ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: WS-Security RSA Excrytion exception..
Date Thu, 11 Jun 2009 16:56:20 GMT
On Thu June 11 2009 7:31:19 am Daniel Kulp wrote:
> On Thu June 11 2009 7:08:31 am Werner Dittmann wrote:
> > Daniel Kulp schrieb:
> > > To the WSS4j folks:  why is this method not calling
> > > XMLCipher.getInstance like every other cipher related thing?  Should it
> > > be?   Would that alone fix it?
> >
> > XMLCipher is a specific instance that wraps (or unwraps) the cipher data
> > (or plain data) according to W3C xmlenc specification. In the above case
> > we need the plain public key algorithm to encrypt (or decrypt) the
> > ephemeral symmetric key with the public (private) key of the receiver.
> >
> > No - it won't fix this particular problem.
>
> Ah.  Ok.   But do they have a method someplace (dont have the code right
> now) that would map the WS keys (like
> http://www.w3.org/2001/04/xmlenc#rsa-1_5) into Cipher objects?    Not a big
> deal.

Actually, did a little digging.   xmlsec DOES have a class to map these.   
JCEMapper has methods to map the URI's to JCE ids:
JCEMapper.translateURItoJCEID

In the case of xmlsec, the config file specifies:

         <Algorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
                    Description="Key Transport RSA-v1.5"
                    AlgorithmClass="KeyTransport"
                    RequirementLevel="REQUIRED"
                    RequiredKey="RSA"
                    JCEName="RSA/ECB/PKCS1Padding"/>

         <Algorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
                    Description="Key Transport RSA-OAEP"
                    AlgorithmClass="KeyTransport"
                    RequirementLevel="REQUIRED"
                    RequiredKey="RSA"
                    JCEName="RSA/ECB/OAEPWithSHA1AndMGF1Padding"/>

Thus, for those URI's, xmlsec always uses the provider in the JDK.   IMO, 
WSS4J should match this, preferably by just calling into JCEMapper so it 
always will use the same mapping.

If there are no objections, I'll change the code to do just that.

-- 
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message