summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_auth_sl20/src/main
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-06-22 09:00:57 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-06-22 09:00:57 +0200
commit2b4d9dc8fcde4cdd5a13d9524b3a80a59376b4b8 (patch)
tree1cf12e71b1a88f6efa664eb241915d91191fcf26 /eaaf_modules/eaaf_module_auth_sl20/src/main
parentdde5479553eb954e41fc8fe85abf45cf579d3034 (diff)
downloadEAAF-Components-2b4d9dc8fcde4cdd5a13d9524b3a80a59376b4b8.tar.gz
EAAF-Components-2b4d9dc8fcde4cdd5a13d9524b3a80a59376b4b8.tar.bz2
EAAF-Components-2b4d9dc8fcde4cdd5a13d9524b3a80a59376b4b8.zip
fix problem with JOSE encryption in combination with HSM-Facade
add jUnit test for JoseUtils
Diffstat (limited to 'eaaf_modules/eaaf_module_auth_sl20/src/main')
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java12
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java6
2 files changed, 16 insertions, 2 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
index 1b824ad1..dae11370 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
@@ -295,6 +295,16 @@ public class JsonSecurityUtils implements IJoseTools {
keyStore.getFirst(), getEncryptionKeyAlias(), getEncryptionKeyPassword(), true,
FRIENDLYNAME_KEYSTORE);
+ // set special provider if required
+ if (keyStore.getSecond() != null) {
+ log.trace("Injecting special Java Security Provider: {}", keyStore.getSecond().getName());
+ final ProviderContext providerCtx = new ProviderContext();
+ providerCtx.getSuppliedKeyProviderContext().setGeneralProvider(
+ keyStore.getSecond().getName());
+ receiverJwe.setProviderContext(providerCtx);
+
+ }
+
// validate key from header against key from config
final List<X509Certificate> x5cCerts = receiverJwe.getCertificateChainHeaderValue();
final String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue();
@@ -336,7 +346,7 @@ public class JsonSecurityUtils implements IJoseTools {
// set key
receiverJwe.setKey(encryptionCred.getFirst());
-
+
// decrypt payload
return mapper.getMapper().readTree(receiverJwe.getPlaintextString());
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
index f0557619..c95bcc45 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
@@ -98,7 +98,11 @@ public class SL20Constants {
KeyManagementAlgorithmIdentifiers.RSA_OAEP_256;
public static final List<String> SL20_ALGORITHM_WHITELIST_KEYENCRYPTION = Collections
- .unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_KEY_RSAOAEP, JSON_ALGORITHM_ENC_KEY_RSAOAEP256));
+ .unmodifiableList(Arrays.asList(
+ JSON_ALGORITHM_ENC_KEY_RSAOAEP,
+ JSON_ALGORITHM_ENC_KEY_RSAOAEP256,
+ KeyManagementAlgorithmIdentifiers.ECDH_ES_A128KW,
+ KeyManagementAlgorithmIdentifiers.ECDH_ES_A256KW));
public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256 =
ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256;