/** {@inheritDoc} */ public Iterable<EncryptedKey> resolve(EncryptedData encryptedData) { return resolveKeyInfo(encryptedData.getKeyInfo(), depthLimit); }
/** * To get the decrypted assertion. * @param encryptedAssertion encrypted assertion * @param domainName userstore domain name * @return encrypted SAML assertion * @throws SAML2SSOUIAuthenticatorException */ public static Assertion getDecryptedAssertion(EncryptedAssertion encryptedAssertion, String domainName) throws SAML2SSOUIAuthenticatorException { X509Credential credential = getX509CredentialImplForTenant(domainName); try { KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver(credential); EncryptedKey key = encryptedAssertion.getEncryptedData().getKeyInfo().getEncryptedKeys().get(0); Decrypter decrypter = new Decrypter(null, keyResolver, null); SecretKey dkey = (SecretKey) decrypter.decryptKey(key, encryptedAssertion.getEncryptedData(). getEncryptionMethod().getAlgorithm()); Credential shared = SecurityHelper.getSimpleCredential(dkey); decrypter = new Decrypter(new StaticKeyInfoCredentialResolver(shared), null, null); decrypter.setRootInNewDocument(true); return decrypter.decrypt(encryptedAssertion); } catch (DecryptionException e) { throw new SAML2SSOUIAuthenticatorException("Error while decrypting the saml response.", e); } }
EncryptedData encData, List<EncryptedKey> encKeys) throws EncryptionException { if (encData.getID() == null) { encData.setID(idGenerator.generateIdentifier()); if (encData.getKeyInfo() == null) { encData.setKeyInfo(keyInfoBuilder.buildObject());
Document ownerDocument = encryptedData.getDOM().getOwnerDocument(); generator.getClass().getName()); try { encryptedData.setKeyInfo(generator.generate(encParams.getEncryptionCredential())); } catch (SecurityException e) { log.error("Error during EncryptedData KeyInfo generation", e); if (encryptedData.getKeyInfo() == null) { KeyInfo keyInfo = keyInfoBuilder.buildObject(); encryptedData.setKeyInfo(keyInfo); encryptedData.getKeyInfo().getEncryptedKeys().add(encryptedKey);
/** * Link a single EncryptedKey to the EncryptedData according to guidelines in SAML Errata E43. * * @param encData the EncryptedData * @param encKey the EncryptedKey */ protected void linkSinglePeerKey(EncryptedData encData, EncryptedKey encKey) { log.debug("Linking single peer EncryptedKey with RetrievalMethod and DataReference"); // Forward reference from EncryptedData to the EncryptedKey RetrievalMethod rm = retrievalMethodBuilder.buildObject(); rm.setURI("#" + encKey.getID()); rm.setType(EncryptionConstants.TYPE_ENCRYPTED_KEY); encData.getKeyInfo().getRetrievalMethods().add(rm); // Back reference from the EncryptedKey to the EncryptedData DataReference dr = dataReferenceBuilder.buildObject(); dr.setURI("#" + encData.getID()); encKey.getReferenceList().getDataReferences().add(dr); }
String algorithm = encryptedData.getEncryptionMethod().getAlgorithm(); if (DatatypeHelper.isEmpty(algorithm)) { String msg = "EncryptedData's EncryptionMethod Algorithm attribute was empty, "
if (!EncryptionConstants.TYPE_ELEMENT.equals(encryptedData.getType())) { log.error("EncryptedData was of unsupported type '" + encryptedData.getType() + "', could not attempt decryption"); throw new DecryptionException("EncryptedData of unsupported type was encountered"); throw e; Element targetElement = encryptedData.getDOM(); DocumentFragment docFragment = parseInputStream(input, encryptedData.getDOM().getOwnerDocument()); return docFragment;
if (DatatypeHelper.isEmpty(encryptedData.getID())) { return false;
generator.getClass().getName()); try { encryptedData.setKeyInfo( generator.generate(encParams.getEncryptionCredential()) ); } catch (SecurityException e) { throw new EncryptionException("Error generating EncryptedData KeyInfo", e);
/** * Get Decrypted Assertion * * @param encryptedAssertion * @return * @throws Exception */ protected Assertion getDecryptedAssertion(EncryptedAssertion encryptedAssertion) throws SSOAgentException { try { KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver( new X509CredentialImpl(ssoAgentConfig.getSAML2().getSSOAgentX509Credential())); EncryptedKey key = encryptedAssertion.getEncryptedData(). getKeyInfo().getEncryptedKeys().get(0); Decrypter decrypter = new Decrypter(null, keyResolver, null); SecretKey dkey = (SecretKey) decrypter.decryptKey(key, encryptedAssertion.getEncryptedData(). getEncryptionMethod().getAlgorithm()); Credential shared = SecurityHelper.getSimpleCredential(dkey); decrypter = new Decrypter(new StaticKeyInfoCredentialResolver(shared), null, null); decrypter.setRootInNewDocument(true); return decrypter.decrypt(encryptedAssertion); } catch (Exception e) { throw new SSOAgentException("Decrypted assertion error", e); } }
Document ownerDocument = encryptedData.getDOM().getOwnerDocument(); generator.getClass().getName()); try { encryptedData.setKeyInfo(generator.generate(encParams.getEncryptionCredential())); } catch (SecurityException e) { log.error("Error during EncryptedData KeyInfo generation", e); if (encryptedData.getKeyInfo() == null) { KeyInfo keyInfo = keyInfoBuilder.buildObject(); encryptedData.setKeyInfo(keyInfo); encryptedData.getKeyInfo().getEncryptedKeys().add(encryptedKey);
log.debug("Linking multiple peer EncryptedKeys with CarriedKeyName and DataReference"); List<KeyName> dataEncKeyNames = encData.getKeyInfo().getKeyNames(); String carriedKeyNameValue; if (dataEncKeyNames.size() == 0 || DatatypeHelper.isEmpty(dataEncKeyNames.get(0).getValue()) ) { dr.setURI("#" + encData.getID()); encKey.getReferenceList().getDataReferences().add(dr);
String algorithm = encryptedData.getEncryptionMethod().getAlgorithm(); if (DatatypeHelper.isEmpty(algorithm)) { String msg = "EncryptedData's EncryptionMethod Algorithm attribute was empty, "
if (!EncryptionConstants.TYPE_ELEMENT.equals(encryptedData.getType())) { log.error("EncryptedData was of unsupported type '" + encryptedData.getType() + "', could not attempt decryption"); throw new DecryptionException("EncryptedData of unsupported type was encountered"); throw e; Element targetElement = encryptedData.getDOM(); DocumentFragment docFragment = parseInputStream(input, encryptedData.getDOM().getOwnerDocument()); return docFragment;
if (DatatypeHelper.isEmpty(encryptedData.getID())) { return false;
/** * Get Decrypted Assertion * * @param encryptedAssertion * @return * @throws Exception */ protected Assertion getDecryptedAssertion(EncryptedAssertion encryptedAssertion) throws SSOAgentException { try { KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver( new X509CredentialImpl(ssoAgentConfig.getSAML2().getSSOAgentX509Credential())); EncryptedKey key = encryptedAssertion.getEncryptedData(). getKeyInfo().getEncryptedKeys().get(0); Decrypter decrypter = new Decrypter(null, keyResolver, null); SecretKey dkey = (SecretKey) decrypter.decryptKey(key, encryptedAssertion.getEncryptedData(). getEncryptionMethod().getAlgorithm()); Credential shared = SecurityHelper.getSimpleCredential(dkey); decrypter = new Decrypter(new StaticKeyInfoCredentialResolver(shared), null, null); decrypter.setRootInNewDocument(true); return decrypter.decrypt(encryptedAssertion); } catch (Exception e) { throw new SSOAgentException("Decrypted assertion error", e); } }
/** {@inheritDoc} */ public Iterable<EncryptedKey> resolve(EncryptedData encryptedData) { return resolveKeyInfo(encryptedData.getKeyInfo(), depthLimit); }
KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver(SAML2AuthUtils .getServerCredentials()); EncryptedKey key = encryptedAssertion.getEncryptedData().getKeyInfo().getEncryptedKeys().get(0); Decrypter decrypter = new Decrypter(null, keyResolver, null); SecretKey dkey = (SecretKey) decrypter.decryptKey(key, encryptedAssertion.getEncryptedData(). getEncryptionMethod().getAlgorithm()); Credential shared = SecurityHelper.getSimpleCredential(dkey); decrypter = new Decrypter(new StaticKeyInfoCredentialResolver(shared), null, null);
/** {@inheritDoc} */ public Iterable<EncryptedKey> resolve(EncryptedData encryptedData) { List<EncryptedKey> resolvedEncKeys = new ArrayList<EncryptedKey>(); if (encryptedData.getKeyInfo() == null) { return resolvedEncKeys; } for (EncryptedKey encKey : encryptedData.getKeyInfo().getEncryptedKeys()) { if (matchRecipient(encKey.getRecipient())) { resolvedEncKeys.add(encKey); } } return resolvedEncKeys; }
/** {@inheritDoc} */ public Iterable<EncryptedKey> resolve(EncryptedData encryptedData) { List<EncryptedKey> resolvedEncKeys = new ArrayList<EncryptedKey>(); if (encryptedData.getKeyInfo() == null) { return resolvedEncKeys; } for (EncryptedKey encKey : encryptedData.getKeyInfo().getEncryptedKeys()) { if (matchRecipient(encKey.getRecipient())) { resolvedEncKeys.add(encKey); } } return resolvedEncKeys; }