[
https://issues.apache.org/jira/browse/CXF-4145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13265045#comment-13265045
]
Sergey Beryozkin commented on CXF-4145:
---------------------------------------
Right now I'm making the assumption that a given endpoint or a client will
support single key transport & symmetric enc algorithms, ex, it will only
support say 'http://www.w3.org/2009/xmlenc11#aes128-gcm' symmetric algo as
opposed to 'http://www.w3.org/2009/xmlenc11#aes128-gcm' &
'http://www.w3.org/2009/xmlenc11#aes128-cbc'; same for all the signature
properties.
This will also let me fix CXF-4146 by injecting the reference to the same
EncryptionProperties into in and out encryption handlers. Injecting it into the
in handler makes sure the restriction is enforced and the fact that the same
instance is referenced will make sure that the out handler will use the same
algorithms that the client used. Similarly for the signature properies. I think
it is reasonable at this early stage.
> Add the ability to restrict what algorithms were used for encryption/signature
> ------------------------------------------------------------------------------
>
> Key: CXF-4145
> URL: https://issues.apache.org/jira/browse/CXF-4145
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Reporter: Colm O hEigeartaigh
> Assignee: Sergey Beryozkin
> Fix For: 2.6.1, 2.5.4
>
>
> This task is to add some functionality on the inbound side to restrict what
> algorithms can be used by the client. Examples include the symmetric and Key
> Transport algorithms for encryption, and signature/c14n/digest algorithms for
> signature.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
