diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2021-12-14 16:27:09 +0100 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2021-12-14 16:27:09 +0100 |
commit | 0c0c12e5c9844e4a6dc968d49198ae16d0236814 (patch) | |
tree | 9852809d5bedc053bc8387aac4bcfc9ed45d2b5b /id/server/idserverlib/src/main/java | |
parent | b2332a3b55b1d5164f9764cb895185798b4fb4a2 (diff) | |
download | moa-id-spss-0c0c12e5c9844e4a6dc968d49198ae16d0236814.tar.gz moa-id-spss-0c0c12e5c9844e4a6dc968d49198ae16d0236814.tar.bz2 moa-id-spss-0c0c12e5c9844e4a6dc968d49198ae16d0236814.zip |
fix problem with session-data encryption on some deployments
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java | 47 |
1 files changed, 17 insertions, 30 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java index 8fdf1eab8..1bf240589 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java @@ -33,7 +33,6 @@ import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.GCMParameterSpec; -import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; @@ -114,27 +113,18 @@ public abstract class AbstractEncrytionUtil { } } - public EncryptedData encrypt(byte[] data) throws BuildException { - Cipher cipher; - + public EncryptedData encrypt(byte[] data) throws BuildException { if (secret != null) { - try { - final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH); - -// final byte[] nonce = new byte[GCM_NONCE_LENGTH]; -// SecureRandom.getInstanceStrong().nextBytes(nonce); - - GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce); - - cipher = Cipher.getInstance(CIPHER_MODE, "IAIK"); - cipher.init(Cipher.ENCRYPT_MODE, secret, spec); - - Logger.debug("Encrypt MOASession"); - - byte[] encdata = cipher.doFinal(data); - byte[] iv = cipher.getIV(); - - return new EncryptedData(encdata, iv); + try { + final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH); + final GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce); + final Cipher cipher = Cipher.getInstance(CIPHER_MODE); + cipher.init(Cipher.ENCRYPT_MODE, secret, spec); + + final byte[] encdata = cipher.doFinal(data); + final byte[] iv = cipher.getIV(); + Logger.trace("Encrypt MOASession"); + return new EncryptedData(encdata, iv); } catch (Exception e) { Logger.warn("MOASession is not encrypted",e); @@ -145,17 +135,14 @@ public abstract class AbstractEncrytionUtil { } public byte[] decrypt(EncryptedData data) throws BuildException { - Cipher cipher; if (secret != null) { - try { - IvParameterSpec iv = new IvParameterSpec(data.getIv()); - - cipher = Cipher.getInstance(CIPHER_MODE, "IAIK"); - cipher.init(Cipher.DECRYPT_MODE, secret, iv); - - Logger.debug("Decrypt MOASession"); - return cipher.doFinal(data.getEncData()); + try { + final Cipher cipher = Cipher.getInstance(CIPHER_MODE); + final GCMParameterSpec iv = new GCMParameterSpec(GCM_TAG_LENGTH * 8, data.getIv()); + cipher.init(Cipher.DECRYPT_MODE, secret, iv); + Logger.trace("Decrypt MOASession"); + return cipher.doFinal(data.getEncData()); } catch (Exception e) { Logger.warn("MOASession is not decrypted",e); |