change order of IAIK CryptoProvider registration

Update JWS and JWE impl. to mitigate problems if IAIK and BC provider are loaded

5 files changed, 82 insertions, 14 deletions

diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtils.java
index 48b10580..5b221bbe 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtils.java
@@ -181,10 +181,15 @@ public class JoseUtils {
     if (keyStore.getSecond() != null) {
       log.trace("Injecting special Java Security Provider: {}", keyStore.getSecond().getName());
       final ProviderContext providerCtx = new ProviderContext();
-      providerCtx.getSuppliedKeyProviderContext().setSignatureProvider(
-          keyStore.getSecond().getName());
+      providerCtx.getSuppliedKeyProviderContext().setSignatureProvider(keyStore.getSecond().getName());
+      providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME);
       jws.setProviderContext(providerCtx);
 
+    } else {
+      final ProviderContext providerCtx = new ProviderContext();
+      providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME);
+      jws.setProviderContext(providerCtx);
+      
     } 
 
     if (addFullCertChain) {
@@ -262,6 +267,11 @@ public class JoseUtils {
 
     }
     
+    //set BouncyCastleProvider as default provider
+    final ProviderContext providerCtx = new ProviderContext();
+    providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME);
+    jws.setProviderContext(providerCtx);
+    
     // set verification key
     jws.setKey(convertToBcKeyIfRequired(selectedKey));
      
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
index 27f06276..58e3e41c 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
@@ -14,6 +14,7 @@ import javax.annotation.Nonnull;
 import javax.annotation.PostConstruct;
 
 import org.apache.commons.lang3.StringUtils;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.jose4j.jca.ProviderContext;
 import org.jose4j.jwa.AlgorithmConstraints;
 import org.jose4j.jwa.AlgorithmConstraints.ConstraintType;
@@ -223,10 +224,15 @@ public class JsonSecurityUtils implements IJoseTools {
       if (keyStore.getSecond() != null) {
         log.trace("Injecting special Java Security Provider: {}", keyStore.getSecond().getName());
         final ProviderContext providerCtx = new ProviderContext();
-        providerCtx.getSuppliedKeyProviderContext().setGeneralProvider(
-            keyStore.getSecond().getName());
+        providerCtx.getSuppliedKeyProviderContext().setGeneralProvider(keyStore.getSecond().getName());
+        providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME);
         receiverJwe.setProviderContext(providerCtx);
 
+      } else {
+        final ProviderContext providerCtx = new ProviderContext();
+        providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME);
+        receiverJwe.setProviderContext(providerCtx);
+        
       }
 
       // validate key from header against key from config
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java
index 8516a0ed..6550b026 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java
@@ -19,6 +19,7 @@ import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers;
 import org.jose4j.jwe.JsonWebEncryption;
 import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers;
 import org.jose4j.lang.JoseException;
+import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
 import org.junit.Test;
@@ -37,6 +38,8 @@ import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
 import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
+import iaik.security.ec.provider.ECCelerate;
+import iaik.security.provider.IAIK;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration("/spring/test_eaaf_sl20_hsm.beans.xml")
@@ -46,12 +49,27 @@ public abstract class AbstractJsonSecurityUtilsTest {
   @Autowired protected IJoseTools joseTools;
   @Autowired protected EaafKeyStoreFactory keyStoreFactory;
 
+  /**
+   *jUnit test class initializer. 
+   */
   @BeforeClass
   public static void classInitializer() {
-    Security.addProvider(new BouncyCastleProvider());
+    IAIK.addAsProvider();
+    ECCelerate.addAsProvider();
 
+    Security.addProvider(new BouncyCastleProvider());
   }
 
+  /**
+   * jUnit test class cleaner.
+   */
+  @AfterClass
+  public static final void classFinisher() {    
+    Security.removeProvider(IAIK.getInstance().getName());
+    Security.removeProvider(ECCelerate.getInstance().getName());
+        
+  }
+  
   protected abstract void setRsaSigningKey();
 
   protected abstract void setEcSigningKey();
@@ -88,8 +106,14 @@ public abstract class AbstractJsonSecurityUtilsTest {
       final ProviderContext providerCtx = new ProviderContext();
       providerCtx.getSuppliedKeyProviderContext().setSignatureProvider(
           rsaEncKeyStore.getSecond().getName());
+      providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME);
       jwe.setProviderContext(providerCtx);
 
+    } else {
+      final ProviderContext providerCtx = new ProviderContext();
+      providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME);
+      jwe.setProviderContext(providerCtx);
+      
     }
 
     final String encData = jwe.getCompactSerialization();
@@ -149,8 +173,14 @@ public abstract class AbstractJsonSecurityUtilsTest {
       final ProviderContext providerCtx = new ProviderContext();
       providerCtx.getSuppliedKeyProviderContext().setSignatureProvider(
           rsaEncKeyStore.getSecond().getName());
+      providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME);
       jwe.setProviderContext(providerCtx);
 
+    } else {
+      final ProviderContext providerCtx = new ProviderContext();
+      providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME);
+      jwe.setProviderContext(providerCtx);
+      
     }
 
     final String encData = jwe.getCompactSerialization();
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtilsTest.java b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtilsTest.java
index 7771ce60..b5a7639e 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtilsTest.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtilsTest.java
@@ -2,6 +2,7 @@ package at.gv.egiz.eaaf.modules.auth.sl20.utils;
 
 import java.io.IOException;
 import java.security.NoSuchProviderException;
+import java.security.Security;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
@@ -13,12 +14,16 @@ import org.jose4j.jwa.AlgorithmConstraints;
 import org.jose4j.jwa.AlgorithmConstraints.ConstraintType;
 import org.jose4j.jws.AlgorithmIdentifiers;
 import org.jose4j.lang.JoseException;
+import org.junit.AfterClass;
 import org.junit.Assert;
+import org.junit.BeforeClass;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.BlockJUnit4ClassRunner;
 
 import at.gv.egiz.eaaf.modules.auth.sl20.utils.JoseUtils.JwsResult;
+import iaik.security.ec.provider.ECCelerate;
+import iaik.security.provider.IAIK;
 
 @RunWith(BlockJUnit4ClassRunner.class)
 public class JoseUtilsTest {
@@ -30,6 +35,26 @@ public class JoseUtilsTest {
           AlgorithmIdentifiers.RSA_PSS_USING_SHA256,
           AlgorithmIdentifiers.RSA_PSS_USING_SHA512));
 
+  /**
+   *jUnit test class initializer. 
+   */
+  @BeforeClass
+  public static final void classInitializer() {
+    IAIK.addAsProvider();
+    ECCelerate.addAsProvider();
+    
+  }
+  
+  /**
+   * jUnit test class cleaner.
+   */
+  @AfterClass
+  public static final void classFinisher() {    
+    Security.removeProvider(IAIK.getInstance().getName());
+    Security.removeProvider(ECCelerate.getInstance().getName());
+        
+  }
+  
   @Test
   public void testBindingAuthBlock() throws JoseException, IOException, CertificateException, NoSuchProviderException {
     
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java
index 3f2d4593..ce98c92b 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java
@@ -9,6 +9,10 @@ import java.util.Map.Entry;
 
 import javax.annotation.PostConstruct;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+
 import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ISchemaRessourceProvider;
 import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceConfigurationException;
 import at.gv.egovernment.moa.spss.MOAException;
@@ -17,11 +21,6 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
 import at.gv.egovernment.moaspss.logging.LoggingContext;
 import at.gv.egovernment.moaspss.logging.LoggingContextManager;
 import at.gv.egovernment.moaspss.util.DOMUtils;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-
 import iaik.asn1.structures.AlgorithmID;
 import iaik.security.ec.provider.ECCelerate;
 import iaik.security.provider.IAIK;
@@ -48,10 +47,8 @@ public class MoaSigInitializer {
     log.info("Initializing MOA-Sig signature-verification service ... ");
 
     log.info("Loading Java security providers.");
-    //IAIK.addAsProvider();
-    //ECCelerate.addAsProvider();
-    Security.addProvider(new IAIK());
-    Security.addProvider(new ECCelerate());
+    IAIK.addAsProvider();
+    ECCelerate.addAsProvider();
 
     try {
       LoggingContextManager.getInstance().setLoggingContext(new LoggingContext("startup"));