From 86241863a1aebdc16e3bc273b63e5ce00fb86645 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 2 Nov 2020 12:23:29 +0100 Subject: change order of IAIK CryptoProvider registration Update JWS and JWE impl. to mitigate problems if IAIK and BC provider are loaded --- .../at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtils.java | 14 ++++++++++++-- .../eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java | 10 ++++++++-- 2 files changed, 20 insertions(+), 4 deletions(-) (limited to 'eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz') diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtils.java index 48b10580..5b221bbe 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtils.java @@ -181,10 +181,15 @@ public class JoseUtils { if (keyStore.getSecond() != null) { log.trace("Injecting special Java Security Provider: {}", keyStore.getSecond().getName()); final ProviderContext providerCtx = new ProviderContext(); - providerCtx.getSuppliedKeyProviderContext().setSignatureProvider( - keyStore.getSecond().getName()); + providerCtx.getSuppliedKeyProviderContext().setSignatureProvider(keyStore.getSecond().getName()); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); jws.setProviderContext(providerCtx); + } else { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + jws.setProviderContext(providerCtx); + } if (addFullCertChain) { @@ -262,6 +267,11 @@ public class JoseUtils { } + //set BouncyCastleProvider as default provider + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + jws.setProviderContext(providerCtx); + // set verification key jws.setKey(convertToBcKeyIfRequired(selectedKey)); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index 27f06276..58e3e41c 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -14,6 +14,7 @@ import javax.annotation.Nonnull; import javax.annotation.PostConstruct; import org.apache.commons.lang3.StringUtils; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.jose4j.jca.ProviderContext; import org.jose4j.jwa.AlgorithmConstraints; import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; @@ -223,10 +224,15 @@ public class JsonSecurityUtils implements IJoseTools { if (keyStore.getSecond() != null) { log.trace("Injecting special Java Security Provider: {}", keyStore.getSecond().getName()); final ProviderContext providerCtx = new ProviderContext(); - providerCtx.getSuppliedKeyProviderContext().setGeneralProvider( - keyStore.getSecond().getName()); + providerCtx.getSuppliedKeyProviderContext().setGeneralProvider(keyStore.getSecond().getName()); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); receiverJwe.setProviderContext(providerCtx); + } else { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + receiverJwe.setProviderContext(providerCtx); + } // validate key from header against key from config -- cgit v1.2.3