[jira] [Issue Comment Edited] (CXF-4145) Add the ability to restrict what algorithms were used for encryption/signature

[Sergey Beryozkin (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CXF-4145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13265045#comment-13265045
 ] 

Sergey Beryozkin edited comment on CXF-4145 at 4/30/12 5:41 PM:
----------------------------------------------------------------

Right now I'm making the assumption that a given endpoint or a client will 
support single key transport & symmetric enc algorithms, ex, it will only 
support say 'http://www.w3.org/2009/xmlenc11#aes128-gcm' symmetric algo as 
opposed to 'http://www.w3.org/2009/xmlenc11#aes128-gcm' &  
'http://www.w3.org/2009/xmlenc11#aes128-cbc'; same for all the signature 
properties.

This will also let me fix CXF-4146 by injecting the reference to the same 
EncryptionProperties into in and out encryption handlers. Injecting it into the 
in handler makes sure the restriction is enforced and the fact that the same 
instance is referenced will make sure that the out handler will use the same 
algorithms that the client used. Similarly for the signature properties. I 
think it is reasonable at this early stage.
                
      was (Author: sergey_beryozkin):
    Right now I'm making the assumption that a given endpoint or a client will 
support single key transport & symmetric enc algorithms, ex, it will only 
support say 'http://www.w3.org/2009/xmlenc11#aes128-gcm' symmetric algo as 
opposed to 'http://www.w3.org/2009/xmlenc11#aes128-gcm' &  
'http://www.w3.org/2009/xmlenc11#aes128-cbc'; same for all the signature 
properties.

This will also let me fix CXF-4146 by injecting the reference to the same 
EncryptionProperties into in and out encryption handlers. Injecting it into the 
in handler makes sure the restriction is enforced and the fact that the same 
instance is referenced will make sure that the out handler will use the same 
algorithms that the client used. Similarly for the signature properies. I think 
it is reasonable at this early stage.
                  
> Add the ability to restrict what algorithms were used for encryption/signature
> ------------------------------------------------------------------------------
>
>                 Key: CXF-4145
>                 URL: https://issues.apache.org/jira/browse/CXF-4145
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>            Reporter: Colm O hEigeartaigh
>            Assignee: Sergey Beryozkin
>             Fix For: 2.6.1, 2.5.4
>
>
> This task is to add some functionality on the inbound side to restrict what 
> algorithms can be used by the client. Examples include the symmetric and Key 
> Transport algorithms for encryption, and signature/c14n/digest algorithms for 
> signature. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira