Affects Version/s: None
Fix Version/s: 1.5.5
The UsernameToken profile 1.1 provides for using UsernameTokens for key derivation (section 4: Key Derivation). We currently have some limited support in UsernameToken.java for generating and parsing UsernameTokens with derived keys, but no tests.
The attached patch contains the following improvements:
1) Two bugs in processing a Username Token in UsernameToken.java with a derived key are fixed + some cleanup to the code.
2) WSSecUsernameToken.java is extended to wrap the key derivation functionality of UsernameToken.java.
3) A unit test is added for UsernameToken.java, as well as two tests which use a derived key from a username token for encryption and signing purposes.
The processing of a UsernameToken with derived keys is left for a future release.
|Assignee||Ruchith Udayanga Fernando [ ruchith ]||Fred Dushin [ fdushin ]|
|Fix Version/s||1.5.5 [ 12313215 ]|
|Assignee||Fred Dushin [ fdushin ]||Colm O hEigeartaigh [ coheigea ]|
|Resolution||Fixed [ 1 ]|
|Status||Open [ 1 ]||Resolved [ 5 ]|
|Status||Resolved [ 5 ]||Closed [ 6 ]|