diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-05-17 08:37:48 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-05-17 08:37:48 +0200 |
commit | 5fe7b654e6526b34ab917411424faf93586df85f (patch) | |
tree | e60d8fb2be5d5a142d0b179e8b99a010ead07dd3 /id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java | |
parent | c61850c5607d066a3c322794c1220f26b31103a0 (diff) | |
download | moa-id-spss-5fe7b654e6526b34ab917411424faf93586df85f.tar.gz moa-id-spss-5fe7b654e6526b34ab917411424faf93586df85f.tar.bz2 moa-id-spss-5fe7b654e6526b34ab917411424faf93586df85f.zip |
add result decryption for SL2.0 authentication module
Diffstat (limited to 'id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java')
-rw-r--r-- | id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index 7dd5c39ab..e0965c712 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -11,6 +11,7 @@ import javax.annotation.PostConstruct; import org.jose4j.jwa.AlgorithmConstraints; import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; +import org.jose4j.jwe.JsonWebEncryption; import org.jose4j.jws.AlgorithmIdentifiers; import org.jose4j.jws.JsonWebSignature; import org.jose4j.lang.JoseException; @@ -19,6 +20,7 @@ import org.springframework.stereotype.Service; import com.google.gson.JsonElement; import com.google.gson.JsonParser; +import com.google.gson.JsonSyntaxException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; @@ -177,6 +179,43 @@ public class JsonSecurityUtils implements IJOSETools{ } + + @Override + public JsonElement decryptPayload(String compactSerialization) throws SL20Exception { + try { + JsonWebEncryption receiverJwe = new JsonWebEncryption(); + + //set security constrains + receiverJwe.setAlgorithmConstraints( + new AlgorithmConstraints(ConstraintType.WHITELIST, + SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION.size()]))); + receiverJwe.setContentEncryptionAlgorithmConstraints( + new AlgorithmConstraints(ConstraintType.WHITELIST, + SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION.size()]))); + + //set payload + receiverJwe.setCompactSerialization(compactSerialization); + + //TODO: validate key from header against key from config + + //decrypt payload + receiverJwe.setKey(encPrivKey); + + return new JsonParser().parse(receiverJwe.getPlaintextString()); + + } catch (JoseException e) { + Logger.warn("SL2.0 result decryption FAILED", e); + throw new SL20SecurityException(new Object[]{e.getMessage()}, e); + + } catch ( JsonSyntaxException e) { + Logger.warn("Decrypted SL2.0 result is NOT a valid JSON.", e); + throw new SLCommandoParserException("Decrypted SL2.0 result is NOT a valid JSON.", e); + + } + + } + + @Override public X509Certificate getEncryptionCertificate() { |