Re: [PR] Implementation of the HKDF derivation function [santuario-xml-security-java]

Sat, 27 Apr 2024 11:04:59 -0700 


jrihtarsic commented on code in PR #271:
URL: 
https://github.com/apache/santuario-xml-security-java/pull/271#discussion_r1581874128


##########
src/main/java/org/apache/xml/security/encryption/keys/content/derivedKey/KeyDerivationMethodImpl.java:
##########
@@ -71,29 +73,43 @@ public String getAlgorithm() {
         return getLocalAttribute(EncryptionConstants._ATT_ALGORITHM);
     }
 
-    public ConcatKDFParamsImpl getConcatKDFParams() throws 
XMLSecurityException {
 
-        if (concatKDFParams != null) {
-            return concatKDFParams;
-        }
+    @Override
+    public KDFParams getKDFParams() throws XMLSecurityException {
 
-        Element concatKDFParamsElement =
-                XMLUtils.selectXenc11Node(getElement().getFirstChild(), 
EncryptionConstants._TAG_CONCATKDFPARAMS, 0);
+        if (kdfParams != null) {
+            LOG.log(DEBUG, "Returning cached KDFParams");
+            return kdfParams;
+        }
 
-        if (concatKDFParamsElement == null) {
-            return null;
+        String kdfAlgorithm = getAlgorithm();
+        if 
(EncryptionConstants.ALGO_ID_KEYDERIVATION_CONCATKDF.equals(kdfAlgorithm)) {
+            Element concatKDFParamsElement =
+                    XMLUtils.selectXenc11Node(getElement().getFirstChild(),
+                            EncryptionConstants._TAG_CONCATKDFPARAMS, 0);
+            kdfParams = new ConcatKDFParamsImpl(concatKDFParamsElement, 
getBaseURI());
+        } else if 
(EncryptionConstants.ALGO_ID_KEYDERIVATION_HKDF.equals(kdfAlgorithm)) {
+            Element hkdfParamsElement =
+                    XMLUtils.selectNode(getElement().getFirstChild(),
+                            Constants.XML_DSIG_NS_MORE_21_04,
+                            EncryptionConstants._TAG_HKDFPARAMS, 0);
+            kdfParams = new HKDFParamsImpl(hkdfParamsElement, 
Constants.XML_DSIG_NS_MORE_07_05);
         }
-        concatKDFParams = new ConcatKDFParamsImpl(concatKDFParamsElement, 
getBaseURI());
 
-        return concatKDFParams;
+        return kdfParams;
     }
 
-    public void setConcatKDFParams(ConcatKDFParamsImpl concatKDFParams) {
-        this.concatKDFParams = concatKDFParams;
-        appendSelf(concatKDFParams);
-        addReturnToSelf();
+    public void setKDFParams(KDFParams kdfParams) {

Review Comment:
   Added the validation and if KDF Params are not supported and error is thrown.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@santuario.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to