[
https://issues.apache.org/jira/browse/CXF-8177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16988665#comment-16988665
]
Frederik Libert commented on CXF-8177:
--------------------------------------
{panel:title=Stacktrace}
java.lang.IllegalArgumentException: No enum constant
org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm.ECDH_ES
at java.lang.Enum.valueOf(Enum.java:238)
at
org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm.valueOf(KeyAlgorithm.java:25)
at
org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm.getAlgorithm(KeyAlgorithm.java:77)
at
org.apache.cxf.rs.security.jose.jwe.JweHeaders.getKeyEncryptionAlgorithm(JweHeaders.java:83)
...
{panel}
> JWE API does not support ECDH Direct Encryption/Decryption
> -----------------------------------------------------------
>
> Key: CXF-8177
> URL: https://issues.apache.org/jira/browse/CXF-8177
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 3.3.4
> Reporter: Frederik Libert
> Priority: Major
>
> Although the Apache CXF implementation of JWE supports ECDH Direct
> encryption/decryption, the API is not sufficiently open for it.
> A few problems:
> * KeyAlgorithm.getAlgorithm(String) does not support parsing ECDH
> * EcdhDirectKeyDecryptionAlgorithm is a private innerclass so cannot be used
> from the clientview perspective (different approach for different algorithms,
> why?)
> * EcdhDirectKeyJweDecryption makes an assumption that AES GCM is used
> without verifying (could be AES CBC as well)
> * JweUtils.getPrivateKeyDecryptionProvider(PrivateKey,KeyAlgorithm) makes
> an assumption that AESWrap is used in case of an EC Key without veryfing the
> KeyAlgorithm (could be Direct as well)
> The API should support proper handling of key algorithm between client and
> library and should verify what is given as input to decide which key and
> content decrypters to use.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
