Freeman Yue Fang created CXF-8971: ------------------------------------- Summary: Make all parameters of ws-securitypolicy AlgorithmSuite configurable Key: CXF-8971 URL: https://issues.apache.org/jira/browse/CXF-8971 Project: CXF Issue Type: Improvement Reporter: Freeman Yue Fang
In ws-securitypolicy, currently we have a list of AlgorithmSuite by name, some are defined in ws-securitypolicy, they are {code} Basic256 Basic192 Basic128 TripleDes Basic256Rsa15 Basic192Rsa15 Basic128Rsa15 TripleDesRsa15 Basic256Sha256 Basic192Sha256 Basic128Sha256 TripleDesSha256 Basic256Sha256Rsa15 Basic192Sha256Rsa15 Basic128Sha256Rsa15 TripleDesSha256Rsa15 {code} And some are from CXF itself to address CVEs, they are {code} Basic128GCM Basic192GCM Basic256GCM {code} so if users specify a AlgorithmSuite name like {code} <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256Sha256Rsa15 /> </wsp:Policy> </sp:AlgorithmSuite> {code} they will get a AlgorithmSuiteType instance of all parameters hardcoded with this AlgorithmSuite name. {code} new AlgorithmSuiteType( "Basic256Sha256Rsa15", SPConstants.SHA256, SPConstants.AES256, SPConstants.KW_AES256, SPConstants.KW_RSA15, SPConstants.P_SHA1_L256, SPConstants.P_SHA1_L192, 256, 192, 256, MAX_SKL, MIN_AKL, MAX_AKL) {code} However, security algorithms are evolving and some old-time algos may get cracked, or sometimes only some limited modern/strong security algorithms can be used in some scenarios, so current available AlgorithmSuiteType from both ws-securitypolicy or CXF may not meet the specific requirements. It would be great that we can introduce a fully configurable AlgorithmSuiteType which could be named as ,say, customerizedAlgorithmSuite which could have default values, but the parameters of AlgorithmSuiteType can be configured via endpoint(client or server) properties. This flexibility can offer us more convenience. -- This message was sent by Atlassian Jira (v8.20.10#820010)