fix problem with session-data encryption on some deployments

author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2021-12-14 16:27:09 +0100
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2021-12-14 16:27:09 +0100
commit: 0c0c12e5c9844e4a6dc968d49198ae16d0236814 (patch)
tree: 9852809d5bedc053bc8387aac4bcfc9ed45d2b5b
parent: b2332a3b55b1d5164f9764cb895185798b4fb4a2 (diff)
download: moa-id-spss-0c0c12e5c9844e4a6dc968d49198ae16d0236814.tar.gz
moa-id-spss-0c0c12e5c9844e4a6dc968d49198ae16d0236814.tar.bz2
moa-id-spss-0c0c12e5c9844e4a6dc968d49198ae16d0236814.zip
3 files changed, 22 insertions, 42 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
index 8fdf1eab8..1bf240589 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
@@ -33,7 +33,6 @@ import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.GCMParameterSpec;
-import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
 
@@ -114,27 +113,18 @@ public abstract class AbstractEncrytionUtil {
 		}		
 	}
 	
-	public EncryptedData encrypt(byte[] data) throws BuildException {
-		Cipher cipher;
-		
+	public EncryptedData encrypt(byte[] data) throws BuildException {		
 		if (secret != null) {
-			try {
-				final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH);
-				
-//				final byte[] nonce = new byte[GCM_NONCE_LENGTH];				
-//				SecureRandom.getInstanceStrong().nextBytes(nonce);
-		        
-				GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
-		        
-				cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");				
-			    cipher.init(Cipher.ENCRYPT_MODE, secret, spec);
-				
-			    Logger.debug("Encrypt MOASession");
-			    
-			    byte[] encdata = cipher.doFinal(data);
-			    byte[] iv = cipher.getIV();
-			    
-			    return new EncryptedData(encdata, iv);
+			try {				
+	      final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH);
+	      final GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
+	      final Cipher cipher = Cipher.getInstance(CIPHER_MODE);
+	      cipher.init(Cipher.ENCRYPT_MODE, secret, spec);
+			  
+	      final byte[] encdata = cipher.doFinal(data);
+	      final byte[] iv = cipher.getIV();	      				
+			  Logger.trace("Encrypt MOASession");			   
+			  return new EncryptedData(encdata, iv);
 			    
 			} catch (Exception e) {
 				Logger.warn("MOASession is not encrypted",e);
@@ -145,17 +135,14 @@ public abstract class AbstractEncrytionUtil {
 	}
 	
 	public byte[] decrypt(EncryptedData data) throws BuildException {
-		Cipher cipher;
 		
 		if (secret != null) {
-			try {
-				IvParameterSpec iv = new IvParameterSpec(data.getIv());
-				
-				cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
-			    cipher.init(Cipher.DECRYPT_MODE, secret, iv);
-				
-			    Logger.debug("Decrypt MOASession");
-			    return cipher.doFinal(data.getEncData());
+			try {			    			    
+			    final Cipher cipher = Cipher.getInstance(CIPHER_MODE);
+			    final GCMParameterSpec iv = new GCMParameterSpec(GCM_TAG_LENGTH * 8, data.getIv());
+		      cipher.init(Cipher.DECRYPT_MODE, secret, iv);
+		      Logger.trace("Decrypt MOASession");
+		      return cipher.doFinal(data.getEncData());
 			    
 			} catch (Exception e) {
 				Logger.warn("MOASession is not decrypted",e);
diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml
index 0ec133d98..4d65efce2 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml
+++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml
@@ -61,12 +61,11 @@
     	<version>0.7.9</version>
   	</dependency>
   
-  <dependency>
-			<groupId>org.bouncycastle</groupId>
-			<artifactId>bcprov-jdk15on</artifactId>
-			<version>1.70</version>
-			<!-- <scope>provided</scope> -->
-</dependency>
+  	<dependency>
+	  <groupId>org.bouncycastle</groupId>
+	  <artifactId>bcprov-jdk15on</artifactId>
+	  <version>1.70</version>
+	</dependency>
   
   
   	<!-- Dependencies for testing -->
diff --git a/pom.xml b/pom.xml
index ee3c746cc..4586b193e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -535,12 +535,6 @@
 				<version>JSSE-1.0</version>
 				<scope>compile</scope>
 			</dependency>
-			<!-- <dependency> <groupId>regexp</groupId> <artifactId>regexp</artifactId> 
-				<version>1.3</version> </dependency> -->
-
-
-			<!-- <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk16</artifactId> 
-				<version>1.46</version> </dependency> -->
 
 			<dependency>
 				<groupId>at.gv.egiz.eaaf</groupId>
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2021-12-14 16:27:09 +0100
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2021-12-14 16:27:09 +0100
commit	0c0c12e5c9844e4a6dc968d49198ae16d0236814 (patch)
tree	9852809d5bedc053bc8387aac4bcfc9ed45d2b5b
parent	b2332a3b55b1d5164f9764cb895185798b4fb4a2 (diff)
download	moa-id-spss-0c0c12e5c9844e4a6dc968d49198ae16d0236814.tar.gz moa-id-spss-0c0c12e5c9844e4a6dc968d49198ae16d0236814.tar.bz2 moa-id-spss-0c0c12e5c9844e4a6dc968d49198ae16d0236814.zip