[MID-7608] Async Connector and Encrypt Data - Evolveum Jira

XML

Word

Printable

Details

Type: Task
Status: Open
Priority: Critical
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Connectors, Documentation, Provisioning
Labels:
None

Subscription:
Unknown

Description

Good afternoon, trying to make a handler for the Asynchronous Provisioning Connector. However, I ran into a misunderstanding of how to decrypt on the side of the handler.
In config.xml it is written.
By default AES_128 is used. If you change key size, than

<keystore>
<keyStorePath>${midpoint.home}/keystore.jceks</keyStorePath>
<keyStorePassword>changeit</keyStorePassword>
<encryptionKeyAlias>default</encryptionKeyAlias>
<!--
You can use smaller cipher key size for encryption. For:
AES_128 "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
AES_256 "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
AES_192 "http://www.w3.org/2001/04/xmlenc#aes192-cbc";

in element <xmlCipher></xmlCipher>
By default AES_128 is used. If you change key size, than
you must also create secret key in key store with proper key size and change encryptionKeyAlias.

To generate keystore with keytool use command:
keytool -genseckey -alias default -keystore keystore.jceks -storetype jceks -keyalg AES -keysize 128

secret key password is by default 'midpoint'
-->
</keystore>

The Json sent contains the message sent to "algorithm" : "http://www.w3.org/2001/04/xmlenc#aes256-cbc"

It is not at all clear from the documentation how to decrypt. What algorithm to use, etc. Please tell me where to look
Json sent by MidPoint

{
"operation" : "modify",
"objectClass" : "AccountObjectClass",
"primaryIdentifiers" : {
"login" : [ "Pswd1" ]
},
"secondaryIdentifiers" : { },
"changes" : {
"value" : {
"replace" : [ {
"encryptedDataType" : {
"encryptionMethod" : {
"algorithm" : "http://www.w3.org/2001/04/xmlenc#aes256-cbc"
},
"keyInfo" : {
"keyName" : "6dO244lbtRPp+35+05wB/7GlnU0="
},
"cipherData" : {
"cipherValue" : "jMzd5dwjk6icTeNj5VfvKn2MOP23OAOu90mnmllvPpQ="
}
},
"content" : [ {
"name" : "{http://prism.evolveum.com/xml/ns/public/types-3}encryptedData",
"declaredType" : "com.evolveum.prism.xml.ns._public.types_3.EncryptedDataType",
"scope" : "javax.xml.bind.JAXBElement$GlobalScope",
"value" : {
"encryptionMethod" : {
"algorithm" : "http://www.w3.org/2001/04/xmlenc#aes256-cbc"
},
"keyInfo" : {
"keyName" : "6dO244lbtRPp+35+05wB/7GlnU0="
},
"cipherData" : {
"cipherValue" : "jMzd5dwjk6icTeNj5VfvKn2MOP23OAOu90mnmllvPpQ="
}
},
"nil" : false,
"globalScope" : true,
"typeSubstituted" : false
} ],
"empty" : false,
"encrypted" : true,
"hashed" : false
} ]
}
}
}

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: AlexTihonob

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 26/Jan/22 2:32 PM

Updated:: 26/Jan/22 2:51 PM