[jira] [Created] (CAMEL-7104) Add support for all permissions for authorization in camel-shiro
Colm O hEigeartaigh created CAMEL-7104: -- Summary: Add support for all permissions for authorization in camel-shiro Key: CAMEL-7104 URL: https://issues.apache.org/jira/browse/CAMEL-7104 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Priority: Minor Fix For: 2.13.0 Attachments: camel-7104.patch Currently, the ShiroSecurityPolicy takes a List of Shiro Permission objects for authorization. Authorization succeeds if any of the permissions match that of the current user. However, it's not possible to support requiring all of the permissions, expect via the permission wildcard syntax, which may not be convenient for every circumstance. -- This message was sent by Atlassian JIRA (v6.1.5#6160)
[jira] [Created] (CAMEL-7083) Log a warning when default encryption keys used
Colm O hEigeartaigh created CAMEL-7083: -- Summary: Log a warning when default encryption keys used Key: CAMEL-7083 URL: https://issues.apache.org/jira/browse/CAMEL-7083 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Fix For: 2.13.0 Two Camel components use default keys for encryption: camel-xmlsecurity and camel-shiro. This task is to log a warning when this happens, as using a default secret key is more or less meaningless. -- This message was sent by Atlassian JIRA (v6.1.4#6159)
[jira] [Updated] (CAMEL-7083) Log a warning when default encryption keys used
[ https://issues.apache.org/jira/browse/CAMEL-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated CAMEL-7083: --- Attachment: camel-7083.patch A patch for this issue. Colm. Log a warning when default encryption keys used --- Key: CAMEL-7083 URL: https://issues.apache.org/jira/browse/CAMEL-7083 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Fix For: 2.13.0 Attachments: camel-7083.patch Two Camel components use default keys for encryption: camel-xmlsecurity and camel-shiro. This task is to log a warning when this happens, as using a default secret key is more or less meaningless. -- This message was sent by Atlassian JIRA (v6.1.4#6159)
[jira] [Created] (CAMEL-7079) Improvements to camel-shiro's ShiroSecurityProcessor
Colm O hEigeartaigh created CAMEL-7079: -- Summary: Improvements to camel-shiro's ShiroSecurityProcessor Key: CAMEL-7079 URL: https://issues.apache.org/jira/browse/CAMEL-7079 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Attachments: camel.patch.1, camel.patch.2 I am attaching two different patches for some improvements to the ShiroSecurityProcessor in Camel's camel-shiro component. I'd like some feedback on which patch should apply. The scenario is that a ShiroSecurityToken object is retrieved in the ShiroSecurityProcessor. Currently, this object is first encrypted, and then decrypted, before authentication/authorization checking applies. a) Patch 1 makes no change to the current functionality of the processor, but provides a performance improvement to avoid encrypting + decrypting a ShiroSecurityToken object. We only need to decrypt a String or ByteSource header, not a ShiroSecurityToken object. b) Patch 2 follows the old pattern of encrypting + decrypting the ShiroSecurityToken object, but replaces the unencrypted token in the exchange, with the subsequent encrypted token. This may help avoid unintentional propagation of plaintext values in subsequent communications. The tests all pass with both approaches. -- This message was sent by Atlassian JIRA (v6.1.4#6159)
[jira] [Updated] (CAMEL-7079) Improvements to camel-shiro's ShiroSecurityProcessor
[ https://issues.apache.org/jira/browse/CAMEL-7079?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated CAMEL-7079: --- Attachment: camel.patch.2 camel.patch.1 Improvements to camel-shiro's ShiroSecurityProcessor Key: CAMEL-7079 URL: https://issues.apache.org/jira/browse/CAMEL-7079 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Attachments: camel.patch.1, camel.patch.2 I am attaching two different patches for some improvements to the ShiroSecurityProcessor in Camel's camel-shiro component. I'd like some feedback on which patch should apply. The scenario is that a ShiroSecurityToken object is retrieved in the ShiroSecurityProcessor. Currently, this object is first encrypted, and then decrypted, before authentication/authorization checking applies. a) Patch 1 makes no change to the current functionality of the processor, but provides a performance improvement to avoid encrypting + decrypting a ShiroSecurityToken object. We only need to decrypt a String or ByteSource header, not a ShiroSecurityToken object. b) Patch 2 follows the old pattern of encrypting + decrypting the ShiroSecurityToken object, but replaces the unencrypted token in the exchange, with the subsequent encrypted token. This may help avoid unintentional propagation of plaintext values in subsequent communications. The tests all pass with both approaches. -- This message was sent by Atlassian JIRA (v6.1.4#6159)
[jira] [Reopened] (CAMEL-7039) Upgrade to BouncyCastle 1.50
[ https://issues.apache.org/jira/browse/CAMEL-7039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh reopened CAMEL-7039: Have to re-open this due a problem with BouncyCastle 1.50 + OSGi: https://issues.apache.org/jira/browse/SSHD-268 Hadrian, could you downgrade to 1.49, but keep the other changes so that it'll be a simple process to upgrade to 1.51 when it comes out? Colm. Upgrade to BouncyCastle 1.50 Key: CAMEL-7039 URL: https://issues.apache.org/jira/browse/CAMEL-7039 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Assignee: Hadrian Zbarcea Priority: Trivial Fix For: 2.13.0 Attachments: camel-7039-revised.patch, camel-7039.patch Upgrade to BouncyCastle 1.50, which is now in Maven Central. -- This message was sent by Atlassian JIRA (v6.1.4#6159)
[jira] [Reopened] (CAMEL-7039) Upgrade to BouncyCastle 1.50
[ https://issues.apache.org/jira/browse/CAMEL-7039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh reopened CAMEL-7039: Have to re-open this due a problem with BouncyCastle 1.50 + OSGi: https://issues.apache.org/jira/browse/SSHD-268 Hadrian, could you downgrade to 1.49, but keep the other changes so that it'll be a simple process to upgrade to 1.51 when it comes out? Colm. Upgrade to BouncyCastle 1.50 Key: CAMEL-7039 URL: https://issues.apache.org/jira/browse/CAMEL-7039 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Assignee: Hadrian Zbarcea Priority: Trivial Fix For: 2.13.0 Attachments: camel-7039-revised.patch, camel-7039.patch Upgrade to BouncyCastle 1.50, which is now in Maven Central. -- This message was sent by Atlassian JIRA (v6.1.4#6159)
[jira] [Updated] (CAMEL-7039) Upgrade to BouncyCastle 1.50
[ https://issues.apache.org/jira/browse/CAMEL-7039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated CAMEL-7039: --- Attachment: camel-7039-revised.patch Hi Hadrian, Here is a revised patch for this issue - it fixes the camel-ssh failures. I am going to submit a similar patch to the mina sshd project. Colm. Upgrade to BouncyCastle 1.50 Key: CAMEL-7039 URL: https://issues.apache.org/jira/browse/CAMEL-7039 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Assignee: Hadrian Zbarcea Priority: Trivial Fix For: 2.13.0 Attachments: camel-7039-revised.patch, camel-7039.patch Upgrade to BouncyCastle 1.50, which is now in Maven Central. -- This message was sent by Atlassian JIRA (v6.1.4#6159)
[jira] [Created] (CAMEL-7039) Upgrade to BouncyCastle 1.50
Colm O hEigeartaigh created CAMEL-7039: -- Summary: Upgrade to BouncyCastle 1.50 Key: CAMEL-7039 URL: https://issues.apache.org/jira/browse/CAMEL-7039 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Priority: Trivial Fix For: 2.13.0 Upgrade to BouncyCastle 1.50, which is now in Maven Central. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Updated] (CAMEL-7039) Upgrade to BouncyCastle 1.50
[ https://issues.apache.org/jira/browse/CAMEL-7039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated CAMEL-7039: --- Attachment: camel-7039.patch Trivial patch. Upgrade to BouncyCastle 1.50 Key: CAMEL-7039 URL: https://issues.apache.org/jira/browse/CAMEL-7039 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Priority: Trivial Fix For: 2.13.0 Attachments: camel-7039.patch Upgrade to BouncyCastle 1.50, which is now in Maven Central. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Updated] (CAMEL-6959) Update to XML Security 1.5.6
[ https://issues.apache.org/jira/browse/CAMEL-6959?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated CAMEL-6959: --- Attachment: camel-6959.patch Update to XML Security 1.5.6 Key: CAMEL-6959 URL: https://issues.apache.org/jira/browse/CAMEL-6959 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Fix For: 2.11.3, 2.12.2, 2.13.0 Attachments: camel-6959.patch Please apply the trivial attached patch to update to XML Security 1.5.6. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Created] (CAMEL-6959) Update to XML Security 1.5.6
Colm O hEigeartaigh created CAMEL-6959: -- Summary: Update to XML Security 1.5.6 Key: CAMEL-6959 URL: https://issues.apache.org/jira/browse/CAMEL-6959 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Fix For: 2.11.3, 2.12.2, 2.13.0 Attachments: camel-6959.patch Please apply the trivial attached patch to update to XML Security 1.5.6. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Updated] (CAMEL-6711) Add ECDSA test to new XML Signature component
[ https://issues.apache.org/jira/browse/CAMEL-6711?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated CAMEL-6711: --- Attachment: camel-6711.patch Please apply the supplied patch. Note that the test also requires the ecdsa.jks currently in camel-crypto. So a cp components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/ecdsa.jks components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity is also required. Colm. Add ECDSA test to new XML Signature component - Key: CAMEL-6711 URL: https://issues.apache.org/jira/browse/CAMEL-6711 Project: Camel Issue Type: Test Reporter: Colm O hEigeartaigh Priority: Minor Fix For: 2.12.1, 2.13.0 Attachments: camel-6711.patch This task is to add a test for the ECDSA algorithm to the XML Signature tests introduced in Camel 2.12.0. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CAMEL-6339) XML Signature Component in camel/components/xmlsecurity
[ https://issues.apache.org/jira/browse/CAMEL-6339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13756028#comment-13756028 ] Colm O hEigeartaigh commented on CAMEL-6339: I added Franz's revised documentation in wiki format here + updated various links to it: https://cwiki.apache.org/confluence/display/CAMEL/XML+Security+component This issue can now be resolved IMO. Colm. XML Signature Component in camel/components/xmlsecurity --- Key: CAMEL-6339 URL: https://issues.apache.org/jira/browse/CAMEL-6339 Project: Camel Issue Type: New Feature Reporter: Franz Forsthofer Assignee: Willem Jiang Fix For: 2.12.0 Attachments: camel-6339-reworked.patch, camel-6339-reworked_XmlSignatureComponentDocumentation_improved.md, camel-6339-reworked_XmlSignatureComponentDocumentation.md, CamelComponentXmlsecurity.html, CamelComponentXmlsecurityImproved.html, ExampleDetached.xml, ExampleEnvelopedXmlSig.xml, ExampleEnvelopingDigSigTampered.xml, ExampleEnvelopingDigSigWithSeveralElementsWithNameRoot.xml, ExampleEnvelopingDigSig.xml, keystore.jks, ManifestTest_TamperedContent.xml, patch_file_improved2.txt, patch_file_improved.txt, patch_file.txt, SpringXmlSignatureTests.xml, XmlSignatureComponentDocumentation.md, xslt_test.xsl, xslt_test.xsl Hello, I have created a component for XML signature. I put it into the component xmlsecurity. The component has the name xmlsecurity. In the attachments you will find path_file.txt and CamelComponentxmlsecurity.html. The html file contains a description of the endpoint uris. Regards Franz - Franz Forsthofer SAP AG e-mail: franz.forstho...@sap.com -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CAMEL-6339) XML Signature Component in camel/components/xmlsecurity
[ https://issues.apache.org/jira/browse/CAMEL-6339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated CAMEL-6339: --- Attachment: camel-6339-reworked.patch Please consider the attached patch for inclusion in Camel. It is a (slightly) revised version of the original patch. The only additional thing needed is the keystore which must be put in the src/test/resource/org/apache/camel/components/xmlsecurity directory. The changes that I made are as follows: a) The Santuario provider is now installed + used by default. If not available, it falls back to the JDK. b) General tidy-up of code, indentation + added Apache license headers c) I removed the ability to set a Signature + Object ID by configuration, as this is not a use-case that I can see being useful. Instead they are generated at random. d) I removed schema validation. I don't see this as being useful. If the request is modified, then signature validation will fail. e) I enabled Santuario's secure validation mode by default, and added some tests. Franz, if you have no major objections to the changes, I would suggest we apply this patch for the 2.12.0 release. Any further changes can be just submitted as patches, etc. Colm. XML Signature Component in camel/components/xmlsecurity --- Key: CAMEL-6339 URL: https://issues.apache.org/jira/browse/CAMEL-6339 Project: Camel Issue Type: New Feature Reporter: Franz Forsthofer Fix For: 2.12.0 Attachments: camel-6339-reworked.patch, CamelComponentXmlsecurity.html, CamelComponentXmlsecurityImproved.html, ExampleDetached.xml, ExampleEnvelopedXmlSig.xml, ExampleEnvelopingDigSigTampered.xml, ExampleEnvelopingDigSigWithSeveralElementsWithNameRoot.xml, ExampleEnvelopingDigSig.xml, keystore.jks, ManifestTest_TamperedContent.xml, patch_file_improved2.txt, patch_file_improved.txt, patch_file.txt, SpringXmlSignatureTests.xml, XmlSignatureComponentDocumentation.md, xslt_test.xsl, xslt_test.xsl Hello, I have created a component for XML signature. I put it into the component xmlsecurity. The component has the name xmlsecurity. In the attachments you will find path_file.txt and CamelComponentxmlsecurity.html. The html file contains a description of the endpoint uris. Regards Franz - Franz Forsthofer SAP AG e-mail: franz.forstho...@sap.com -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CAMEL-6657) Improve testing of camel-crypto component
[ https://issues.apache.org/jira/browse/CAMEL-6657?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated CAMEL-6657: --- Attachment: ecdsa.jks camel-6657.patch A patch for this issue. The keystore should go in components/camel-crypto/src/test/resource/org/apache/camel/component/crypto. Colm. Improve testing of camel-crypto component - Key: CAMEL-6657 URL: https://issues.apache.org/jira/browse/CAMEL-6657 Project: Camel Issue Type: Test Components: camel-crypto Reporter: Colm O hEigeartaigh Priority: Minor Fix For: 2.12.0 Attachments: camel-6657.patch, ecdsa.jks Please apply the attached patch which improves testing for the camel-crypto component. Existing testing only tests relatively weak algorithms. New tests for the encryption dataformat include: * HMAC SHA256 * 3DES (ECB + CBC) * AES 128 (ECB) New tests for the signature component include: * RSA SHA-1 * RSA SHA-256 * ECDSA SHA-1 The only source change is to explicitly change the default algorithm from DSA to SHA1WithDSA. Use of the former is discouraged as it's unclear whether a hashing algorithm is included or not. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Created] (CAMEL-6657) Improve testing of camel-crypto component
Colm O hEigeartaigh created CAMEL-6657: -- Summary: Improve testing of camel-crypto component Key: CAMEL-6657 URL: https://issues.apache.org/jira/browse/CAMEL-6657 Project: Camel Issue Type: Test Components: camel-crypto Reporter: Colm O hEigeartaigh Priority: Minor Fix For: 2.12.0 Please apply the attached patch which improves testing for the camel-crypto component. Existing testing only tests relatively weak algorithms. New tests for the encryption dataformat include: * HMAC SHA256 * 3DES (ECB + CBC) * AES 128 (ECB) New tests for the signature component include: * RSA SHA-1 * RSA SHA-256 * ECDSA SHA-1 The only source change is to explicitly change the default algorithm from DSA to SHA1WithDSA. Use of the former is discouraged as it's unclear whether a hashing algorithm is included or not. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CAMEL-6339) XML Signature Component in camel/components/xmlsecurity
[ https://issues.apache.org/jira/browse/CAMEL-6339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13745006#comment-13745006 ] Colm O hEigeartaigh commented on CAMEL-6339: Hi Franz, There appear to be several missing files from the patch, for example SpringXmlSignatureTests.xml. Could you attach them? Colm. XML Signature Component in camel/components/xmlsecurity --- Key: CAMEL-6339 URL: https://issues.apache.org/jira/browse/CAMEL-6339 Project: Camel Issue Type: New Feature Reporter: Franz Forsthofer Assignee: Claus Ibsen Fix For: 2.12.0 Attachments: CamelComponentXmlsecurity.html, CamelComponentXmlsecurityImproved.html, patch_file_improved2.txt, patch_file_improved.txt, patch_file.txt, XmlSignatureComponentDocumentation.md, xslt_test.xsl Hello, I have created a component for XML signature. I put it into the component xmlsecurity. The component has the name xmlsecurity. In the attachments you will find path_file.txt and CamelComponentxmlsecurity.html. The html file contains a description of the endpoint uris. Regards Franz - Franz Forsthofer SAP AG e-mail: franz.forstho...@sap.com -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CAMEL-6640) Migrate XML Security key cipher algorithm away from RSA v1.5
[ https://issues.apache.org/jira/browse/CAMEL-6640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13742079#comment-13742079 ] Colm O hEigeartaigh commented on CAMEL-6640: Sure, both are now done. Colm. Migrate XML Security key cipher algorithm away from RSA v1.5 Key: CAMEL-6640 URL: https://issues.apache.org/jira/browse/CAMEL-6640 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Assignee: Claus Ibsen Priority: Minor Fix For: 2.12.0 Attachments: camel-6640.patch Currently, the XML Security component uses RSA v1.5 as the default Key Transport algorithm. As there are a number of attacks on this algorithm, it is better to use the RSA OAEP algorithm instead. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CAMEL-6622) Support XML Encryption 1.1 features in the camel-xmlsecurity component
[ https://issues.apache.org/jira/browse/CAMEL-6622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13740881#comment-13740881 ] Colm O hEigeartaigh commented on CAMEL-6622: Thanks Claus, I have updated the wiki with the new configuration options. Colm. Support XML Encryption 1.1 features in the camel-xmlsecurity component -- Key: CAMEL-6622 URL: https://issues.apache.org/jira/browse/CAMEL-6622 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Fix For: 2.12.0 Attachments: camel-6622.patch This task is to support XML Encryption 1.1 functionality in the camel-xmlsecurity component. This includes: a) Support for the GCM versions of AES b) Support for SHA 1 with the RSA OAEP algorithm c) Support for MGF algorithms with SHA 1 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Created] (CAMEL-6640) Migrate XML Security key cipher algorithm away from RSA v1.5
Colm O hEigeartaigh created CAMEL-6640: -- Summary: Migrate XML Security key cipher algorithm away from RSA v1.5 Key: CAMEL-6640 URL: https://issues.apache.org/jira/browse/CAMEL-6640 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Priority: Minor Fix For: 2.12.0 Currently, the XML Security component uses RSA v1.5 as the default Key Transport algorithm. As there are a number of attacks on this algorithm, it is better to use the RSA OAEP algorithm instead. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CAMEL-6640) Migrate XML Security key cipher algorithm away from RSA v1.5
[ https://issues.apache.org/jira/browse/CAMEL-6640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated CAMEL-6640: --- Attachment: camel-6640.patch Please apply the following patch to trunk. It contains the following functionality: a) Some setter methods for the MGFAlgorithm in camel-core, that should have been in my last patch b) Changed the default Key Transport algorithm to use RSA OAEP instead of RSA v1.5 c) Reject requests with RSA v1.5 unless it has been explicitly configured as the key transport algorithm. Colm. Migrate XML Security key cipher algorithm away from RSA v1.5 Key: CAMEL-6640 URL: https://issues.apache.org/jira/browse/CAMEL-6640 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Priority: Minor Fix For: 2.12.0 Attachments: camel-6640.patch Currently, the XML Security component uses RSA v1.5 as the default Key Transport algorithm. As there are a number of attacks on this algorithm, it is better to use the RSA OAEP algorithm instead. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CAMEL-6622) Support XML Encryption 1.1 features in the camel-xmlsecurity component
[ https://issues.apache.org/jira/browse/CAMEL-6622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13739508#comment-13739508 ] Colm O hEigeartaigh commented on CAMEL-6622: No it should be configurable, although I don't expect it to be used very often. My question was more abstract: in general in Camel if adding new configuration options for a DataFormat, must it always be added to the constructor of the DataFormat in camel-core? Or will a setX suffice if it is not a commonly used option? Thanks, Colm. Support XML Encryption 1.1 features in the camel-xmlsecurity component -- Key: CAMEL-6622 URL: https://issues.apache.org/jira/browse/CAMEL-6622 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Fix For: 2.12.0 Attachments: camel-6622.patch This task is to support XML Encryption 1.1 functionality in the camel-xmlsecurity component. This includes: a) Support for the GCM versions of AES b) Support for SHA 1 with the RSA OAEP algorithm c) Support for MGF algorithms with SHA 1 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CAMEL-6622) Support XML Encryption 1.1 features in the camel-xmlsecurity component
[ https://issues.apache.org/jira/browse/CAMEL-6622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13738091#comment-13738091 ] Colm O hEigeartaigh commented on CAMEL-6622: Hi Claus, In the patch I submitted, I added the ability to set the digestAlgorithm in model.dataformat.XMLSecurityDataFormat, both via the constructor and via a accessor method. Would it suffice to add the ability to set the mgfAlgorithm via an accessor here as well, or must it also be set via a constructor? I ask as the constructor argument count is already getting enormous here. Thanks, Colm. Support XML Encryption 1.1 features in the camel-xmlsecurity component -- Key: CAMEL-6622 URL: https://issues.apache.org/jira/browse/CAMEL-6622 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Fix For: 2.12.0 Attachments: camel-6622.patch This task is to support XML Encryption 1.1 functionality in the camel-xmlsecurity component. This includes: a) Support for the GCM versions of AES b) Support for SHA 1 with the RSA OAEP algorithm c) Support for MGF algorithms with SHA 1 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Created] (CAMEL-6622) Support XML Encryption 1.1 features in the camel-xmlsecurity component
Colm O hEigeartaigh created CAMEL-6622: -- Summary: Support XML Encryption 1.1 features in the camel-xmlsecurity component Key: CAMEL-6622 URL: https://issues.apache.org/jira/browse/CAMEL-6622 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Fix For: 2.12.0 This task is to support XML Encryption 1.1 functionality in the camel-xmlsecurity component. This includes: a) Support for the GCM versions of AES b) Support for SHA 1 with the RSA OAEP algorithm c) Support for MGF algorithms with SHA 1 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CAMEL-6622) Support XML Encryption 1.1 features in the camel-xmlsecurity component
[ https://issues.apache.org/jira/browse/CAMEL-6622?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated CAMEL-6622: --- Attachment: camel-6622.patch See attached for a patch for this issue + unit tests. I'll leave it up to the committer to decide whether it should only go on trunk or whether it should be backported. Colm. Support XML Encryption 1.1 features in the camel-xmlsecurity component -- Key: CAMEL-6622 URL: https://issues.apache.org/jira/browse/CAMEL-6622 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Fix For: 2.12.0 Attachments: camel-6622.patch This task is to support XML Encryption 1.1 functionality in the camel-xmlsecurity component. This includes: a) Support for the GCM versions of AES b) Support for SHA 1 with the RSA OAEP algorithm c) Support for MGF algorithms with SHA 1 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CAMEL-6619) Ignore line breaks in camel-xmlsecurity component
[ https://issues.apache.org/jira/browse/CAMEL-6619?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated CAMEL-6619: --- Attachment: CAMEL-6619.patch A patch for this issue. Colm. Ignore line breaks in camel-xmlsecurity component - Key: CAMEL-6619 URL: https://issues.apache.org/jira/browse/CAMEL-6619 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Priority: Trivial Fix For: 2.10.7, 2.11.2, 2.12.0 Attachments: CAMEL-6619.patch This is a patch to ignore line breaks in Apache Santuario in the camel-xmlsecurity component. It's a duplicate of some code in Apache WSS4J. Essentially it tells Apache Santuario not to insert needless line breaks in the generated XML, unless it has already been explicitly set (via a System property). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Created] (CAMEL-6619) Ignore line breaks in camel-xmlsecurity component
Colm O hEigeartaigh created CAMEL-6619: -- Summary: Ignore line breaks in camel-xmlsecurity component Key: CAMEL-6619 URL: https://issues.apache.org/jira/browse/CAMEL-6619 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Priority: Trivial Fix For: 2.10.7, 2.11.2, 2.12.0 Attachments: CAMEL-6619.patch This is a patch to ignore line breaks in Apache Santuario in the camel-xmlsecurity component. It's a duplicate of some code in Apache WSS4J. Essentially it tells Apache Santuario not to insert needless line breaks in the generated XML, unless it has already been explicitly set (via a System property). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Created] (CAMEL-6615) Upgrade to XML-Security 1.5.5 + enable secureValidation
Colm O hEigeartaigh created CAMEL-6615: -- Summary: Upgrade to XML-Security 1.5.5 + enable secureValidation Key: CAMEL-6615 URL: https://issues.apache.org/jira/browse/CAMEL-6615 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Fix For: 2.10.7, 2.11.2, 2.12.0 This task is to upgrade the Apache Santuario (XML Security for Java) dependency from 1.5.1 - 1.5.5. Also, to enable secureValidation by default for the decryption process, which gives automatic protection against some attacks. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CAMEL-6615) Upgrade to XML-Security 1.5.5 + enable secureValidation
[ https://issues.apache.org/jira/browse/CAMEL-6615?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated CAMEL-6615: --- Attachment: camel-6615.patch A patch for this issue. Colm. Upgrade to XML-Security 1.5.5 + enable secureValidation --- Key: CAMEL-6615 URL: https://issues.apache.org/jira/browse/CAMEL-6615 Project: Camel Issue Type: Improvement Reporter: Colm O hEigeartaigh Fix For: 2.10.7, 2.11.2, 2.12.0 Attachments: camel-6615.patch This task is to upgrade the Apache Santuario (XML Security for Java) dependency from 1.5.1 - 1.5.5. Also, to enable secureValidation by default for the decryption process, which gives automatic protection against some attacks. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
