[
https://issues.apache.org/jira/browse/CXF-8177?focusedWorklogId=355291&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-355291
]
ASF GitHub Bot logged work on CXF-8177:
---------------------------------------
Author: ASF GitHub Bot
Created on: 06/Dec/19 16:08
Start Date: 06/Dec/19 16:08
Worklog Time Spent: 10m
Work Description: frelibert commented on pull request #612: CXF-8177
CXF-8178 ECDH Algorithm Fixes
URL: https://github.com/apache/cxf/pull/612
Fixed:
- [CXF-8177] Support in API for encrypting/decrypting encryptionkey with
ECDH Direct Key Agreement
- [CXF-8177] Support in API for encrypting/decrypting encryptionkey with
ECDH Key Wrapping
- [CXF-8177] Support in API for encrypting/decrypting content with ECDH and
AESCBC
- [CXF-8178] DerivedKey algorithm for ECDH Key Agreement with Key Wrapping
according to the RFC
I added a testsuite I used myself in another project where I compare JWS and
JWE of multiple libraries to see whether or not they are compatible with each
other using algorithms as defined in RFC 7518 (JWA).
Quite some tests returned errors before my changes. Now they all pass. Some
of the tests could be fixed from the clientside perspective using other classes
to set key and content encryptionprovider. Others could not be fixed at all.
I prefer anyway to use one setup for all which makes it a lot easier from
the client's perspective. See the testclasses for this.
I updated operations in JweUtils for this purpose as some assumptions were
made in that class that are only compatible with a subset of the algorithms
that are actually supported by the codebase.
I also added better support for the case that the given JWK object does not
define an algorithm (which is optional, according to the spec).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 355291)
Remaining Estimate: 0h
Time Spent: 10m
> JWE API does not support ECDH Direct Encryption/Decryption
> -----------------------------------------------------------
>
> Key: CXF-8177
> URL: https://issues.apache.org/jira/browse/CXF-8177
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 3.3.4
> Reporter: Frederik Libert
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Although the Apache CXF implementation of JWE supports ECDH Direct
> encryption/decryption, the API is not sufficiently open for it.
> A few problems:
> * KeyAlgorithm.getAlgorithm(String) does not support parsing ECDH
> * EcdhDirectKeyDecryptionAlgorithm is a private innerclass so cannot be used
> from the clientview perspective (different approach for different algorithms,
> why?)
> * EcdhDirectKeyJweDecryption makes an assumption that AES GCM is used
> without verifying (could be AES CBC as well)
> * JweUtils.getPrivateKeyDecryptionProvider(PrivateKey,KeyAlgorithm) makes
> an assumption that AESWrap is used in case of an EC Key without veryfing the
> KeyAlgorithm (could be Direct as well)
> The API should support proper handling of key algorithm between client and
> library and should verify what is given as input to decide which key and
> content decrypters to use.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
