aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java7
3 files changed, 25 insertions, 37 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index b0f452861..baf4349e8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -77,10 +77,10 @@ public class MOAIDAuthInitializer {
System.setProperty(
"https.cipherSuites",
//high secure RSA bases ciphers
- ",TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +
- ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +
- ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +
- ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +
+ "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +
+ ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +
+ ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +
+ ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +
//high secure ECC bases ciphers
",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
index 8fdf1eab8..1bf240589 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
@@ -33,7 +33,6 @@ import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
-import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
@@ -114,27 +113,18 @@ public abstract class AbstractEncrytionUtil {
}
}
- public EncryptedData encrypt(byte[] data) throws BuildException {
- Cipher cipher;
-
+ public EncryptedData encrypt(byte[] data) throws BuildException {
if (secret != null) {
- try {
- final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH);
-
-// final byte[] nonce = new byte[GCM_NONCE_LENGTH];
-// SecureRandom.getInstanceStrong().nextBytes(nonce);
-
- GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
-
- cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
- cipher.init(Cipher.ENCRYPT_MODE, secret, spec);
-
- Logger.debug("Encrypt MOASession");
-
- byte[] encdata = cipher.doFinal(data);
- byte[] iv = cipher.getIV();
-
- return new EncryptedData(encdata, iv);
+ try {
+ final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH);
+ final GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
+ final Cipher cipher = Cipher.getInstance(CIPHER_MODE);
+ cipher.init(Cipher.ENCRYPT_MODE, secret, spec);
+
+ final byte[] encdata = cipher.doFinal(data);
+ final byte[] iv = cipher.getIV();
+ Logger.trace("Encrypt MOASession");
+ return new EncryptedData(encdata, iv);
} catch (Exception e) {
Logger.warn("MOASession is not encrypted",e);
@@ -145,17 +135,14 @@ public abstract class AbstractEncrytionUtil {
}
public byte[] decrypt(EncryptedData data) throws BuildException {
- Cipher cipher;
if (secret != null) {
- try {
- IvParameterSpec iv = new IvParameterSpec(data.getIv());
-
- cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
- cipher.init(Cipher.DECRYPT_MODE, secret, iv);
-
- Logger.debug("Decrypt MOASession");
- return cipher.doFinal(data.getEncData());
+ try {
+ final Cipher cipher = Cipher.getInstance(CIPHER_MODE);
+ final GCMParameterSpec iv = new GCMParameterSpec(GCM_TAG_LENGTH * 8, data.getIv());
+ cipher.init(Cipher.DECRYPT_MODE, secret, iv);
+ Logger.trace("Decrypt MOASession");
+ return cipher.doFinal(data.getEncData());
} catch (Exception e) {
Logger.warn("MOASession is not decrypted",e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
index 498f8408b..d4a6ee786 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
@@ -32,14 +32,15 @@ public class SessionEncrytionUtil extends AbstractEncrytionUtil {
private static String key = null;
public static SessionEncrytionUtil getInstance() {
- if (instance == null) {
+ if (instance == null) {
try {
key = AuthConfigurationProviderFactory.getInstance().getMOASessionEncryptionKey();
- instance = new SessionEncrytionUtil();
+ instance = new SessionEncrytionUtil();
} catch (Exception e) {
Logger.warn("MOASession encryption can not be inizialized.", e);
-
+ throw new RuntimeException("MOASession encryption can not be inizialized.", e);
+
}
}
return instance;