/** * Constructor. */ public KeyEncryptionParameters() { super(); // The default supplied by the super class doesn't make sense, // can't autogenerate a key encryption key, always needs to be derived // from the key in the (for KEK, mandatory) encryption credential. setAlgorithm(null); }
KeyEncryptionParameters kekParams = new KeyEncryptionParameters(); kekParams.setEncryptionCredential(encryptionCredential); kekParams.setAlgorithm(secConfig.getKeyTransportEncryptionAlgorithmURI(encryptionCredential, wrappedKeyAlgorithm)); kekParams.setKeyInfoGenerator(kiGenerator); } else { log.info("No factory for named KeyInfoGenerator {} was found for credential type {}", keyInfoGenName, kekParams.setRecipient(recipient);
@Override public EncryptedAssertion doEncryptedAssertion(Assertion assertion, X509Credential cred, String alias, String encryptionAlgorithm) throws IdentityException { try { Credential symmetricCredential = SecurityHelper.getSimpleCredential( SecurityHelper.generateSymmetricKey(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256)); EncryptionParameters encParams = new EncryptionParameters(); encParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256); encParams.setEncryptionCredential(symmetricCredential); KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters(); keyEncryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15); keyEncryptionParameters.setEncryptionCredential(cred); Encrypter encrypter = new Encrypter(encParams, keyEncryptionParameters); encrypter.setKeyPlacement(Encrypter.KeyPlacement.INLINE); EncryptedAssertion encrypted = encrypter.encrypt(assertion); return encrypted; } catch (Exception e) { throw IdentityException.error("Error while Encrypting Assertion", e); } } }
Key encryptionKey = SecurityHelper.extractEncryptionKey(kekParams.getEncryptionCredential()); String encryptionAlgorithmURI = kekParams.getAlgorithm(); if (kekParams.getKeyInfoGenerator() != null) { KeyInfoGenerator generator = kekParams.getKeyInfoGenerator(); log.debug("Dynamically generating KeyInfo from Credential for EncryptedKey using generator: {}", generator.getClass().getName()); try { encryptedKey.setKeyInfo(generator.generate(kekParams.getEncryptionCredential())); } catch (SecurityException e) { log.error("Error during EncryptedKey KeyInfo generation", e); if (kekParams.getRecipient() != null) { encryptedKey.setRecipient(kekParams.getRecipient());
Key key = SecurityHelper.extractEncryptionKey(kekParams.getEncryptionCredential()); if (key == null) { log.error("Key encryption credential and contained key are required"); log.error("Attempt made to use EC key for encrypted key transport"); throw new EncryptionException("EC keys may not be used for encrypted key transport"); } else if (DatatypeHelper.isEmpty(kekParams.getAlgorithm())) { log.error("Key encryption algorithm URI is required"); throw new EncryptionException("Key encryption algorithm URI is required");
KeyEncryptionParameters kekParams = new KeyEncryptionParameters(); kekParams.setEncryptionCredential(encryptionCredential); kekParams.setAlgorithm(secConfig.getKeyTransportEncryptionAlgorithmURI(encryptionCredential, wrappedKeyAlgorithm)); kekParams.setKeyInfoGenerator(kiGenerator); } else { log.info("No factory for named KeyInfoGenerator {} was found for credential type {}", keyInfoGenName, kekParams.setRecipient(recipient);
@Override public EncryptedAssertion doEncryptedAssertion(Assertion assertion, X509Credential cred, String alias, String encryptionAlgorithm) throws IdentityException { try { Credential symmetricCredential = SecurityHelper.getSimpleCredential( SecurityHelper.generateSymmetricKey(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256)); EncryptionParameters encParams = new EncryptionParameters(); encParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256); encParams.setEncryptionCredential(symmetricCredential); KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters(); keyEncryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15); keyEncryptionParameters.setEncryptionCredential(cred); Encrypter encrypter = new Encrypter(encParams, keyEncryptionParameters); encrypter.setKeyPlacement(Encrypter.KeyPlacement.INLINE); EncryptedAssertion encrypted = encrypter.encrypt(assertion); return encrypted; } catch (Exception e) { throw IdentityException.error("Error while Encrypting Assertion", e); } } }
Key encryptionKey = SecurityHelper.extractEncryptionKey(kekParams.getEncryptionCredential()); String encryptionAlgorithmURI = kekParams.getAlgorithm(); if (kekParams.getKeyInfoGenerator() != null) { KeyInfoGenerator generator = kekParams.getKeyInfoGenerator(); log.debug("Dynamically generating KeyInfo from Credential for EncryptedKey using generator: {}", generator.getClass().getName()); try { encryptedKey.setKeyInfo(generator.generate(kekParams.getEncryptionCredential())); } catch (SecurityException e) { log.error("Error during EncryptedKey KeyInfo generation", e); if (kekParams.getRecipient() != null) { encryptedKey.setRecipient(kekParams.getRecipient());
Key key = SecurityHelper.extractEncryptionKey(kekParams.getEncryptionCredential()); if (key == null) { log.error("Key encryption credential and contained key are required"); log.error("Attempt made to use EC key for encrypted key transport"); throw new EncryptionException("EC keys may not be used for encrypted key transport"); } else if (DatatypeHelper.isEmpty(kekParams.getAlgorithm())) { log.error("Key encryption algorithm URI is required"); throw new EncryptionException("Key encryption algorithm URI is required");
KeyEncryptionParameters kekParams = new KeyEncryptionParameters(); kekParams.setEncryptionCredential(keyEncryptionCredential); kekParams.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15); KeyInfoGeneratorFactory kigf = Configuration .getGlobalSecurityConfiguration().getKeyInfoGeneratorManager() .getDefaultManager().getFactory(keyEncryptionCredential); kekParams.setKeyInfoGenerator(kigf.newInstance());
encParams.setEncryptionCredential(symmetricCredential); KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters(); keyEncryptionParameters.setAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-1_5"); keyEncryptionParameters.setEncryptionCredential(new X509CredentialImpl((X509Certificate) certificate));
/** * Constructor. */ public KeyEncryptionParameters() { super(); // The default supplied by the super class doesn't make sense, // can't autogenerate a key encryption key, always needs to be derived // from the key in the (for KEK, mandatory) encryption credential. setAlgorithm(null); }