WSS4J
  1. WSS4J
  2. WSS-306

It would be nice to have WSSecEncryptedKey generate secret keys by means of KeyGenerator

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.6.1
    • Fix Version/s: 1.6.3
    • Component/s: WSS4J Core
    • Labels:
      None

      Description

      WSS4J generates secret key itself instead of using http://download.oracle.com/javase/6/docs/api/javax/crypto/KeyGenerator.html#generateKey%28%29

      protected byte[] generateEphemeralKey() throws WSSecurityException {
      try

      { return WSSecurityUtil.generateNonce(this.keySize / 8); }

      catch (Exception e)

      { throw new WSSecurityException("Error in creating the ephemeral key", e); }

      }

      1. WSS-306.patch
        3 kB
        Anli Shundi

        Activity

        Colm O hEigeartaigh made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Colm O hEigeartaigh made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Hide
        Colm O hEigeartaigh added a comment -

        I took a different approach to the supplied patch. I added in the change to use nanoTime in WSSecurityUtil though.

        Colm.

        Show
        Colm O hEigeartaigh added a comment - I took a different approach to the supplied patch. I added in the change to use nanoTime in WSSecurityUtil though. Colm.
        Colm O hEigeartaigh made changes -
        Fix Version/s 1.6.3 [ 12317595 ]
        Anli Shundi made changes -
        Attachment WSS-306.patch [ 12489980 ]
        Hide
        Anli Shundi added a comment -

        Great catch. Here's a proposed patch making that method abstract and implementing it in the direct WSSecEncrypt subclass. Notice also the use of System.nano instead of milli in WSSecUtils

        Show
        Anli Shundi added a comment - Great catch. Here's a proposed patch making that method abstract and implementing it in the direct WSSecEncrypt subclass. Notice also the use of System.nano instead of milli in WSSecUtils
        Sergey Zhemzhitsky made changes -
        Field Original Value New Value
        Description WSS4J generates secret key itself instead of using http://download.oracle.com/javase/6/docs/api/javax/crypto/KeyGenerator.html#generateKey%28%29
        {code}
            protected byte[] generateEphemeralKey() throws WSSecurityException {
                try {
                    return WSSecurityUtil.generateNonce(this.keySize / 8);
                } catch (Exception e) {
                    throw new WSSecurityException("Error in creating the ephemeral key", e);
                }
            }
        {code}
        WSS4J generates secret key itself instead of using http://download.oracle.com/javase/6/docs/api/javax/crypto/KeyGenerator.html#generateKey%28%29

            protected byte[] generateEphemeralKey() throws WSSecurityException {
                try {
                    return WSSecurityUtil.generateNonce(this.keySize / 8);
                } catch (Exception e) {
                    throw new WSSecurityException("Error in creating the ephemeral key", e);
                }
            }
        Sergey Zhemzhitsky created issue -

          People

          • Assignee:
            Colm O hEigeartaigh
            Reporter:
            Sergey Zhemzhitsky
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development