This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/master by this push:
new f499de0b6 WSS-710 Some cleanup
f499de0b6 is described below
commit f499de0b61ad12ff0911e5ee64543e5e0b1e4432
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Mon Jul 15 14:53:39 2024 +0100
WSS-710 Some cleanup
---
.../java/org/apache/wss4j/common/ConfigurationConstants.java | 6 +++---
.../java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java | 12 ++++++++++--
2 files changed, 13 insertions(+), 5 deletions(-)
diff --git
a/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
b/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
index 3eb0fa520..d65c5d79b 100644
---
a/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
+++
b/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
@@ -769,10 +769,10 @@ public class ConfigurationConstants {
/**
* Defines the Key Derivation parameters to derive encryption key used
with the keyAgreement method. In case the
- * property value is set it supersede the ENC_KEY_DERIVATION_FUNCTION
value.
+ * property value is set, it supersedes the ENC_KEY_DERIVATION_FUNCTION
value.
* The value for the property must implement the
<code>org.apache.xml.security.encryption.params.KeyDerivationParameters</code>
- * interface. Currently, only the
<code>org.apache.xml.security.encryption.params.HKDFParams</code> and
- * <code>org.apache.xml.security.encryption.params.ConcatKDFParams</code>.
+ * interface. Currently, only
<code>org.apache.xml.security.encryption.params.HKDFParams</code> and
+ * <code>org.apache.xml.security.encryption.params.ConcatKDFParams</code>
are available.
*
*
* The application may set this parameter using the following method:
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
index 537c9678a..0a739a8fd 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
@@ -36,6 +36,7 @@ import org.apache.xml.security.encryption.params.HKDFParams;
import org.apache.xml.security.encryption.params.KeyAgreementParameters;
import org.apache.xml.security.encryption.params.KeyDerivationParameters;
import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.XMLUtils;
@@ -629,8 +630,15 @@ public class WSSecEncryptedKey extends WSSecBase {
// rfc5869: Yet, even a salt value of less quality (shorter in
// size or with limited entropy) may still make a significant
// contribution to the security of the output keying material
- byte[] semiRandom = new byte[keyBitLength / 8];
- new SecureRandom().nextBytes(semiRandom);
+ byte[] semiRandom;
+ try {
+ int length = keyBitLength / 8;
+ semiRandom = XMLSecurityConstants.generateBytes(length);
+ } catch (Exception ex) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex,
+ "empty", new Object[] {"Error in generating secret
bytes " }
+ );
+ }
return HKDFParams.createBuilder(keyBitLength,
WSS4JConstants.HMAC_SHA256)
.salt(semiRandom)
.info(null)
