允许将RSA v1.5密钥传输算法用于WildFly/JBossWS/CXF/WSS4J堆栈 [英] Allow the RSA v1.5 Key Transport Algorithm for WildFly / JBossWS / CXF / WSS4J stack

问题描述

针对安全建议(请参阅 http://cxf. apache.org/note-on-cve-2011-1096.html )，对于RSA v1.5密钥传输算法，默认情况下CXF和WSS4J项目均禁止使用所有相关算法.

In response to a security advisory (see http://cxf.apache.org/note-on-cve-2011-1096.html) regarding the RSA v1.5 key transport algorithm, both CXF and WSS4J projects have disallowed use of all related algorithms by default.

但是，他们提供了一个配置标签"ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM"，该标签应重新允许使用这些算法(请参见 https ://ws.apache.org/wss4j/config.html )

They have however supplied a configuration tag "ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM" which should re-allow these algorithms (see https://ws.apache.org/wss4j/config.html)

我们的问题是使这些框架(JBossWS/CXF/WSS4J)接受/使用此配置设置.我们尝试使用:

Our problem is getting these frameworks (JBossWS / CXF / WSS4J) to accept/use this configuration setting. We have tried using:

• jboss-webservice.xml
• 自定义CXF拦截器(在CXF创建其WSS4J拦截器之后设置参数)
• 定制的"hacked" WSS4J构建(将参数硬编码为"true")

但是这些选项似乎都没有真正重新启用对RSA v1.5密钥传输算法的支持.

But none of these options seem to actually re-enable support for the RSA v1.5 key transport algorithms.

有人对我们如何/应该指定此配置参数有任何想法吗?

Does anyone have any idea as to how we could/should specify this configuration parameter?

推荐答案

仅当拦截器的动作中包含WSHandlerConstants.ENCRYPT动作时，才应用此设置.

This setting is only applied if the WSHandlerConstants.ENCRYPT action is included in the actions for the interceptor.

例如:

Map<String, Object> inProps = new HashMap<>();
inProps.put(WSHandlerConstants.ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM, "true");
inProps.put(WSHandlerConstants.ACTION, 
    WSHandlerConstants.ENCRYPT + " " +
    WSHandlerConstants.SIGNATURE);
WSS4JInInterceptor wss4JInInterceptor = new WSS4JInInterceptor(inProps);

这篇关于允许将RSA v1.5密钥传输算法用于WildFly/JBossWS/CXF/WSS4J堆栈的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！