[SANTUARIO-305] No way to register internal key resolvers in DECRYPT_MODE - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Java 1.5.1
Fix Version/s: Java 1.5.2
Component/s: None
Security Level: Public (Public issues, viewable by everyone)
Labels:
None

Description

There is no way to register internal key resolvers in DECRYPT_MODE. The internal resolvers are usually registered on a KeyInfo. When we call XMLCipher.doFinal(Document, Element) to decrypt, it creates a new EncryptedData object on the fly and uses it immediately (See XMLCipher.decryptToByteArray). There is no chance to modify the KeyInfo inside that EncryptedData before it is used. It is possible to call XMLCipher.loadEncryptedData() separately, but there is little we can do with that EncryptedData afterwards. Using the static resolvers is not thread-safe in general. By that I mean, you cannot configure the static resolver per thread unless you use thread local storage.

Possible solutions:
1. Let the XMLCipher maintain a list of internal key resolvers directly.
2. Pass internal resolvers when calling doFinal()
3. Add a method XMLCipher.decryptData(EncryptedData) similar to decryptKey(EncryptedKey),
So we could call XMLCipher.loadEncryptedData(Element), modify the KeyInfo inside the EncryptedData, and call XMLCipher.decryptData().

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

santuario-305.diff
28/Mar/12 13:32
13 kB
Clement Pellerin
santuario-305.zip
26/Mar/12 16:48
23 kB
Clement Pellerin

Issue Links

supercedes

SANTUARIO-227 impossible to subclass XMLCipher

Closed

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Clement Pellerin

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 21/Mar/12 21:08

Updated:: 14/May/12 08:51

Resolved:: 29/Mar/12 09:22