Re: [PR] SANTUARIO-511: Implementation of the Diffie-Hellman-ES key exchange for EC and XEC keys [santuario-xml-security-java]

Tue, 05 Dec 2023 08:03:05 -0800 


seanjmullan commented on code in PR #234:
URL: 
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1415718690


##########
src/main/java/org/apache/xml/security/keys/content/DEREncodedKeyValue.java:
##########
@@ -37,7 +37,9 @@
 public class DEREncodedKeyValue extends Signature11ElementProxy implements 
KeyInfoContent {
 
     /** JCA algorithm key types supported by this implementation. */
-    private static final String[] supportedKeyTypes = { "RSA", "DSA", "EC"};
+    private static final String[] supportedKeyTypes = { "RSA", "DSA", "EC",

Review Comment:
   What about "RSASSA-PSS" and "DiffieHellman"?



##########
src/main/java/org/apache/xml/security/utils/Encryption11ElementProxy.java:
##########
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.utils;
+
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Class Encryption11ElementProxy
+ *
+ */
+public abstract class Encryption11ElementProxy extends ElementProxy {
+
+    protected Encryption11ElementProxy() {
+    }
+
+    /**
+     * Constructor Encryption11ElementProxy
+     *
+     * @param doc
+     */
+    public Encryption11ElementProxy(Document doc) {
+        if (doc == null) {
+            throw new RuntimeException("Document is null");
+        }
+
+        setDocument(doc);
+        setElement(XMLUtils.createElementInEncryption11Space(doc, 
this.getBaseLocalName()));
+        String prefix = ElementProxy.getDefaultPrefix(this.getBaseNamespace());
+        if (prefix != null && prefix.length() > 0) {
+            getElement().setAttribute( "xmlns:" + prefix, 
this.getBaseNamespace());

Review Comment:
   remove extra space before `"xmlns:`



##########
src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties:
##########
@@ -108,6 +108,9 @@ KeyStore.alreadyRegistered = {0} Class has already been 
registered for {1}
 KeyStore.register = {1} type class register error in class {0}
 KeyStore.registerStore.register = Registration error for type {0}
 KeyValue.IllegalArgument = Cannot create a {0} from {1}
+KeyDerivation.ToShortParameter = To short parameter {0}
+KeyDerivation.InvalidParameter = Illegal parameter {0}

Review Comment:
   Suggest rewording as "Key derivation parameter {0} is illegal".



##########
src/main/java/org/apache/xml/security/keys/content/KeyValue.java:
##########
@@ -116,6 +116,20 @@ public KeyValue(Document doc, PublicKey pk) {
         }
     }
 
+    /**
+     * Method getPublicKey verifies that the key xml KeyValue encoding is 
supported for the given key type. If the
+     * encoding is supported, it returns true else false.
+     *
+     * @return the public key type can be KeyValue encoding is supported then 
it returns true else false
+     */
+    public static boolean isSupportedKeyType(PublicKey publicKey){

Review Comment:
   space before `{`.



##########
src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties:
##########
@@ -108,6 +108,9 @@ KeyStore.alreadyRegistered = {0} Class has already been 
registered for {1}
 KeyStore.register = {1} type class register error in class {0}
 KeyStore.registerStore.register = Registration error for type {0}
 KeyValue.IllegalArgument = Cannot create a {0} from {1}
+KeyDerivation.ToShortParameter = To short parameter {0}
+KeyDerivation.InvalidParameter = Illegal parameter {0}
+KeyDerivation.NotSupportedParameter = Not supported parameter value {0}

Review Comment:
   Suggest rewording as "Key derivation parameter {0} is not supported".



##########
src/main/java/org/apache/xml/security/encryption/params/ConcatKeyDerivationParameter.java:
##########
@@ -0,0 +1,96 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.encryption.params;
+
+import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
+import org.apache.xml.security.utils.EncryptionConstants;
+
+/**
+ * Class ConcatKeyDerivationParameter is used to specify parameters for the 
ConcatKDF key derivation algorithm.
+ * @see <A HREF="https://www.w3.org/TR/xmlenc-core1/#sec-ConcatKDF";>XML 
Encryption Syntax and Processing Version 1.1, 5.8.1
+ * The ConcatKDF Key Derivation Algorithm</A>
+ */
+public class ConcatKeyDerivationParameter extends KeyDerivationParameter {
+
+    private String digestAlgorithm;
+    private String algorithmID;
+    private String partyUInfo;
+    private String partyVInfo;
+    private String suppPubInfo;
+    private String suppPrivInfo;
+
+    /**
+     * Constructor ConcatKeyDerivationParameter with specified digest algorithm
+     *
+     * @param keyBitLength the length of the derived key in bits
+     * @param digestAlgorithm the digest algorithm to use
+     */
+    public ConcatKeyDerivationParameter(int keyBitLength, String 
digestAlgorithm) {
+        super(EncryptionConstants.ALGO_ID_KEYDERIVATION_CONCATKDF, 
keyBitLength);
+        setDigestAlgorithm(digestAlgorithm);
+    }
+
+    public String getDigestAlgorithm() {
+        return digestAlgorithm;
+    }
+
+    public final void setDigestAlgorithm(String digestAlgorithm) {

Review Comment:
   I think you should just copy the one line that sets the digest alg into the 
constructor or define a private method that sets the digest algorithm and then 
change the ctor and `setDigestAlgorithm` method to call that. Otherwise it 
looks odd to have one final method.



##########
src/main/java/org/apache/xml/security/encryption/params/KeyDerivationParameter.java:
##########
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.encryption.params;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * This class contains the basic parameters used for key derivation.
+ */
+public class KeyDerivationParameter implements AlgorithmParameterSpec {

Review Comment:
   Seems like it would be more suitable as an interface. Also, does 
implementing `AlgorithmParameterSpec` add any value?



##########
src/main/java/org/apache/xml/security/utils/EncryptionElementProxy.java:
##########
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.utils;
+
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Class EncryptionElementProxy
+ *
+ */
+public abstract class EncryptionElementProxy extends ElementProxy {
+
+    protected EncryptionElementProxy() {
+    }
+
+    /**
+     * Constructor EncryptionElementProxy
+     *
+     * @param doc the {@link Document} in which <code>Encryption 
Element</code> will be placed
+     */
+    public EncryptionElementProxy(Document doc) {
+        if (doc == null) {
+            throw new IllegalArgumentException("Document is null");
+        }
+
+        setDocument(doc);
+        setElement(XMLUtils.createElementInEncryptionSpace(doc, 
this.getBaseLocalName()));
+        String prefix = ElementProxy.getDefaultPrefix(this.getBaseNamespace());
+        if (prefix != null && !prefix.isEmpty()) {
+            getElement().setAttribute( "xmlns:" + prefix, 
this.getBaseNamespace());
+        }
+
+
+    }
+
+    /**
+     * Constructor Signature11ElementProxy

Review Comment:
   s/Signature11ElementProxy/EncryptionElementProxy/



##########
src/main/java/org/apache/xml/security/utils/EncryptionElementProxy.java:
##########
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.utils;
+
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Class EncryptionElementProxy
+ *
+ */
+public abstract class EncryptionElementProxy extends ElementProxy {
+
+    protected EncryptionElementProxy() {
+    }
+
+    /**
+     * Constructor EncryptionElementProxy
+     *
+     * @param doc the {@link Document} in which <code>Encryption 
Element</code> will be placed
+     */
+    public EncryptionElementProxy(Document doc) {
+        if (doc == null) {
+            throw new IllegalArgumentException("Document is null");
+        }
+
+        setDocument(doc);
+        setElement(XMLUtils.createElementInEncryptionSpace(doc, 
this.getBaseLocalName()));
+        String prefix = ElementProxy.getDefaultPrefix(this.getBaseNamespace());
+        if (prefix != null && !prefix.isEmpty()) {
+            getElement().setAttribute( "xmlns:" + prefix, 
this.getBaseNamespace());
+        }
+
+

Review Comment:
   remove extra blank lines



##########
src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties:
##########
@@ -108,6 +108,9 @@ KeyStore.alreadyRegistered = {0} Class has already been 
registered for {1}
 KeyStore.register = {1} type class register error in class {0}
 KeyStore.registerStore.register = Registration error for type {0}
 KeyValue.IllegalArgument = Cannot create a {0} from {1}
+KeyDerivation.ToShortParameter = To short parameter {0}

Review Comment:
   Should be "TooShort". Also suggest rewording this as "Key derivation 
parameter {0} is too short".



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to