diff options
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java | 47 | ||||
-rw-r--r-- | id/server/modules/moa-id-module-sl20_authentication/pom.xml | 11 | ||||
-rw-r--r-- | pom.xml | 6 |
3 files changed, 22 insertions, 42 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java index 8fdf1eab8..1bf240589 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java @@ -33,7 +33,6 @@ import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.GCMParameterSpec; -import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; @@ -114,27 +113,18 @@ public abstract class AbstractEncrytionUtil { } } - public EncryptedData encrypt(byte[] data) throws BuildException { - Cipher cipher; - + public EncryptedData encrypt(byte[] data) throws BuildException { if (secret != null) { - try { - final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH); - -// final byte[] nonce = new byte[GCM_NONCE_LENGTH]; -// SecureRandom.getInstanceStrong().nextBytes(nonce); - - GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce); - - cipher = Cipher.getInstance(CIPHER_MODE, "IAIK"); - cipher.init(Cipher.ENCRYPT_MODE, secret, spec); - - Logger.debug("Encrypt MOASession"); - - byte[] encdata = cipher.doFinal(data); - byte[] iv = cipher.getIV(); - - return new EncryptedData(encdata, iv); + try { + final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH); + final GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce); + final Cipher cipher = Cipher.getInstance(CIPHER_MODE); + cipher.init(Cipher.ENCRYPT_MODE, secret, spec); + + final byte[] encdata = cipher.doFinal(data); + final byte[] iv = cipher.getIV(); + Logger.trace("Encrypt MOASession"); + return new EncryptedData(encdata, iv); } catch (Exception e) { Logger.warn("MOASession is not encrypted",e); @@ -145,17 +135,14 @@ public abstract class AbstractEncrytionUtil { } public byte[] decrypt(EncryptedData data) throws BuildException { - Cipher cipher; if (secret != null) { - try { - IvParameterSpec iv = new IvParameterSpec(data.getIv()); - - cipher = Cipher.getInstance(CIPHER_MODE, "IAIK"); - cipher.init(Cipher.DECRYPT_MODE, secret, iv); - - Logger.debug("Decrypt MOASession"); - return cipher.doFinal(data.getEncData()); + try { + final Cipher cipher = Cipher.getInstance(CIPHER_MODE); + final GCMParameterSpec iv = new GCMParameterSpec(GCM_TAG_LENGTH * 8, data.getIv()); + cipher.init(Cipher.DECRYPT_MODE, secret, iv); + Logger.trace("Decrypt MOASession"); + return cipher.doFinal(data.getEncData()); } catch (Exception e) { Logger.warn("MOASession is not decrypted",e); diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index 0ec133d98..4d65efce2 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -61,12 +61,11 @@ <version>0.7.9</version> </dependency> - <dependency> - <groupId>org.bouncycastle</groupId> - <artifactId>bcprov-jdk15on</artifactId> - <version>1.70</version> - <!-- <scope>provided</scope> --> -</dependency> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + <version>1.70</version> + </dependency> <!-- Dependencies for testing --> @@ -535,12 +535,6 @@ <version>JSSE-1.0</version> <scope>compile</scope> </dependency> - <!-- <dependency> <groupId>regexp</groupId> <artifactId>regexp</artifactId> - <version>1.3</version> </dependency> --> - - - <!-- <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk16</artifactId> - <version>1.46</version> </dependency> --> <dependency> <groupId>at.gv.egiz.eaaf</groupId> |