Skip to content

CXF-8177 CXF-8178 ECDH Algorithm Fixes #612

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
coheigea merged 2 commits into from
Dec 20, 2019
Merged

CXF-8177 CXF-8178 ECDH Algorithm Fixes #612

coheigea merged 2 commits into from
Dec 20, 2019

Conversation

@frelibert
Copy link
Contributor

@frelibert frelibert commented Dec 6, 2019

Fixed:

  • [CXF-8177] Support in API for encrypting/decrypting encryptionkey with ECDH Direct Key Agreement
  • [CXF-8177] Support in API for encrypting/decrypting encryptionkey with ECDH Key Wrapping
  • [CXF-8177] Support in API for encrypting/decrypting content with ECDH and AESCBC
  • [CXF-8178] DerivedKey algorithm for ECDH Key Agreement with Key Wrapping according to the RFC

I added a testsuite I used myself in another project where I compare JWS and JWE of multiple libraries to see whether or not they are compatible with each other using algorithms as defined in RFC 7518 (JWA).

Quite some tests returned errors before my changes. Now they all pass. Some of the tests could be fixed from the clientside perspective using other classes to set key and content encryptionprovider. Others could not be fixed at all.
I prefer anyway to use one setup for all which makes it a lot easier from the client's perspective. See the testclasses for this.
I updated operations in JweUtils for this purpose as some assumptions were made in that class that are only compatible with a subset of the algorithms that are actually supported by the codebase.
I also added better support for the case that the given JWK object does not define an algorithm (which is optional, according to the spec).

@frelibert frelibert force-pushed the CXF-8177 branch 3 times, most recently from f770dd7 to 94bc4b1 Compare December 20, 2019 09:58
@frelibert
Copy link
Contributor Author

frelibert commented Dec 20, 2019

I replayed my changes to split CXF-8177 and CXF-8178 into 2 separate commits and I did some cleanups as well. Should be fine now.

coheigea
coheigea approved these changes Dec 20, 2019
View reviewed changes
Copy link
Contributor

@coheigea coheigea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Many thanks for the high quality fixes + test-cases! I have a few trivial changes, but I will just make them myself after the merge.

@coheigea coheigea merged commit 19d3b3f into apache:master Dec 20, 2019
coheigea pushed a commit that referenced this pull request Dec 20, 2019
@frelibert @coheigea
CXF-8177 CXF-8178 ECDH Algorithm Fixes (#612)
4af5cf5 
* CXF-8177 JWE API does not support ECDH Direct Encryption/Decryption

* CXF-8178 ECDH KeyAgreement with Key Wrapping is not in line with the specification

(cherry picked from commit 19d3b3f)
@frelibert frelibert deleted the CXF-8177 branch December 20, 2019 16:51
ppalaga pushed a commit to ppalaga/cxf that referenced this pull request Nov 12, 2024
@ffang
Merge pull request apache#612 from jboss-fuse/dependabot/maven/cxf.mi…
946b079 
…crometer-tracing.version-1.3.4

Bump cxf.micrometer-tracing.version from 1.3.3 to 1.3.4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coheigea coheigea coheigea approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@frelibert @coheigea