允许将RSA v1.5密钥传输算法用于WildFly/JBossWS/CXF/WSS4J堆栈 [英] Allow the RSA v1.5 Key Transport Algorithm for WildFly / JBossWS / CXF / WSS4J stack
问题描述
针对安全建议(请参阅 http://cxf. apache.org/note-on-cve-2011-1096.html ),对于RSA v1.5密钥传输算法,默认情况下CXF和WSS4J项目均禁止使用所有相关算法.
In response to a security advisory (see http://cxf.apache.org/note-on-cve-2011-1096.html) regarding the RSA v1.5 key transport algorithm, both CXF and WSS4J projects have disallowed use of all related algorithms by default.
但是,他们提供了一个配置标签"ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM",该标签应重新允许使用这些算法(请参见 https ://ws.apache.org/wss4j/config.html )
They have however supplied a configuration tag "ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM" which should re-allow these algorithms (see https://ws.apache.org/wss4j/config.html)
我们的问题是使这些框架(JBossWS/CXF/WSS4J)接受/使用此配置设置.我们尝试使用:
Our problem is getting these frameworks (JBossWS / CXF / WSS4J) to accept/use this configuration setting. We have tried using:
- jboss-webservice.xml
- 自定义CXF拦截器(在CXF创建其WSS4J拦截器之后设置参数)
- 定制的"hacked" WSS4J构建(将参数硬编码为"true")
但是这些选项似乎都没有真正重新启用对RSA v1.5密钥传输算法的支持.
But none of these options seem to actually re-enable support for the RSA v1.5 key transport algorithms.
有人对我们如何/应该指定此配置参数有任何想法吗?
Does anyone have any idea as to how we could/should specify this configuration parameter?
推荐答案
仅当拦截器的动作中包含WSHandlerConstants.ENCRYPT
动作时,才应用此设置.
This setting is only applied if the WSHandlerConstants.ENCRYPT
action is included in the actions for the interceptor.
例如:
Map<String, Object> inProps = new HashMap<>();
inProps.put(WSHandlerConstants.ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM, "true");
inProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.ENCRYPT + " " +
WSHandlerConstants.SIGNATURE);
WSS4JInInterceptor wss4JInInterceptor = new WSS4JInInterceptor(inProps);
这篇关于允许将RSA v1.5密钥传输算法用于WildFly/JBossWS/CXF/WSS4J堆栈的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!