Skip to content

Commit

Permalink
Add BouncyCastle Provider to SecurityContext
Browse files Browse the repository at this point in the history
  • Loading branch information
f11h authored May 29, 2021
2 parents 822affb + f284f68 commit 3f1ebe9
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.time.LocalDateTime;
Expand All @@ -47,6 +48,7 @@
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.config.ConfigurableBeanFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
Expand Down Expand Up @@ -91,6 +93,8 @@ public class DgcGatewayDownloadConnector {

@PostConstruct
void init() throws KeyStoreException, CertificateEncodingException, IOException {
Security.addProvider(new BouncyCastleProvider());

String trustAnchorAlias = properties.getTrustAnchor().getAlias();
X509Certificate trustAnchorCert = (X509Certificate) trustAnchorKeyStore.getCertificate(trustAnchorAlias);

Expand Down Expand Up @@ -199,9 +203,15 @@ private boolean checkThumbprintIntegrity(TrustListItemDto trustListItem) {
}

private boolean checkCscaCertificate(TrustListItemDto trustListItem) {
return trustedCscaCertificates
boolean result = trustedCscaCertificates
.stream()
.anyMatch(ca -> connectorUtils.trustListItemSignedByCa(trustListItem, ca));

if (!result) {
log.info("Could not find valid CSCA for DSC {}", trustListItem.getKid());
}

return result;
}

private boolean checkUploadCertificate(TrustListItemDto trustListItem) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@

import java.io.IOException;
import java.security.PrivateKey;
import java.security.Security;
import java.util.Base64;
import lombok.NoArgsConstructor;
import lombok.extern.slf4j.Slf4j;
Expand All @@ -32,6 +33,7 @@
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultAlgorithmNameFinder;
import org.bouncycastle.operator.DigestCalculatorProvider;
Expand Down Expand Up @@ -83,6 +85,8 @@ public SignedCertificateMessageBuilder withPayloadCertificate(X509CertificateHol
* @return Bytes of signed CMS message.
*/
public byte[] build(boolean detached) {
Security.addProvider(new BouncyCastleProvider());

if (payloadCertificate == null || signingCertificate == null || signingCertificatePrivateKey == null) {
throw new RuntimeException("Message Builder is not ready");
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.Security;
import java.security.cert.CertificateException;
import java.util.Base64;
import java.util.Collection;
Expand All @@ -36,6 +37,7 @@
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;

/**
Expand Down Expand Up @@ -164,6 +166,8 @@ public SignedCertificateMessageParser(@NonNull String cmsSignature, @NonNull byt
}

private void afterPropertiesSet() {
Security.addProvider(new BouncyCastleProvider());

// Parse Base64
byte[] cmsBytes;
byte[] cmsPayloadBytes = null;
Expand Down

0 comments on commit 3f1ebe9

Please sign in to comment.