cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Issue Comment Edited] (CXF-4145) Add the ability to restrict what algorithms were used for encryption/signature
Date Mon, 30 Apr 2012 17:41:48 GMT

    [ https://issues.apache.org/jira/browse/CXF-4145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13265045#comment-13265045
] 

Sergey Beryozkin edited comment on CXF-4145 at 4/30/12 5:41 PM:
----------------------------------------------------------------

Right now I'm making the assumption that a given endpoint or a client will support single
key transport & symmetric enc algorithms, ex, it will only support say 'http://www.w3.org/2009/xmlenc11#aes128-gcm'
symmetric algo as opposed to 'http://www.w3.org/2009/xmlenc11#aes128-gcm' &  'http://www.w3.org/2009/xmlenc11#aes128-cbc';
same for all the signature properties.

This will also let me fix CXF-4146 by injecting the reference to the same EncryptionProperties
into in and out encryption handlers. Injecting it into the in handler makes sure the restriction
is enforced and the fact that the same instance is referenced will make sure that the out
handler will use the same algorithms that the client used. Similarly for the signature properties.
I think it is reasonable at this early stage.
                
      was (Author: sergey_beryozkin):
    Right now I'm making the assumption that a given endpoint or a client will support single
key transport & symmetric enc algorithms, ex, it will only support say 'http://www.w3.org/2009/xmlenc11#aes128-gcm'
symmetric algo as opposed to 'http://www.w3.org/2009/xmlenc11#aes128-gcm' &  'http://www.w3.org/2009/xmlenc11#aes128-cbc';
same for all the signature properties.

This will also let me fix CXF-4146 by injecting the reference to the same EncryptionProperties
into in and out encryption handlers. Injecting it into the in handler makes sure the restriction
is enforced and the fact that the same instance is referenced will make sure that the out
handler will use the same algorithms that the client used. Similarly for the signature properies.
I think it is reasonable at this early stage.
                  
> Add the ability to restrict what algorithms were used for encryption/signature
> ------------------------------------------------------------------------------
>
>                 Key: CXF-4145
>                 URL: https://issues.apache.org/jira/browse/CXF-4145
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>            Reporter: Colm O hEigeartaigh
>            Assignee: Sergey Beryozkin
>             Fix For: 2.6.1, 2.5.4
>
>
> This task is to add some functionality on the inbound side to restrict what algorithms
can be used by the client. Examples include the symmetric and Key Transport algorithms for
encryption, and signature/c14n/digest algorithms for signature. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message