[
https://issues.apache.org/jira/browse/AXIS2-2018?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Deepal Jayasinghe reassigned AXIS2-2018:
----------------------------------------
Assignee: Ruchith Udayanga Fernando
> RAMPART : Incoming policy validation of Bulk Encryption Algorithms.
> -------------------------------------------------------------------
>
> Key: AXIS2-2018
> URL: https://issues.apache.org/jira/browse/AXIS2-2018
> Project: Apache Axis 2.0 (Axis2)
> Issue Type: Bug
> Components: modules
> Reporter: Hans G Knudsen
> Assigned To: Ruchith Udayanga Fernando
>
> Hi!
> Rampart does not seem to validate the bulk encryption algorithm on an
> incoming message againts the algorithm specified in the policy.
> eg
> when <sp:Basic256/> / <sp:Basic256Rsa15/> is specified - check that received
> algorithm url is http://www.w3.org/2001/04/xmlenc#aes256-cbc
> - same for 128 + 192 bit aes..
> when <sp:TripleDes> -> http://www.w3.org/2001/04/xmlenc#tripledes-cbc
>
> Would it conform to WS-standards to make these checks/validations ??
> The needed information from the received messages is not collected by WSS4J /
> WSSecurityEngineResult, and the original encrypted parts has been
> decrypted/replaced when reaching PolicyBasedResultsValidator, so a few
> changes would be needed...
> Should I add a "Collect Encryption algs for Encrypted Parts" on WSS4J issue :
> https://issues.apache.org/jira/browse/WSS-57 ??
> /hans
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
