From eac5df115153c485ce7e6797aafdc7e5915f7ceb Mon Sep 17 00:00:00 2001 From: Dimitrije Gasic Date: Thu, 2 Oct 2025 08:33:24 +0200 Subject: [PATCH] Fix unwrapping --- .../minikms/service/KeyComputeService.java | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/MiniKms/src/main/java/ftn/security/minikms/service/KeyComputeService.java b/MiniKms/src/main/java/ftn/security/minikms/service/KeyComputeService.java index c597535..3ae8321 100644 --- a/MiniKms/src/main/java/ftn/security/minikms/service/KeyComputeService.java +++ b/MiniKms/src/main/java/ftn/security/minikms/service/KeyComputeService.java @@ -1,6 +1,7 @@ package ftn.security.minikms.service; import ftn.security.minikms.entity.KeyMaterial; +import ftn.security.minikms.enumeration.KeyType; import ftn.security.minikms.repository.KeyMetadataRepository; import ftn.security.minikms.repository.WrappedKeyRepository; import org.springframework.beans.factory.annotation.Autowired; @@ -75,7 +76,20 @@ public KeyMaterial getKey(UUID keyId, Integer version) { var wrappedKey = keyRepository.findByMetadataIdAndVersion(keyId, version) .orElseThrow(() -> new InvalidParameterException("Key with given id and version does not exist")); - return wrappedKey.getWrappedMaterial(); + if (metadata.getKeyType().equals(KeyType.HMAC)) + return wrappedKey.getWrappedMaterial(); + try { + byte[] unwrappedKey = rootKeyManager.unwrap( + wrappedKey.getWrappedMaterial().getKey(), keyId, version + ); + + KeyMaterial material = new KeyMaterial(); + material.setKey(unwrappedKey); + material.setPublicKey(wrappedKey.getWrappedMaterial().getPublicKey()); + return material; + } catch (GeneralSecurityException e) { + throw new RuntimeException("Failed to unwrap key material", e); + } } public KeyMaterial getKeySig(UUID keyId, Integer version) {