Commit 606692b3 authored by michael.simon's avatar michael.simon
Browse files

Changes for newer private keys, generated with newer OpenSSL Versions

parent 1dbd3d52
...@@ -82,7 +82,7 @@ public class AttributeQueryHelper implements Serializable { ...@@ -82,7 +82,7 @@ public class AttributeQueryHelper implements Serializable {
try { try {
signingCredential = SecurityHelper.getSimpleCredential( signingCredential = SecurityHelper.getSimpleCredential(
cryptoHelper.getCertificate(spEntity.getCertificate()), cryptoHelper.getCertificate(spEntity.getCertificate()),
cryptoHelper.getKeyPair(spEntity.getPrivateKey()).getPrivate()); cryptoHelper.getPrivateKey(spEntity.getPrivateKey()));
} catch (IOException e1) { } catch (IOException e1) {
throw new MetadataException("No signing credential for SP " + spEntity.getEntityId(), e1); throw new MetadataException("No signing credential for SP " + spEntity.getEntityId(), e1);
} }
......
...@@ -14,6 +14,7 @@ import java.io.IOException; ...@@ -14,6 +14,7 @@ import java.io.IOException;
import java.io.Serializable; import java.io.Serializable;
import java.io.StringReader; import java.io.StringReader;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Security; import java.security.Security;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
...@@ -23,6 +24,7 @@ import javax.enterprise.context.ApplicationScoped; ...@@ -23,6 +24,7 @@ import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject; import javax.inject.Inject;
import javax.inject.Named; import javax.inject.Named;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.PEMKeyPair; import org.bouncycastle.openssl.PEMKeyPair;
...@@ -60,12 +62,25 @@ public class CryptoHelper implements Serializable { ...@@ -60,12 +62,25 @@ public class CryptoHelper implements Serializable {
return cert; return cert;
} }
public KeyPair getKeyPair(String privateKey) throws IOException { public PrivateKey getPrivateKey(String privateKey) throws IOException {
PEMParser pemReader = new PEMParser(new StringReader(privateKey)); PEMParser pemReader = new PEMParser(new StringReader(privateKey));
PEMKeyPair pemPair = (PEMKeyPair) pemReader.readObject(); Object o = pemReader.readObject();
pemReader.close(); pemReader.close();
KeyPair pair = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(pemPair);
return pair; if (o instanceof PEMKeyPair) {
PEMKeyPair pemPair = (PEMKeyPair) o;
KeyPair pair = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(pemPair);
return pair.getPrivate();
}
else if (o instanceof PrivateKeyInfo) {
PrivateKeyInfo pki = (PrivateKeyInfo) o;
PrivateKey pk = new JcaPEMKeyConverter().setProvider("BC").getPrivateKey(pki);
return pk;
}
else {
logger.warn("Cannot load private key of type: {}", o.getClass().getName());
return null;
}
} }
......
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
package edu.kit.scc.webreg.service.saml.impl; package edu.kit.scc.webreg.service.saml.impl;
import java.io.IOException; import java.io.IOException;
import java.security.KeyPair; import java.security.PrivateKey;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
...@@ -178,19 +178,19 @@ public class Saml2AssertionServiceImpl implements Saml2AssertionService { ...@@ -178,19 +178,19 @@ public class Saml2AssertionServiceImpl implements Saml2AssertionService {
String privateKey) throws IOException, DecryptionException, SamlAuthenticationException { String privateKey) throws IOException, DecryptionException, SamlAuthenticationException {
logger.debug("Decrypting assertion..."); logger.debug("Decrypting assertion...");
KeyPair keyPair; PrivateKey pk;
try { try {
keyPair = cryptoHelper.getKeyPair(privateKey); pk = cryptoHelper.getPrivateKey(privateKey);
} catch (IOException e) { } catch (IOException e) {
throw new SamlAuthenticationException("Private key is not set up properly", e); throw new SamlAuthenticationException("Private key is not set up properly", e);
} }
if (keyPair == null) { if (pk == null) {
throw new SamlAuthenticationException("Private key is not set up properly (is null)"); throw new SamlAuthenticationException("Private key is not set up properly (is null)");
} }
BasicX509Credential decryptCredential = new BasicX509Credential(); BasicX509Credential decryptCredential = new BasicX509Credential();
decryptCredential.setPrivateKey(keyPair.getPrivate()); decryptCredential.setPrivateKey(pk);
KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver(decryptCredential); KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver(decryptCredential);
InlineEncryptedKeyResolver encryptionKeyResolver = new InlineEncryptedKeyResolver(); InlineEncryptedKeyResolver encryptionKeyResolver = new InlineEncryptedKeyResolver();
Decrypter decrypter = new Decrypter(null, keyResolver, encryptionKeyResolver); Decrypter decrypter = new Decrypter(null, keyResolver, encryptionKeyResolver);
...@@ -204,19 +204,19 @@ public class Saml2AssertionServiceImpl implements Saml2AssertionService { ...@@ -204,19 +204,19 @@ public class Saml2AssertionServiceImpl implements Saml2AssertionService {
String privateKey) throws IOException, DecryptionException, SamlAuthenticationException { String privateKey) throws IOException, DecryptionException, SamlAuthenticationException {
logger.debug("Decrypting nameID..."); logger.debug("Decrypting nameID...");
KeyPair keyPair; PrivateKey pk;
try { try {
keyPair = cryptoHelper.getKeyPair(privateKey); pk = cryptoHelper.getPrivateKey(privateKey);
} catch (IOException e) { } catch (IOException e) {
throw new SamlAuthenticationException("Private key is not set up properly", e); throw new SamlAuthenticationException("Private key is not set up properly", e);
} }
if (keyPair == null) { if (pk == null) {
throw new SamlAuthenticationException("Private key is not set up properly"); throw new SamlAuthenticationException("Private key is not set up properly");
} }
BasicX509Credential decryptCredential = new BasicX509Credential(); BasicX509Credential decryptCredential = new BasicX509Credential();
decryptCredential.setPrivateKey(keyPair.getPrivate()); decryptCredential.setPrivateKey(pk);
KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver(decryptCredential); KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver(decryptCredential);
InlineEncryptedKeyResolver encryptionKeyResolver = new InlineEncryptedKeyResolver(); InlineEncryptedKeyResolver encryptionKeyResolver = new InlineEncryptedKeyResolver();
Decrypter decrypter = new Decrypter(null, keyResolver, encryptionKeyResolver); Decrypter decrypter = new Decrypter(null, keyResolver, encryptionKeyResolver);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment