[jira] [Created] (RAMPART-394) BindingBuilder.getEncryptedKeyBuilder() does not set symmetric encryption algorithm to the created WSSecEncryptedKey

Boris Dushanov (JIRA) Thu, 11 Oct 2012 05:49:11 -0700

Boris Dushanov created RAMPART-394:
--------------------------------------

             Summary: BindingBuilder.getEncryptedKeyBuilder() does not set 
symmetric encryption algorithm to the created WSSecEncryptedKey
                 Key: RAMPART-394
                 URL: https://issues.apache.org/jira/browse/RAMPART-394
             Project: Rampart
          Issue Type: Bug
          Components: rampart-core
    Affects Versions: 1.6.2
            Reporter: Boris Dushanov



Here are code snippets from BindingBuilder.getEncryptedKeyBuilder() before and 
after upgrade to WSS4J version to 1.6.4.

Before:

WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
        
        try {
            RampartUtil.setKeyIdentifierType(rpd, encrKey, token);
            RampartUtil.setEncryptionUser(rmd, encrKey);
            
encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength());
            
encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
            
            encrKey.prepare(doc, 
RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), 
rmd.getCustomClassLoader()));
            
            return encrKey;

After :

        WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
        
        
        try {
            RampartUtil.setKeyIdentifierType(rmd, encrKey, token);
            RampartUtil.setEncryptionUser(rmd, encrKey);

            //TODO we do not need to pass keysize as it is taken from algorithm 
it self - verify-
            
encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
            
            encrKey.prepare(doc, 
RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), 
rmd.getCustomClassLoader()));


The problem is in not setting the symmetric key size to the encrypted key.By 
default WSSecEncryptedKey  assumes it is AES_128 and does not care for the 
encryption in the RampartPolicyData.In my specific case the expected encryption 
is 3DES which leads to throwing InvalidKeyException because of a wrong key 
size.The size of 3DES is 192 bits but a 128bits AES key is created instead.

I propose the following solution:

        WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
        
        
        try {
            RampartUtil.setKeyIdentifierType(rmd, encrKey, token);
            RampartUtil.setEncryptionUser(rmd, encrKey);

            
encrKey.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
            
encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
            
            encrKey.prepare(doc, 
RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), 
rmd.getCustomClassLoader()));
            
            return encrKey;


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (RAMPART-394) BindingBuilder.getEncryptedKeyBuilder() does not set symmetric encryption algorithm to the created WSSecEncryptedKey

Reply via email to