Hi CXF developers,
I’m testing CXF with the usage of a hardware security module. Most parts are
working just great.
However, I’m facing one issue with the JwsUtils class (line 119).
The code is checking if the provided key is an instanceof RSAPrivateKey. This
is working fine using a JKS file keystore. But when I use a (HSM) PKCS11
keystore type the used PrivateKey instance is a
sun.security.pkcs11.P11Key$P11PrivateKey which is not an instance of
RSAPrivateKey. Thus, the initialization fails and my code is not working.
The invoked PrivateKeyJwsSignatureProvider (line 120) does not require a
RSAPrivateKey, so if I execute this code (in my java debugger) with my P11Key
it is all working fine.
Therefore I’m wondering, if we can refactor this code to check for the key
algorithm, instead of the class instance like this:
} else if ("RSA".equals(key.getAlgorithm())) {
return new PrivateKeyJwsSignatureProvider(key, algo);
Or maybe it will be even better to remove the else check completely and call
the signature provider instantiation always (if it is not a EC key). Like this:
public static JwsSignatureProvider
getPrivateKeySignatureProvider(PrivateKey key, SignatureAlgorithm algo) {
if (algo == null) {
LOG.warning("No signature algorithm was defined");
throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
}
if (key instanceof ECPrivateKey) {
return new EcDsaJwsSignatureProvider((ECPrivateKey)key, algo);
}
return new PrivateKeyJwsSignatureProvider(key, algo);
}
WDYT?
Jan
As a recipient of an email from the Talend Group, your personal data will be
processed by our systems. Please see our Privacy Notice
<https://www.talend.com/privacy-policy/> for more information about our
collection and use of your personal information, our security practices, and
your data protection rights, including any rights you may have to object to
automated-decision making or profiling we use to analyze support or marketing
related communications. To manage or discontinue promotional communications,
use the communication preferences
portal<https://info.talend.com/emailpreferencesen.html>. To exercise your data
protection rights, use the privacy request
form<https://talend.my.onetrust.com/webform/ef906c5a-de41-4ea0-ba73-96c079cdd15a/b191c71d-f3cb-4a42-9815-0c3ca021704cl>.
Contact us here <https://www.talend.com/contact/> or by mail to either of our
co-headquarters: Talend, Inc.: 400 South El Camino Real, Ste 1400, San Mateo,
CA 94402; Talend SAS: 5/7 rue Salomon De Rothschild, 92150 Suresnes, France
