyInputHandler
             securityContext.handleBSPRule(BSPRule.R5603);
         } else {
             String encryptionMethod = encryptionMethodType.getAlgorithm();
-            if (!WSSConstants.NS_XENC_RSA15.equals(encryptionMethod)
-                && !WSSConstants.NS_XENC_RSAOAEPMGF1P.equals(encryptionMethod)) {
+            if (!(WSSConstants.NS_XENC_RSA15.equals(encryptionMethod)
+                || WSSConstants.NS_XENC_RSAOAEPMGF1P.equals(encryptionMethod)
+                || WSSConstants.NS_XENC11_RSAOAEP.equals(encryptionMethod))) {
                 securityContext.handleBSPRule(BSPRule.R5621);
             }
         }



Mime
View raw message