Removed threadlocal caching and added CryptoProvider to tests

RSam25 · RSam25 · commit 0bb68909eee0 · 2026-01-12T14:08:28.000+11:00
diff --git a/src/main/java/com/uid2/operator/service/CryptoProviderService.java b/src/main/java/com/uid2/operator/service/CryptoProviderService.java
@@ -14,13 +14,6 @@ public class CryptoProviderService {
 
     // ECDH provider selection: tries ACCP first, falls back to default (SunEC)
     private static final String ECDH_PROVIDER_NAME = initEcdhProvider();
-    private static final ThreadLocal<KeyAgreement> THREAD_LOCAL_KEY_AGREEMENT = ThreadLocal.withInitial(() -> {
-        try {
-            return createKeyAgreement();
-        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
-            throw new RuntimeException("Failed to create KeyAgreement", e);
-        }
-    });
 
     private static String initEcdhProvider() {
         // Try ACCP (Amazon Corretto Crypto Provider) first
@@ -42,14 +35,14 @@ private static String initEcdhProvider() {
         return null;
     }
 
-    private static KeyAgreement createKeyAgreement() throws NoSuchAlgorithmException, NoSuchProviderException {
+    public static KeyAgreement createKeyAgreement() throws  NoSuchAlgorithmException {
         if (ECDH_PROVIDER_NAME != null) {
-            return KeyAgreement.getInstance("ECDH", ECDH_PROVIDER_NAME);
+            try {
+                return KeyAgreement.getInstance("ECDH", ECDH_PROVIDER_NAME);
+            } catch (NoSuchProviderException e) {
+                LOGGER.info("{} is not available: {}", ECDH_PROVIDER_NAME, e.getMessage());
+            }
         }
         return KeyAgreement.getInstance("ECDH");
     }
-
-    public static KeyAgreement getKeyAgreement() {
-        return THREAD_LOCAL_KEY_AGREEMENT.get();
-    }
 }
diff --git a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
@@ -409,7 +409,7 @@ private void handleClientSideTokenGenerateImpl(RoutingContext rc) throws NoSuchA
         }
 
         // Perform key agreement (uses cached provider: ACCP > SunEC)
-        final KeyAgreement ka = CryptoProviderService.getKeyAgreement();
+        final KeyAgreement ka = CryptoProviderService.createKeyAgreement();
         ka.init(clientSideKeypair.getPrivateKey());
         ka.doPhase(clientPublicKey, true);
 
diff --git a/src/test/java/com/uid2/operator/ClientSideTokenGenerateTestUtil.java b/src/test/java/com/uid2/operator/ClientSideTokenGenerateTestUtil.java
@@ -1,5 +1,7 @@
 package com.uid2.operator;
 
+import com.uid2.operator.service.CryptoProviderService;
+
 import javax.crypto.*;
 import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
@@ -37,7 +39,7 @@ public static PrivateKey stringToPrivateKey(String privateKeyString, KeyFactory
     }
 
     public static SecretKey deriveKey(PublicKey serverPublicKey, PrivateKey clientPrivateKey) throws NoSuchAlgorithmException, InvalidKeyException {
-        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
+        KeyAgreement keyAgreement = CryptoProviderService.createKeyAgreement();
         keyAgreement.init(clientPrivateKey);
         keyAgreement.doPhase(serverPublicKey, true);
 

Original file line number	Diff line number	Diff line change
`@@ -409,7 +409,7 @@ private void handleClientSideTokenGenerateImpl(RoutingContext rc) throws NoSuchA`
`409`	`409`	`}`
`410`	`410`
`411`	`411`	`// Perform key agreement (uses cached provider: ACCP > SunEC)`
`412`		`- final KeyAgreement ka = CryptoProviderService.getKeyAgreement();`
	`412`	`+ final KeyAgreement ka = CryptoProviderService.createKeyAgreement();`
`413`	`413`	`ka.init(clientSideKeypair.getPrivateKey());`
`414`	`414`	`ka.doPhase(clientPublicKey, true);`
`415`	`415`