MG>axis-rampart 1.6.2 implements <wss4j.version>1.6.4</wss4j.version>
MG>if i grep experimental branch wss4j-1.6.19
MG>org.apache.ws.security.conversation.dkalgo.P_SHA1.java where P_SHA1 is TLS
V 1.0 implementation?/** * <pre> P_SHA-1 DEFINITION ==================
<b>P_SHA-1(secret, seed)</b> = HMAC_SHA-1(secret, A(1) + seed) +
HMAC_SHA-1(secret, A(2) + seed) + HMAC_SHA-1(secret, A(3) + seed) + ...
<i>Where + indicates concatenation.</i> <br> A() is defined as: A(0) = seed
A(i) = HMAC_SHA-1(secret, A(i-1)) <br> <i>Source : RFC 2246 - The TLS Protocol
Version 1.0 Section 5. HMAC and the pseudorandom function</i> </pre> * *
@author Ruchith Fernando */
MG>org.apache.ws.security.saml.ext.builder.SAML1Constants.java seems to contain
authentication definition for RFC 2246 ?/** * The authentication was
performed using either the SSL or TLS protocol with certificate * based
client authentication. TLS is described in [RFC 2246]. */ public static
final String AUTH_METHOD_TLS_CLIENT = "urn:ietf:rfc:2246";MG>Nota Bene: RFC2246
is TLS 1.0
MG>org.apache.ws.security.message.token.UsernameToken seems to implement P_hash
function for RFC 2246 (TLS v 1.0)? /** * P_hash as defined in RFC 2246
for TLS. * * @param secret is the key for the HMAC * @param seed
the seed value to start the generation - A(0) * @param mac the HMAC
algorithm * @param required number of bytes to generate * @return a
byte array that contains a secret key * @throws Exception */ private
static byte[] P_hash( byte[] secret, byte[] seed, Mac
mac, int required ) throws Exception { byte[] out = new
byte[required]; int offset = 0, tocpy; byte[] a, tmp; //
// a(0) is the seed // a = seed; SecretKeySpec key =
new SecretKeySpec(secret, "HMACSHA1"); mac.init(key); while
(required > 0) { mac.update(a); a = mac.doFinal();
mac.update(a); mac.update(seed); tmp = mac.doFinal();
tocpy = min(required, tmp.length); System.arraycopy(tmp,
0, out, offset, tocpy); offset += tocpy; required -=
tocpy; } return out; }
MG>axis2-1.6.2 has no mention of AUTH_METHOD_TLS_CLIENT
MG>assuming AUTH_METHOD_TLS_CLIENT (referenced in SAMLTokenProcessor) defined
in WSS4J SAML1Constants for TLS v1.0
MG>would copying these RFC-2246 attributes/functions to RFC-5246 equivalents
allow TLS V1.2 could be implemented?
MG>Suggestions on implementing TLS V1.2 eagerly solicited
From: [email protected]
Date: Wed, 24 Aug 2016 09:55:46 +0100
Subject: Re: TLS 1.2 support
To: [email protected]
Apache WSS4J does not implement TLS at all, it is solely an implementation of
the WS-Security standards. Perhaps you want Apache CXF or Axis instead?
Colm.
On Fri, Aug 19, 2016 at 12:06 PM, Amit Lonkar <[email protected]> wrote:
Anyone who could let me know the answer to the question below ?
ThanksAmit
On Aug 18, 2016, at 5:16 AM, Martin Gainty <[email protected]> wrote:
"Could you please let me know which version of wss4j implements TLSv1.2
(rfc5246)"
Please honour this question
Thank You,
Martin
______________________________________________
_____ _ _____ _ _____ ___ _
_____ _ _ _
|_ _| |_ ___ | _ |___ ___ ___| |_ ___ | __|___| _| |_ _ _ _ ___ ___
___ | __|___ _ _ ___ _| |___| |_|_|___ ___
| | | | -_| | | . | .'| _| | -_| |__ | . | _| _| | | | .'| _|
-_| | __| . | | | | . | .'| _| | . | |
|_| |_|_|___| |__|__| _|__,|___|_|_|___| |_____|___|_| |_| |_____|__,|_|
|___| |__| |___|___|_|_|___|__,|_| |_|___|_|_|
|_|
From: [email protected]
Subject: TLS 1.2 support
Date: Tue, 16 Aug 2016 09:27:56 -0600
To: [email protected]
Could you please let me know which version of wss4j implements TLSv1.2 (rfc5246)
ThanksAmit
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
