From 0c0c12e5c9844e4a6dc968d49198ae16d0236814 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 14 Dec 2021 16:27:09 +0100 Subject: fix problem with session-data encryption on some deployments --- .../moa/id/util/AbstractEncrytionUtil.java | 47 ++++++++-------------- .../moa-id-module-sl20_authentication/pom.xml | 11 +++-- pom.xml | 6 --- 3 files changed, 22 insertions(+), 42 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java index 8fdf1eab8..1bf240589 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java @@ -33,7 +33,6 @@ import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.GCMParameterSpec; -import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; @@ -114,27 +113,18 @@ public abstract class AbstractEncrytionUtil { } } - public EncryptedData encrypt(byte[] data) throws BuildException { - Cipher cipher; - + public EncryptedData encrypt(byte[] data) throws BuildException { if (secret != null) { - try { - final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH); - -// final byte[] nonce = new byte[GCM_NONCE_LENGTH]; -// SecureRandom.getInstanceStrong().nextBytes(nonce); - - GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce); - - cipher = Cipher.getInstance(CIPHER_MODE, "IAIK"); - cipher.init(Cipher.ENCRYPT_MODE, secret, spec); - - Logger.debug("Encrypt MOASession"); - - byte[] encdata = cipher.doFinal(data); - byte[] iv = cipher.getIV(); - - return new EncryptedData(encdata, iv); + try { + final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH); + final GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce); + final Cipher cipher = Cipher.getInstance(CIPHER_MODE); + cipher.init(Cipher.ENCRYPT_MODE, secret, spec); + + final byte[] encdata = cipher.doFinal(data); + final byte[] iv = cipher.getIV(); + Logger.trace("Encrypt MOASession"); + return new EncryptedData(encdata, iv); } catch (Exception e) { Logger.warn("MOASession is not encrypted",e); @@ -145,17 +135,14 @@ public abstract class AbstractEncrytionUtil { } public byte[] decrypt(EncryptedData data) throws BuildException { - Cipher cipher; if (secret != null) { - try { - IvParameterSpec iv = new IvParameterSpec(data.getIv()); - - cipher = Cipher.getInstance(CIPHER_MODE, "IAIK"); - cipher.init(Cipher.DECRYPT_MODE, secret, iv); - - Logger.debug("Decrypt MOASession"); - return cipher.doFinal(data.getEncData()); + try { + final Cipher cipher = Cipher.getInstance(CIPHER_MODE); + final GCMParameterSpec iv = new GCMParameterSpec(GCM_TAG_LENGTH * 8, data.getIv()); + cipher.init(Cipher.DECRYPT_MODE, secret, iv); + Logger.trace("Decrypt MOASession"); + return cipher.doFinal(data.getEncData()); } catch (Exception e) { Logger.warn("MOASession is not decrypted",e); diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index 0ec133d98..4d65efce2 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -61,12 +61,11 @@ 0.7.9 - - org.bouncycastle - bcprov-jdk15on - 1.70 - - + + org.bouncycastle + bcprov-jdk15on + 1.70 + diff --git a/pom.xml b/pom.xml index ee3c746cc..4586b193e 100644 --- a/pom.xml +++ b/pom.xml @@ -535,12 +535,6 @@ JSSE-1.0 compile - - - - at.gv.egiz.eaaf -- cgit v1.2.3