Commit 606692b3 authored by michael.simon's avatar michael.simon
Browse files

Changes for newer private keys, generated with newer OpenSSL Versions

parent 1dbd3d52
......@@ -82,7 +82,7 @@ public class AttributeQueryHelper implements Serializable {
try {
signingCredential = SecurityHelper.getSimpleCredential(
cryptoHelper.getCertificate(spEntity.getCertificate()),
cryptoHelper.getKeyPair(spEntity.getPrivateKey()).getPrivate());
cryptoHelper.getPrivateKey(spEntity.getPrivateKey()));
} catch (IOException e1) {
throw new MetadataException("No signing credential for SP " + spEntity.getEntityId(), e1);
}
......
......@@ -14,6 +14,7 @@ import java.io.IOException;
import java.io.Serializable;
import java.io.StringReader;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
......@@ -23,6 +24,7 @@ import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.inject.Named;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.PEMKeyPair;
......@@ -60,12 +62,25 @@ public class CryptoHelper implements Serializable {
return cert;
}
public KeyPair getKeyPair(String privateKey) throws IOException {
public PrivateKey getPrivateKey(String privateKey) throws IOException {
PEMParser pemReader = new PEMParser(new StringReader(privateKey));
PEMKeyPair pemPair = (PEMKeyPair) pemReader.readObject();
Object o = pemReader.readObject();
pemReader.close();
KeyPair pair = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(pemPair);
return pair;
if (o instanceof PEMKeyPair) {
PEMKeyPair pemPair = (PEMKeyPair) o;
KeyPair pair = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(pemPair);
return pair.getPrivate();
}
else if (o instanceof PrivateKeyInfo) {
PrivateKeyInfo pki = (PrivateKeyInfo) o;
PrivateKey pk = new JcaPEMKeyConverter().setProvider("BC").getPrivateKey(pki);
return pk;
}
else {
logger.warn("Cannot load private key of type: {}", o.getClass().getName());
return null;
}
}
......
......@@ -11,7 +11,7 @@
package edu.kit.scc.webreg.service.saml.impl;
import java.io.IOException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
......@@ -178,19 +178,19 @@ public class Saml2AssertionServiceImpl implements Saml2AssertionService {
String privateKey) throws IOException, DecryptionException, SamlAuthenticationException {
logger.debug("Decrypting assertion...");
KeyPair keyPair;
PrivateKey pk;
try {
keyPair = cryptoHelper.getKeyPair(privateKey);
pk = cryptoHelper.getPrivateKey(privateKey);
} catch (IOException e) {
throw new SamlAuthenticationException("Private key is not set up properly", e);
}
if (keyPair == null) {
if (pk == null) {
throw new SamlAuthenticationException("Private key is not set up properly (is null)");
}
BasicX509Credential decryptCredential = new BasicX509Credential();
decryptCredential.setPrivateKey(keyPair.getPrivate());
decryptCredential.setPrivateKey(pk);
KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver(decryptCredential);
InlineEncryptedKeyResolver encryptionKeyResolver = new InlineEncryptedKeyResolver();
Decrypter decrypter = new Decrypter(null, keyResolver, encryptionKeyResolver);
......@@ -204,19 +204,19 @@ public class Saml2AssertionServiceImpl implements Saml2AssertionService {
String privateKey) throws IOException, DecryptionException, SamlAuthenticationException {
logger.debug("Decrypting nameID...");
KeyPair keyPair;
PrivateKey pk;
try {
keyPair = cryptoHelper.getKeyPair(privateKey);
pk = cryptoHelper.getPrivateKey(privateKey);
} catch (IOException e) {
throw new SamlAuthenticationException("Private key is not set up properly", e);
}
if (keyPair == null) {
if (pk == null) {
throw new SamlAuthenticationException("Private key is not set up properly");
}
BasicX509Credential decryptCredential = new BasicX509Credential();
decryptCredential.setPrivateKey(keyPair.getPrivate());
decryptCredential.setPrivateKey(pk);
KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver(decryptCredential);
InlineEncryptedKeyResolver encryptionKeyResolver = new InlineEncryptedKeyResolver();
Decrypter decrypter = new Decrypter(null, keyResolver, encryptionKeyResolver);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment