jrihtarsic commented on code in PR #264:
URL: https://github.com/apache/ws-wss4j/pull/264#discussion_r1463070691
##########
ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java:
##########
@@ -505,35 +533,61 @@ protected void createEncryptedKeyElement(Key key) throws
WSSecurityException {
}
}
- protected byte[] encryptSymmetricKey(PublicKey encryptingKey, SecretKey
keyToBeEncrypted)
+ /**
+ * Method builds the KeyAgreementParameterSpec for the ECDH-ES Key
Agreement Method using
+ * the recipient's public key and preconfigured values: keyEncAlgo,
digestAlgo and keyAgreementMethod
+ *
+ * @param recipientPublicKey the recipient's public key
+ * @return KeyAgreementParameterSpec the {@link
java.security.spec.AlgorithmParameterSpec} for generating the
+ * key for encrypting transport key and generating XML elements.
+ *
+ * @throws WSSecurityException if the KeyAgreementParameterSpec cannot be
created
+ */
+ public KeyAgreementParameters buildKeyAgreementParameter(PublicKey
recipientPublicKey)
+ throws WSSecurityException {
+ KeyAgreementParameters dhSpec;
+ try {
+
+ int keyBitLength =
org.apache.xml.security.utils.KeyUtils.getAESKeyBitSizeForWrapAlgorithm(keyEncAlgo);
+ KeyDerivationParameters kdf =
XMLCipherUtil.constructConcatKeyDerivationParameter(keyBitLength, digestAlgo);
+ KeyPair dhKeyPair =
org.apache.xml.security.utils.KeyUtils.generateEphemeralDHKeyPair(recipientPublicKey,
null);
+ dhSpec =
XMLCipherUtil.constructAgreementParameters(keyAgreementMethod,
+ KeyAgreementParameters.ActorType.ORIGINATOR, kdf, null,
recipientPublicKey);
+ dhSpec.setOriginatorKeyPair(dhKeyPair);
+ } catch (XMLEncryptionException e) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e
+ );
+ }
+ return dhSpec;
+ }
+
+ /**
+ * Method generates the key for encrypting the transport key using the
KeyAgreementParameterSpec
+ *
+ * @param keyAgreementParameter the {@link KeyAgreementParameters} for
generating the secret key
+ * @return SecretKey the secret key for encrypting the transport key
+ * @throws WSSecurityException if the secret key cannot be generated
+ */
+ public SecretKey generateEncryptionKey(KeyAgreementParameters
keyAgreementParameter) throws WSSecurityException {
Review Comment:
Changed it to private
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
