jrihtarsic commented on code in PR #271:
URL:
https://github.com/apache/santuario-xml-security-java/pull/271#discussion_r1575668885
##########
src/main/java/org/apache/xml/security/encryption/XMLCipherUtil.java:
##########
@@ -140,7 +140,7 @@ public static OAEPParameterSpec constructOAEPParameters(
public static MGF1ParameterSpec constructMGF1Parameter(String
mgh1AlgorithmURI) {
LOG.log(Level.DEBUG, "Creating MGF1ParameterSpec for [{0}]",
mgh1AlgorithmURI);
if (mgh1AlgorithmURI == null || mgh1AlgorithmURI.isEmpty()) {
- LOG.log(Level.WARNING,"MGF1 algorithm URI is null or empty. Using
SHA-1 as default.");
+ LOG.log(Level.WARNING, "MGF1 algorithm URI is null or empty. Using
SHA-1 as default.");
Review Comment:
Totally agree with the comment. But this wold change the existing behavior
and mya break some "useges" which is following the
https://www.w3.org/TR/xmlenc-core1/#sec-RSA-OAEP
`The message digest function SHOULD be specified using the Algorithm
attribute of the ds:DigestMethod child element of the xenc:EncryptionMethod
element. If it is not specified, the default value of SHA1 is to be used. `
@coheigea if you agree I will change this to SHA-256, and I suggest that
this is duly noted in the release notes.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
