diff options
| author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-06-22 09:00:57 +0200 |
|---|---|---|
| committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-06-22 09:00:57 +0200 |
| commit | 2b4d9dc8fcde4cdd5a13d9524b3a80a59376b4b8 (patch) | |
| tree | 1cf12e71b1a88f6efa664eb241915d91191fcf26 /eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz | |
| parent | dde5479553eb954e41fc8fe85abf45cf579d3034 (diff) | |
| download | EAAF-Components-2b4d9dc8fcde4cdd5a13d9524b3a80a59376b4b8.tar.gz EAAF-Components-2b4d9dc8fcde4cdd5a13d9524b3a80a59376b4b8.tar.bz2 EAAF-Components-2b4d9dc8fcde4cdd5a13d9524b3a80a59376b4b8.zip | |
fix problem with JOSE encryption in combination with HSM-Facade
add jUnit test for JoseUtils
Diffstat (limited to 'eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz')
2 files changed, 16 insertions, 2 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index 1b824ad1..dae11370 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -295,6 +295,16 @@ public class JsonSecurityUtils implements IJoseTools { keyStore.getFirst(), getEncryptionKeyAlias(), getEncryptionKeyPassword(), true, FRIENDLYNAME_KEYSTORE); + // set special provider if required + if (keyStore.getSecond() != null) { + log.trace("Injecting special Java Security Provider: {}", keyStore.getSecond().getName()); + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getSuppliedKeyProviderContext().setGeneralProvider( + keyStore.getSecond().getName()); + receiverJwe.setProviderContext(providerCtx); + + } + // validate key from header against key from config final List<X509Certificate> x5cCerts = receiverJwe.getCertificateChainHeaderValue(); final String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue(); @@ -336,7 +346,7 @@ public class JsonSecurityUtils implements IJoseTools { // set key receiverJwe.setKey(encryptionCred.getFirst()); - + // decrypt payload return mapper.getMapper().readTree(receiverJwe.getPlaintextString()); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java index f0557619..c95bcc45 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java @@ -98,7 +98,11 @@ public class SL20Constants { KeyManagementAlgorithmIdentifiers.RSA_OAEP_256; public static final List<String> SL20_ALGORITHM_WHITELIST_KEYENCRYPTION = Collections - .unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_KEY_RSAOAEP, JSON_ALGORITHM_ENC_KEY_RSAOAEP256)); + .unmodifiableList(Arrays.asList( + JSON_ALGORITHM_ENC_KEY_RSAOAEP, + JSON_ALGORITHM_ENC_KEY_RSAOAEP256, + KeyManagementAlgorithmIdentifiers.ECDH_ES_A128KW, + KeyManagementAlgorithmIdentifiers.ECDH_ES_A256KW)); public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256 = ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256; |