[jira] [Commented] (RAMPART-394) BindingBuilder.getEncryptedKeyBuilder() does not set symmetric encryption algorithm to the created WSSecEncryptedKey

Suresh Attanayake (JIRA) Thu, 05 Sep 2013 09:21:25 -0700

    [ 
https://issues.apache.org/jira/browse/RAMPART-394?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13759198#comment-13759198
 ]


Suresh Attanayake commented on RAMPART-394:
-------------------------------------------

Fixed with https://issues.apache.org/jira/browse/RAMPART-287
                
> BindingBuilder.getEncryptedKeyBuilder() does not set symmetric encryption 
> algorithm to the created WSSecEncryptedKey
> --------------------------------------------------------------------------------------------------------------------
>
>                 Key: RAMPART-394
>                 URL: https://issues.apache.org/jira/browse/RAMPART-394
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>    Affects Versions: 1.6.2
>            Reporter: Boris Dushanov
>
> Here are code snippets from BindingBuilder.getEncryptedKeyBuilder() before 
> and after upgrade to WSS4J version to 1.6.4.
> Before:
> WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
>         
>         try {
>             RampartUtil.setKeyIdentifierType(rpd, encrKey, token);
>             RampartUtil.setEncryptionUser(rmd, encrKey);
>             
> encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength());
>             
> encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
>             
>             encrKey.prepare(doc, 
> RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), 
> rmd.getCustomClassLoader()));
>             
>             return encrKey;
> After :
>         WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
>         
>         
>         try {
>             RampartUtil.setKeyIdentifierType(rmd, encrKey, token);
>             RampartUtil.setEncryptionUser(rmd, encrKey);
>             //TODO we do not need to pass keysize as it is taken from 
> algorithm it self - verify-
>             
> encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
>             
>             encrKey.prepare(doc, 
> RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), 
> rmd.getCustomClassLoader()));
> The problem is in not setting the symmetric key size to the encrypted key.By 
> default WSSecEncryptedKey  assumes it is AES_128 and does not care for the 
> encryption in the RampartPolicyData.In my specific case the expected 
> encryption is 3DES which leads to throwing InvalidKeyException because of a 
> wrong key size.The size of 3DES is 192 bits but a 128bits AES key is created 
> instead.
> I propose the following solution:
>         WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
>         
>         
>         try {
>             RampartUtil.setKeyIdentifierType(rmd, encrKey, token);
>             RampartUtil.setEncryptionUser(rmd, encrKey);
>             
> encrKey.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
>             
> encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
>             
>             encrKey.prepare(doc, 
> RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), 
> rmd.getCustomClassLoader()));
>             
>             return encrKey;

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (RAMPART-394) BindingBuilder.getEncryptedKeyBuilder() does not set symmetric encryption algorithm to the created WSSecEncryptedKey

Reply via email to