libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-3215 Use RSA-OAEP for key encryption

Browse source
This commit is contained in:
Hynek Mlnarik 2016-11-07 10:09:27 +01:00
parent f922164a88
commit 01c42f9359
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLEncryptionUtil.java
View file

@ -20,12 +20,14 @@ import org.apache.xml.security.encryption.EncryptedData;
import org.apache.xml.security.encryption.EncryptedKey; import org.apache.xml.security.encryption.EncryptedKey;
import org.apache.xml.security.encryption.XMLCipher; import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException; import org.apache.xml.security.encryption.XMLEncryptionException;
import org.keycloak.saml.common.PicketLinkLogger; import org.keycloak.saml.common.PicketLinkLogger;
import org.keycloak.saml.common.PicketLinkLoggerFactory; import org.keycloak.saml.common.PicketLinkLoggerFactory;
import org.keycloak.saml.common.exceptions.ConfigurationException; import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ProcessingException; import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.common.util.DocumentUtil; import org.keycloak.saml.common.util.DocumentUtil;
import org.keycloak.saml.common.util.StringUtil; import org.keycloak.saml.common.util.StringUtil;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import org.w3c.dom.Element; import org.w3c.dom.Element;
import org.w3c.dom.Node; import org.w3c.dom.Node;
@ -37,6 +39,7 @@ import java.security.Key;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.PublicKey; import java.security.PublicKey;
import java.util.HashMap; import java.util.HashMap;
import java.util.Objects;
/** /**
* Utility for XML Encryption <b>Note: </b> This utility is currently using Apache XML Security library API. JSR-106 is * Utility for XML Encryption <b>Note: </b> This utility is currently using Apache XML Security library API. JSR-106 is
@ -69,6 +72,10 @@ public class XMLEncryptionUtil {
private static HashMap<String, EncryptionAlgorithm> algorithms = new HashMap<String, EncryptionAlgorithm>(4); private static HashMap<String, EncryptionAlgorithm> algorithms = new HashMap<String, EncryptionAlgorithm>(4);
private static final String RSA_ENCRYPTION_SCHEME = Objects.equals(System.getProperty("keycloak.saml.key_trans.rsa_v1.5"), "true")
? XMLCipher.RSA_v1dot5
: XMLCipher.RSA_OAEP;
private static class EncryptionAlgorithm { private static class EncryptionAlgorithm {
EncryptionAlgorithm(String jceName, String xmlSecName, int size) { EncryptionAlgorithm(String jceName, String xmlSecName, int size) {
@ -514,7 +521,7 @@ public class XMLEncryptionUtil {
} }
} }
if (publicKeyAlgo.contains("RSA")) if (publicKeyAlgo.contains("RSA"))
return XMLCipher.RSA_v1dot5; return RSA_ENCRYPTION_SCHEME;
if (publicKeyAlgo.contains("DES")) if (publicKeyAlgo.contains("DES"))
return XMLCipher.TRIPLEDES_KeyWrap; return XMLCipher.TRIPLEDES_KeyWrap;
throw logger.unsupportedType("unsupported publicKey Algo:" + publicKeyAlgo); throw logger.unsupportedType("unsupported publicKey Algo:" + publicKeyAlgo);