From 90ce5e4c91334c1509e04d47e9cbb7442f1bd619 Mon Sep 17 00:00:00 2001
From: beth <thomas.beckers@soptim.de>
Date: Tue, 7 Jan 2025 13:36:55 +0100
Subject: [PATCH 1/2] WSS-716 DigestMethod is written for key EncryptionMethod
 AES-KW

---
 .../java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
index 0a739a8fd..2575e9da8 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
@@ -731,7 +731,7 @@ private Element createEncryptedKey(Document doc, String keyTransportAlgo) {
             doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":EncryptionMethod");
         encryptionMethod.setAttributeNS(null, "Algorithm", keyTransportAlgo);
 
-        if (digestAlgo != null) {
+        if (WSConstants.KEYTRANSPORT_RSAOAEP_XENC11.equals(keyEncAlgo) && digestAlgo != null) {
             Element digestElement =
                 XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_DIGESTMETHOD);
             digestElement.setAttributeNS(null, "Algorithm", digestAlgo);

From 7154f421b8b5ff6a405a84f0f723cb2d92f95fa5 Mon Sep 17 00:00:00 2001
From: beth <thomas.beckers@soptim.de>
Date: Tue, 7 Jan 2025 14:52:18 +0100
Subject: [PATCH 2/2] Fix for KEYTRANSPORT_RSAOAEP

---
 .../java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
index 2575e9da8..204c311a4 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
@@ -731,7 +731,8 @@ private Element createEncryptedKey(Document doc, String keyTransportAlgo) {
             doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":EncryptionMethod");
         encryptionMethod.setAttributeNS(null, "Algorithm", keyTransportAlgo);
 
-        if (WSConstants.KEYTRANSPORT_RSAOAEP_XENC11.equals(keyEncAlgo) && digestAlgo != null) {
+        if ((WSConstants.KEYTRANSPORT_RSAOAEP_XENC11.equals(keyEncAlgo) || WSConstants.KEYTRANSPORT_RSAOAEP.equals(
+                keyEncAlgo)) && digestAlgo != null) {
             Element digestElement =
                 XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_DIGESTMETHOD);
             digestElement.setAttributeNS(null, "Algorithm", digestAlgo);