Hi Jan, Your second option looks fine to me - can you create a pull request for it?
Colm. On Mon, Apr 17, 2023 at 4:00 PM Jan Bernhardt <[email protected]> wrote: > > Hi CXF developers, > > I’m testing CXF with the usage of a hardware security module. Most parts are > working just great. > However, I’m facing one issue with the JwsUtils class (line 119). > > The code is checking if the provided key is an instanceof RSAPrivateKey. This > is working fine using a JKS file keystore. But when I use a (HSM) PKCS11 > keystore type the used PrivateKey instance is a > sun.security.pkcs11.P11Key$P11PrivateKey which is not an instance of > RSAPrivateKey. Thus, the initialization fails and my code is not working. > The invoked PrivateKeyJwsSignatureProvider (line 120) does not require a > RSAPrivateKey, so if I execute this code (in my java debugger) with my P11Key > it is all working fine. > > Therefore I’m wondering, if we can refactor this code to check for the key > algorithm, instead of the class instance like this: > > } else if ("RSA".equals(key.getAlgorithm())) { > return new PrivateKeyJwsSignatureProvider(key, algo); > > Or maybe it will be even better to remove the else check completely and call > the signature provider instantiation always (if it is not a EC key). Like > this: > > public static JwsSignatureProvider > getPrivateKeySignatureProvider(PrivateKey key, SignatureAlgorithm algo) { > if (algo == null) { > LOG.warning("No signature algorithm was defined"); > throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET); > } > if (key instanceof ECPrivateKey) { > return new EcDsaJwsSignatureProvider((ECPrivateKey)key, algo); > } > > return new PrivateKeyJwsSignatureProvider(key, algo); > } > > WDYT? > > Jan > > As a recipient of an email from the Talend Group, your personal data will be > processed by our systems. Please see our Privacy Notice > <https://www.talend.com/privacy-policy/> for more information about our > collection and use of your personal information, our security practices, and > your data protection rights, including any rights you may have to object to > automated-decision making or profiling we use to analyze support or marketing > related communications. To manage or discontinue promotional communications, > use the communication preferences > portal<https://info.talend.com/emailpreferencesen.html>. To exercise your > data protection rights, use the privacy request > form<https://talend.my.onetrust.com/webform/ef906c5a-de41-4ea0-ba73-96c079cdd15a/b191c71d-f3cb-4a42-9815-0c3ca021704cl>. > Contact us here <https://www.talend.com/contact/> or by mail to either of > our co-headquarters: Talend, Inc.: 400 South El Camino Real, Ste 1400, San > Mateo, CA 94402; Talend SAS: 5/7 rue Salomon De Rothschild, 92150 Suresnes, > France
