Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-305

No way to register internal key resolvers in DECRYPT_MODE

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Java 1.5.1
    • Java 1.5.2
    • None
    • Security Level: Public (Public issues, viewable by everyone)
    • None

    Description

      There is no way to register internal key resolvers in DECRYPT_MODE. The internal resolvers are usually registered on a KeyInfo. When we call XMLCipher.doFinal(Document, Element) to decrypt, it creates a new EncryptedData object on the fly and uses it immediately (See XMLCipher.decryptToByteArray). There is no chance to modify the KeyInfo inside that EncryptedData before it is used. It is possible to call XMLCipher.loadEncryptedData() separately, but there is little we can do with that EncryptedData afterwards. Using the static resolvers is not thread-safe in general. By that I mean, you cannot configure the static resolver per thread unless you use thread local storage.

      Possible solutions:
      1. Let the XMLCipher maintain a list of internal key resolvers directly.
      2. Pass internal resolvers when calling doFinal()
      3. Add a method XMLCipher.decryptData(EncryptedData) similar to decryptKey(EncryptedKey),
      So we could call XMLCipher.loadEncryptedData(Element), modify the KeyInfo inside the EncryptedData, and call XMLCipher.decryptData().

      Attachments

        1. santuario-305.diff
          13 kB
          Clement Pellerin
        2. santuario-305.zip
          23 kB
          Clement Pellerin

        Issue Links

          Activity

            People

              coheigea Colm O hEigeartaigh
              clement_pellerin@ibi.com Clement Pellerin
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: