cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1412902 - in /cxf/trunk: rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/ services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/
Date Fri, 23 Nov 2012 14:43:57 GMT
Author: coheigea
Date: Fri Nov 23 14:43:55 2012
New Revision: 1412902

URL: http://svn.apache.org/viewvc?rev=1412902&view=rev
Log:
Default to requiring RSA OAEP for the REST Encryption case

Modified:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/JaxrsBasicAuthTest.java

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java?rev=1412902&r1=1412901&r2=1412902&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
Fri Nov 23 14:43:55 2012
@@ -135,12 +135,15 @@ public abstract class AbstractXmlEncInHa
         if (encProps != null) {
             if (encProps.getEncryptionKeyTransportAlgo() != null
                 && !encProps.getEncryptionKeyTransportAlgo().equals(keyEncAlgo))
{
-                throwFault("Symmetric Key Algorithm is not supported", null);
+                throwFault("Key Transport Algorithm is not supported", null);
             }
             if (encProps.getEncryptionDigestAlgo() != null
                 && (digestAlgo == null || !encProps.getEncryptionDigestAlgo().equals(digestAlgo)))
{
                 throwFault("Digest Algorithm is not supported", null);
             }
+        } else if (!XMLCipher.RSA_OAEP.equals(keyEncAlgo)) {
+            // RSA OAEP is the required default Key Transport Algorithm
+            throwFault("Key Transport Algorithm is not supported", null);
         }
         
         

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java?rev=1412902&r1=1412901&r2=1412902&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
Fri Nov 23 14:43:55 2012
@@ -18,8 +18,10 @@
  */
 package org.apache.cxf.rs.security.xml;
 
+import org.apache.xml.security.encryption.XMLCipher;
+
 public class EncryptionProperties {
-    private String encryptionKeyTransportAlgo;
+    private String encryptionKeyTransportAlgo = XMLCipher.RSA_OAEP;
     private String encryptionSymmetricKeyAlgo;
     private String encryptionDigestAlgo;
     private String encryptionKeyIdType;

Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/JaxrsBasicAuthTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/JaxrsBasicAuthTest.java?rev=1412902&r1=1412901&r2=1412902&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/JaxrsBasicAuthTest.java
(original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/JaxrsBasicAuthTest.java
Fri Nov 23 14:43:55 2012
@@ -84,7 +84,6 @@ public class JaxrsBasicAuthTest extends 
             if (authFailureExpected) {
                 throw new RuntimeException("Exception expected");
             }
-            System.out.println("The number " + numToDouble + " doubled is " + resp);
             org.junit.Assert.assertEquals(2 * numToDouble, resp);
         } catch (WebApplicationException ex) {
             if (!authFailureExpected) {



Mime
View raw message