Skip to content

Commit e14fc39

Browse files
RSam25RSam25
committed
Load in ACCP provider
1 parent 7d2de01 commit e14fc39

1 file changed

Lines changed: 13 additions & 8 deletions

File tree

src/main/java/com/uid2/operator/service/CryptoProviderService.java

Lines changed: 13 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,13 @@
11
package com.uid2.operator.service;
22

3-
import com.uid2.operator.vertx.UIDOperatorVerticle;
43
import org.slf4j.Logger;
54
import org.slf4j.LoggerFactory;
5+
import software.amazon.cryptools.AmazonCorrettoCryptoProvider;
66

77
import javax.crypto.KeyAgreement;
88
import java.security.NoSuchAlgorithmException;
99
import java.security.NoSuchProviderException;
10+
import java.security.Security;
1011

1112
public class CryptoProviderService {
1213
private static final Logger LOGGER = LoggerFactory.getLogger(CryptoProviderService.class);
@@ -24,15 +25,19 @@ public class CryptoProviderService {
2425
private static String initEcdhProvider() {
2526
// Try ACCP (Amazon Corretto Crypto Provider) first
2627
try {
27-
KeyAgreement ka = KeyAgreement.getInstance("ECDH", "AmazonCorrettoCryptoProvider");
28-
LOGGER.info("ECDH using AmazonCorrettoCryptoProvider");
29-
return "AmazonCorrettoCryptoProvider";
30-
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
31-
// ACCP not available, fall through
32-
LOGGER.info("AmazonCorrettoCryptoProvider is not available");
28+
// Add ACCP at lowest priority so it doesn't become default for other algorithms
29+
Security.addProvider(AmazonCorrettoCryptoProvider.INSTANCE);
30+
31+
// Verify it works for ECDH
32+
KeyAgreement ka = KeyAgreement.getInstance("ECDH", AmazonCorrettoCryptoProvider.PROVIDER_NAME);
33+
LOGGER.info("ECDH using AmazonCorrettoCryptoProvider (added at lowest priority)");
34+
return AmazonCorrettoCryptoProvider.PROVIDER_NAME;
35+
} catch (Throwable e) {
36+
// ACCP not available
37+
LOGGER.info("AmazonCorrettoCryptoProvider is not available: {}", e.getMessage());
3338
}
3439

35-
// Fall back to default provider (SunEC on most JDKs)
40+
// Fall back to default provider
3641
LOGGER.info("ECDH using default provider (SunEC)");
3742
return null;
3843
}

0 commit comments

Comments
 (0)