From 19a717e5684ea7cac8a39d24263cde0825c95968 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Wed, 18 Jan 2023 13:46:22 +0100
Subject: fix(saml2): support XML decryption by using key from HSM-Facade

Details: openSAML4 uses org.apache.xml.security.algorithms.JCEMapper to
define JCE cryptoprovider for openSAML crypto. operations. However, this
JCEMapper is not used for openSAML Decrypter, so it must be set manually.
---
 .../eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java   | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl')

diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
index 60800eb2..6cace5cb 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
@@ -30,6 +30,7 @@ import javax.xml.validation.Schema;
 import javax.xml.validation.Validator;
 
 import org.apache.commons.lang3.StringUtils;
+import org.apache.xml.security.algorithms.JCEMapper;
 import org.joda.time.DateTime;
 import org.opensaml.core.criterion.EntityIdCriterion;
 import org.opensaml.core.xml.io.MarshallingException;
@@ -375,7 +376,8 @@ public class SamlVerificationEngine {
       final Decrypter samlDecrypter = new Decrypter(null,
           new StaticKeyInfoCredentialResolver(assertionDecryption),
           new ChainingEncryptedKeyResolver(listOfKeyResolvers));
-
+      samlDecrypter.setJCAProviderName(JCEMapper.getProviderId());
+      
       for (final EncryptedAssertion encAssertion : encryAssertionList) {
         saml2assertions.add(samlDecrypter.decrypt(encAssertion));
 
-- 
cgit v1.2.3