Wow, thanks Colm :-) The black magic security stuff in action :-)
Cheers, Sergey On 24/02/12 12:17, cohei...@apache.org wrote:
Author: coheigea Date: Fri Feb 24 12:17:22 2012 New Revision: 1293213 URL: http://svn.apache.org/viewvc?rev=1293213&view=rev Log: Fixed failing RS-Security tests with the IBM JDK and Santuario 1.5.x Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java?rev=1293213&r1=1293212&r2=1293213&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java (original) +++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java Fri Feb 24 12:17:22 2012 @@ -18,11 +18,15 @@ */ package org.apache.cxf.rs.security.xml; +import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.Key; import java.security.cert.X509Certificate; +import java.security.spec.MGF1ParameterSpec; import javax.crypto.Cipher; +import javax.crypto.spec.OAEPParameterSpec; +import javax.crypto.spec.PSource; import org.apache.ws.security.WSSecurityException; import org.apache.ws.security.util.WSSecurityUtil; @@ -38,11 +42,25 @@ public final class EncryptionUtils { throws WSSecurityException { Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo); try { - cipher.init(mode, cert); + OAEPParameterSpec oaepParameterSpec = null; + if (XMLCipher.RSA_OAEP.equals(keyEncAlgo)) { + oaepParameterSpec = new OAEPParameterSpec( + "SHA-1", "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT + ); + } + if (oaepParameterSpec == null) { + cipher.init(mode, cert); + } else { + cipher.init(mode, cert.getPublicKey(), oaepParameterSpec); + } } catch (InvalidKeyException e) { throw new WSSecurityException( WSSecurityException.FAILED_ENCRYPTION, null, null, e ); + } catch (InvalidAlgorithmParameterException e) { + throw new WSSecurityException( + WSSecurityException.FAILED_ENCRYPTION, null, null, e + ); } return cipher; } @@ -51,11 +69,25 @@ public final class EncryptionUtils { throws WSSecurityException { Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo); try { - cipher.init(mode, key); + OAEPParameterSpec oaepParameterSpec = null; + if (XMLCipher.RSA_OAEP.equals(keyEncAlgo)) { + oaepParameterSpec = new OAEPParameterSpec( + "SHA-1", "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT + ); + } + if (oaepParameterSpec == null) { + cipher.init(mode, key); + } else { + cipher.init(mode, key, oaepParameterSpec); + } } catch (InvalidKeyException e) { throw new WSSecurityException( WSSecurityException.FAILED_ENCRYPTION, null, null, e ); + } catch (InvalidAlgorithmParameterException e) { + throw new WSSecurityException( + WSSecurityException.FAILED_ENCRYPTION, null, null, e + ); } return cipher; }
-- Sergey Beryozkin Talend Community Coders http://coders.talend.com/ Blog: http://sberyozkin.blogspot.com