From e0026b6eff8a110902d0ec4dcb3307e5b785e9a6 Mon Sep 17 00:00:00 2001
From: Jens Reinemann <reinemann@euris.de>
Date: Mon, 18 May 2026 16:17:50 +0200
Subject: [PATCH] fix(server): use direct Tink primitive for admin message
 encryption

---
 .../de/bollwerk/server/service/AdminMessageService.kt       | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/server/src/main/kotlin/de/bollwerk/server/service/AdminMessageService.kt b/server/src/main/kotlin/de/bollwerk/server/service/AdminMessageService.kt
index feb8080..f2dbad5 100644
--- a/server/src/main/kotlin/de/bollwerk/server/service/AdminMessageService.kt
+++ b/server/src/main/kotlin/de/bollwerk/server/service/AdminMessageService.kt
@@ -27,11 +27,7 @@ internal class AdminMessageService(
             Charsets.UTF_8
         )
         val publicHandle = JsonKeysetReader.withString(publicKeysetJson).read()
-        
-        // Use reflection to call getPrimitive since it may not be directly accessible
-        val getPrimitiveMethod = publicHandle::class.java.getMethod("getPrimitive", Class::class.java)
-        @Suppress("UNCHECKED_CAST")
-        val hybridEncrypt = getPrimitiveMethod.invoke(publicHandle, HybridEncrypt::class.java) as HybridEncrypt
+        val hybridEncrypt = publicHandle.getPrimitive(HybridEncrypt::class.java)
         
         val ciphertext = hybridEncrypt.encrypt(plaintext.toByteArray(Charsets.UTF_8), null)
         return Base64.getEncoder().encodeToString(ciphertext)