SANTUARIO-625 Security warning is always logged when using ECDH with AES-KW (#456)

beth-soptim · coheigea · commit 68852542ff94 · 2025-03-05T09:18:05.000Z
diff --git a/src/main/java/org/apache/xml/security/utils/KeyUtils.java b/src/main/java/org/apache/xml/security/utils/KeyUtils.java
@@ -208,13 +208,9 @@ public static SecretKey aesWrapKeyWithDHGeneratedKey(KeyAgreementParameters para
             PublicKey publicKey = parameterSpec.getAgreementPublicKey();
             PrivateKey privateKey = parameterSpec.getAgreementPrivateKey();
 
-            String algorithm = publicKey.getAlgorithm();
-            if ("EC".equalsIgnoreCase(algorithm)) {
-                LOG.log(Level.WARNING, "EC keys are detected for key agreement algorithm! " +
-                        "Cryptographic algorithm may not be secure, consider using a different algorithm (and keys).");
-            }
-            algorithm = algorithm + (algorithm.equalsIgnoreCase("EC") ? "DH" : "");
-            KeyAgreement keyAgreement = KeyAgreement.getInstance(algorithm);
+            String keyAlgorithm = publicKey.getAlgorithm();
+            String keyAgreementAlgorithm = keyAlgorithm + ("EC".equalsIgnoreCase(keyAlgorithm) ? "DH" : "");
+            KeyAgreement keyAgreement = KeyAgreement.getInstance(keyAgreementAlgorithm);
             keyAgreement.init(privateKey);
             keyAgreement.doPhase(publicKey, true);
             byte[] secret = keyAgreement.generateSecret();
