Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-7608

Async Connector and Encrypt Data

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None
    • Subscription:
      Unknown

      Description

      Good afternoon, trying to make a handler for the Asynchronous Provisioning Connector. However, I ran into a misunderstanding of how to decrypt on the side of the handler.
      In config.xml it is written.
      By default AES_128 is used. If you change key size, than

      <keystore>
      <keyStorePath>${midpoint.home}/keystore.jceks</keyStorePath>
      <keyStorePassword>changeit</keyStorePassword>
      <encryptionKeyAlias>default</encryptionKeyAlias>
      <!--
      You can use smaller cipher key size for encryption. For:
      AES_128 "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
      AES_256 "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
      AES_192 "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
      
      in element <xmlCipher></xmlCipher>
      By default AES_128 is used. If you change key size, than
      you must also create secret key in key store with proper key size and change encryptionKeyAlias.
      
      To generate keystore with keytool use command:
      keytool -genseckey -alias default -keystore keystore.jceks -storetype jceks -keyalg AES -keysize 128
      
      secret key password is by default 'midpoint'
      -->
      </keystore>
      

      The Json sent contains the message sent to "algorithm" : "http://www.w3.org/2001/04/xmlenc#aes256-cbc"

      It is not at all clear from the documentation how to decrypt. What algorithm to use, etc. Please tell me where to look
      Json sent by MidPoint

      {
      "operation" : "modify",
      "objectClass" : "AccountObjectClass",
      "primaryIdentifiers" : {
      "login" : [ "Pswd1" ]
      },
      "secondaryIdentifiers" : { },
      "changes" : {
      "value" : {
      "replace" : [ {
      "encryptedDataType" : {
      "encryptionMethod" : {
      "algorithm" : "http://www.w3.org/2001/04/xmlenc#aes256-cbc"
      },
      "keyInfo" : {
      "keyName" : "6dO244lbtRPp+35+05wB/7GlnU0="
      },
      "cipherData" : {
      "cipherValue" : "jMzd5dwjk6icTeNj5VfvKn2MOP23OAOu90mnmllvPpQ="
      }
      },
      "content" : [ {
      "name" : "{http://prism.evolveum.com/xml/ns/public/types-3}encryptedData",
      "declaredType" : "com.evolveum.prism.xml.ns._public.types_3.EncryptedDataType",
      "scope" : "javax.xml.bind.JAXBElement$GlobalScope",
      "value" : {
      "encryptionMethod" : {
      "algorithm" : "http://www.w3.org/2001/04/xmlenc#aes256-cbc"
      },
      "keyInfo" : {
      "keyName" : "6dO244lbtRPp+35+05wB/7GlnU0="
      },
      "cipherData" : {
      "cipherValue" : "jMzd5dwjk6icTeNj5VfvKn2MOP23OAOu90mnmllvPpQ="
      }
      },
      "nil" : false,
      "globalScope" : true,
      "typeSubstituted" : false
      } ],
      "empty" : false,
      "encrypted" : true,
      "hashed" : false
      } ]
      }
      }
      }
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            vastyjoy AlexTihonob
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated: