3 files changed, 25 insertions, 37 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index b0f452861..baf4349e8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -77,10 +77,10 @@ public class MOAIDAuthInitializer {
         	System.setProperty(
         			"https.cipherSuites",
         					//high secure RSA bases ciphers
-							",TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +
-							",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +
-							",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +
-        					",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +
+							    "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +
+							    ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +
+							    ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +
+        				  ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +
 							
         					//high secure ECC bases ciphers
         					",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
index 8fdf1eab8..1bf240589 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
@@ -33,7 +33,6 @@ import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.GCMParameterSpec;
-import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
 
@@ -114,27 +113,18 @@ public abstract class AbstractEncrytionUtil {
 		}		
 	}
 	
-	public EncryptedData encrypt(byte[] data) throws BuildException {
-		Cipher cipher;
-		
+	public EncryptedData encrypt(byte[] data) throws BuildException {		
 		if (secret != null) {
-			try {
-				final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH);
-				
-//				final byte[] nonce = new byte[GCM_NONCE_LENGTH];				
-//				SecureRandom.getInstanceStrong().nextBytes(nonce);
-		        
-				GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
-		        
-				cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");				
-			    cipher.init(Cipher.ENCRYPT_MODE, secret, spec);
-				
-			    Logger.debug("Encrypt MOASession");
-			    
-			    byte[] encdata = cipher.doFinal(data);
-			    byte[] iv = cipher.getIV();
-			    
-			    return new EncryptedData(encdata, iv);
+			try {				
+	      final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH);
+	      final GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
+	      final Cipher cipher = Cipher.getInstance(CIPHER_MODE);
+	      cipher.init(Cipher.ENCRYPT_MODE, secret, spec);
+			  
+	      final byte[] encdata = cipher.doFinal(data);
+	      final byte[] iv = cipher.getIV();	      				
+			  Logger.trace("Encrypt MOASession");			   
+			  return new EncryptedData(encdata, iv);
 			    
 			} catch (Exception e) {
 				Logger.warn("MOASession is not encrypted",e);
@@ -145,17 +135,14 @@ public abstract class AbstractEncrytionUtil {
 	}
 	
 	public byte[] decrypt(EncryptedData data) throws BuildException {
-		Cipher cipher;
 		
 		if (secret != null) {
-			try {
-				IvParameterSpec iv = new IvParameterSpec(data.getIv());
-				
-				cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
-			    cipher.init(Cipher.DECRYPT_MODE, secret, iv);
-				
-			    Logger.debug("Decrypt MOASession");
-			    return cipher.doFinal(data.getEncData());
+			try {			    			    
+			    final Cipher cipher = Cipher.getInstance(CIPHER_MODE);
+			    final GCMParameterSpec iv = new GCMParameterSpec(GCM_TAG_LENGTH * 8, data.getIv());
+		      cipher.init(Cipher.DECRYPT_MODE, secret, iv);
+		      Logger.trace("Decrypt MOASession");
+		      return cipher.doFinal(data.getEncData());
 			    
 			} catch (Exception e) {
 				Logger.warn("MOASession is not decrypted",e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
index 498f8408b..d4a6ee786 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
@@ -32,14 +32,15 @@ public class SessionEncrytionUtil extends AbstractEncrytionUtil {
 	private static String key = null;
 	
 	public static SessionEncrytionUtil getInstance() {
-		if (instance == null) {
+		if (instance == null) {		  		  
 			try {
 				key = AuthConfigurationProviderFactory.getInstance().getMOASessionEncryptionKey();			
-				instance =  new SessionEncrytionUtil();
+				instance =  new SessionEncrytionUtil();	
 								
 			} catch (Exception e) {
 				Logger.warn("MOASession encryption can not be inizialized.", e);
-				
+				throw new RuntimeException("MOASession encryption can not be inizialized.", e);
+								
 			}					
 		}
 		return instance;