cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: svn commit: r1293213 - /cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
Date Fri, 24 Feb 2012 12:19:21 GMT
Wow, thanks Colm :-) The black magic security stuff in action :-)

Cheers, Sergey

On 24/02/12 12:17, coheigea@apache.org wrote:
> Author: coheigea
> Date: Fri Feb 24 12:17:22 2012
> New Revision: 1293213
>
> URL: http://svn.apache.org/viewvc?rev=1293213&view=rev
> Log:
> Fixed failing RS-Security tests with the IBM JDK and Santuario 1.5.x
>
> Modified:
>      cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
>
> Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
> URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java?rev=1293213&r1=1293212&r2=1293213&view=diff
> ==============================================================================
> --- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
(original)
> +++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
Fri Feb 24 12:17:22 2012
> @@ -18,11 +18,15 @@
>    */
>   package org.apache.cxf.rs.security.xml;
>
> +import java.security.InvalidAlgorithmParameterException;
>   import java.security.InvalidKeyException;
>   import java.security.Key;
>   import java.security.cert.X509Certificate;
> +import java.security.spec.MGF1ParameterSpec;
>
>   import javax.crypto.Cipher;
> +import javax.crypto.spec.OAEPParameterSpec;
> +import javax.crypto.spec.PSource;
>
>   import org.apache.ws.security.WSSecurityException;
>   import org.apache.ws.security.util.WSSecurityUtil;
> @@ -38,11 +42,25 @@ public final class EncryptionUtils {
>           throws WSSecurityException {
>           Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
>           try {
> -            cipher.init(mode, cert);
> +            OAEPParameterSpec oaepParameterSpec = null;
> +            if (XMLCipher.RSA_OAEP.equals(keyEncAlgo)) {
> +                oaepParameterSpec = new OAEPParameterSpec(
> +                    "SHA-1", "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT
> +                );
> +            }
> +            if (oaepParameterSpec == null) {
> +                cipher.init(mode, cert);
> +            } else {
> +                cipher.init(mode, cert.getPublicKey(), oaepParameterSpec);
> +            }
>           } catch (InvalidKeyException e) {
>               throw new WSSecurityException(
>                   WSSecurityException.FAILED_ENCRYPTION, null, null, e
>               );
> +        } catch (InvalidAlgorithmParameterException e) {
> +            throw new WSSecurityException(
> +                WSSecurityException.FAILED_ENCRYPTION, null, null, e
> +            );
>           }
>           return cipher;
>       }
> @@ -51,11 +69,25 @@ public final class EncryptionUtils {
>           throws WSSecurityException {
>           Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
>           try {
> -            cipher.init(mode, key);
> +            OAEPParameterSpec oaepParameterSpec = null;
> +            if (XMLCipher.RSA_OAEP.equals(keyEncAlgo)) {
> +                oaepParameterSpec = new OAEPParameterSpec(
> +                    "SHA-1", "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT
> +                );
> +            }
> +            if (oaepParameterSpec == null) {
> +                cipher.init(mode, key);
> +            } else {
> +                cipher.init(mode, key, oaepParameterSpec);
> +            }
>           } catch (InvalidKeyException e) {
>               throw new WSSecurityException(
>                   WSSecurityException.FAILED_ENCRYPTION, null, null, e
>               );
> +        } catch (InvalidAlgorithmParameterException e) {
> +            throw new WSSecurityException(
> +                WSSecurityException.FAILED_ENCRYPTION, null, null, e
> +            );
>           }
>           return cipher;
>       }
>
>


-- 
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com

Mime
View raw message