Uploaded image for project: 'Rampart'
  1. Rampart
  2. RAMPART-394

BindingBuilder.getEncryptedKeyBuilder() does not set symmetric encryption algorithm to the created WSSecEncryptedKey

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.6.2
    • Fix Version/s: None
    • Component/s: rampart-core
    • Labels:
      None

      Description

      Here are code snippets from BindingBuilder.getEncryptedKeyBuilder() before and after upgrade to WSS4J version to 1.6.4.

      Before:

      WSSecEncryptedKey encrKey = new WSSecEncryptedKey();

      try {
      RampartUtil.setKeyIdentifierType(rpd, encrKey, token);
      RampartUtil.setEncryptionUser(rmd, encrKey);
      encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength());
      encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());

      encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader()));

      return encrKey;

      After :

      WSSecEncryptedKey encrKey = new WSSecEncryptedKey();

      try {
      RampartUtil.setKeyIdentifierType(rmd, encrKey, token);
      RampartUtil.setEncryptionUser(rmd, encrKey);

      //TODO we do not need to pass keysize as it is taken from algorithm it self - verify-
      encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());

      encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader()));

      The problem is in not setting the symmetric key size to the encrypted key.By default WSSecEncryptedKey assumes it is AES_128 and does not care for the encryption in the RampartPolicyData.In my specific case the expected encryption is 3DES which leads to throwing InvalidKeyException because of a wrong key size.The size of 3DES is 192 bits but a 128bits AES key is created instead.

      I propose the following solution:

      WSSecEncryptedKey encrKey = new WSSecEncryptedKey();

      try {
      RampartUtil.setKeyIdentifierType(rmd, encrKey, token);
      RampartUtil.setEncryptionUser(rmd, encrKey);

      encrKey.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
      encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());

      encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader()));

      return encrKey;

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              bodu Boris Dushanov
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: