diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-07-25 16:12:28 +0200 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-07-25 16:12:28 +0200 |
| commit | 122de0a09f42fcc7e2fa0a429df5da37820fd730 (patch) | |
| tree | 75d1ab9874d1d5ead93d5700ff617fbe49c36274 | |
| parent | 040e51d335d3af127c3894bd5558a484ddd9b9ea (diff) | |
| download | moa-id-spss-122de0a09f42fcc7e2fa0a429df5da37820fd730.tar.gz moa-id-spss-122de0a09f42fcc7e2fa0a429df5da37820fd730.tar.bz2 moa-id-spss-122de0a09f42fcc7e2fa0a429df5da37820fd730.zip | |
workAround to solve problem with IAIK-JCE and SSL algorithm parameter validation
2 files changed, 42 insertions, 0 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index 05ce3344b..c5ae5065f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -63,6 +63,7 @@ import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUse import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; +import iaik.asn1.structures.AlgorithmID; import iaik.x509.X509Certificate; @@ -150,6 +151,8 @@ public class ConfigurationProvider { UserRequestCleaner.start(); + fixJava8_141ProblemWithSSLAlgorithms(); + log.info("MOA-ID-Configuration initialization completed"); @@ -168,6 +171,23 @@ public class ConfigurationProvider { } + private static void fixJava8_141ProblemWithSSLAlgorithms() { + log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ..."); + //new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] { "MD5withRSA", "MD5/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", + new String[] { "SHA1withRSA" , "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption", + new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption", + new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption", + new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption", + new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true); + + log.info("Change AlgorithmIDs finished"); + } + @Autowired(required = true) public void setMOAIDConfigurationModul(MOAIDConfigurationModul module) { this.configModule = module; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 5769d99df..65ea2fd90 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -44,6 +44,7 @@ import at.gv.egovernment.moa.spss.api.Configurator; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; +import iaik.asn1.structures.AlgorithmID; import iaik.pki.PKIException; import iaik.security.ec.provider.ECCelerate; import iaik.security.provider.IAIK; @@ -160,6 +161,8 @@ public class MOAIDAuthInitializer { Security.addProvider(new ECCelerate()); + fixJava8_141ProblemWithSSLAlgorithms(); + if (Logger.isDebugEnabled()) { Logger.debug("Loaded Security Provider:"); Provider[] providerList = Security.getProviders(); @@ -167,5 +170,24 @@ public class MOAIDAuthInitializer { Logger.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion()); } + } + + private static void fixJava8_141ProblemWithSSLAlgorithms() { + Logger.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ..."); + //new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] { "MD5withRSA", "MD5/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", + new String[] { "SHA1withRSA" , "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption", + new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption", + new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption", + new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption", + new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true); + + Logger.info("Change AlgorithmIDs finished"); + } + } |