Uploaded image for project: 'Commons'
  1. Commons
  2. COMMONS-682

Provide a means to determine if a signing or encryption algorithm is symmetric

    XMLWordPrintable

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • None
    • None

    Description

      Description

      There are a number of pieces of code within AM that test for symmetric algorithms, as these are not allowed for usage when an OAuth2Client is public (instead of confidential).

      During review of OPENAM-13575, it was suggested by neil.madden that this improvement be requested to provide a means to determine if a signing or encryption algorithm is symmetric. Currently the code in AM tests the underlying AlgorithmType classes (JwsAlgorithmType and JweAlgorithmType) to check for HMAC (signing) and DIRECT or KEYWRAP (encryption).

      The suggestion is to provide an `Algorithm.isSymmetric()` function that then hides the logic of which algorithms and types are symmetric.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              lawrence.yarham Lawrence Yarham
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: