Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
Java 3.0.4, Java 4.0.2
-
None
-
Java 17
Description
The 3.0.4 release (and I assume also the corresponding 4.0.x release, but I can't test that) introduced a regression inĀ XMLCipher related to the new support for ECDH and AgreementMethod.
The code in XMLCipher#getAlgorithmParameters(EncryptedKey) seems to implicitly assume that if there are AgreementMethod elements present in the KeyInfo, that it needs to actually "do" key agreement, so it unconditionally casts the supplied input Key to PrivateKey (assuming it is an ECPrivateKey, for example).
This assumption doesn't hold, because the caller may have already performed the key agreement op independently on the KeyInfo data, and has inited XMLCipher with the resulting SecretKey. OpenSAML implemented ECDH (and DH classic) support several years ago using this approach.
Attachments
Issue Links
- links to