Return-Path: X-Original-To: apmail-axis-java-dev-archive@www.apache.org Delivered-To: apmail-axis-java-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9092BD0FA for ; Thu, 11 Oct 2012 12:49:08 +0000 (UTC) Received: (qmail 3532 invoked by uid 500); 11 Oct 2012 12:49:07 -0000 Delivered-To: apmail-axis-java-dev-archive@axis.apache.org Received: (qmail 2511 invoked by uid 500); 11 Oct 2012 12:49:05 -0000 Mailing-List: contact java-dev-help@axis.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: java-dev@axis.apache.org Delivered-To: mailing list java-dev@axis.apache.org Received: (qmail 1528 invoked by uid 99); 11 Oct 2012 12:49:03 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Oct 2012 12:49:03 +0000 Date: Thu, 11 Oct 2012 12:49:02 +0000 (UTC) From: "Boris Dushanov (JIRA)" To: java-dev@axis.apache.org Message-ID: <290669775.25951.1349959743058.JavaMail.jiratomcat@arcas> Subject: [jira] [Created] (RAMPART-394) BindingBuilder.getEncryptedKeyBuilder() does not set symmetric encryption algorithm to the created WSSecEncryptedKey MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 Boris Dushanov created RAMPART-394: -------------------------------------- Summary: BindingBuilder.getEncryptedKeyBuilder() does not set symmetric encryption algorithm to the created WSSecEncryptedKey Key: RAMPART-394 URL: https://issues.apache.org/jira/browse/RAMPART-394 Project: Rampart Issue Type: Bug Components: rampart-core Affects Versions: 1.6.2 Reporter: Boris Dushanov Here are code snippets from BindingBuilder.getEncryptedKeyBuilder() before and after upgrade to WSS4J version to 1.6.4. Before: WSSecEncryptedKey encrKey = new WSSecEncryptedKey(); try { RampartUtil.setKeyIdentifierType(rpd, encrKey, token); RampartUtil.setEncryptionUser(rmd, encrKey); encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength()); encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap()); encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader())); return encrKey; After : WSSecEncryptedKey encrKey = new WSSecEncryptedKey(); try { RampartUtil.setKeyIdentifierType(rmd, encrKey, token); RampartUtil.setEncryptionUser(rmd, encrKey); //TODO we do not need to pass keysize as it is taken from algorithm it self - verify- encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap()); encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader())); The problem is in not setting the symmetric key size to the encrypted key.By default WSSecEncryptedKey assumes it is AES_128 and does not care for the encryption in the RampartPolicyData.In my specific case the expected encryption is 3DES which leads to throwing InvalidKeyException because of a wrong key size.The size of 3DES is 192 bits but a 128bits AES key is created instead. I propose the following solution: WSSecEncryptedKey encrKey = new WSSecEncryptedKey(); try { RampartUtil.setKeyIdentifierType(rmd, encrKey, token); RampartUtil.setEncryptionUser(rmd, encrKey); encrKey.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption()); encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap()); encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader())); return encrKey; -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org For additional commands, e-mail: java-dev-help@axis.apache.org