/** * Encrypt any {@link NameID}s found in a subject and replace them with the result. * * @param subject subject to operate on * * @throws EncryptionException if an error occurs */ private void processSubject(@Nullable final Subject subject) throws EncryptionException { if (subject != null) { if (shouldEncrypt(subject.getNameID())) { log.debug("{} Encrypt NameID in Subject", getLogPrefix()); final EncryptedID encrypted = getEncrypter().encrypt(subject.getNameID()); subject.setEncryptedID(encrypted); subject.setNameID(null); } for (final SubjectConfirmation sc : subject.getSubjectConfirmations()) { if (shouldEncrypt(sc.getNameID())) { log.debug("{} Encrypt NameID in SubjectConfirmation", getLogPrefix()); final EncryptedID encrypted = getEncrypter().encrypt(sc.getNameID()); sc.setEncryptedID(encrypted); sc.setNameID(null); } } } }
if (SubjectConfirmation.METHOD_BEARER.equals(confirmation.getMethod()) && isValidBearerSubjectConfirmationData(confirmation.getSubjectConfirmationData(), context)) { NameID nameIDFromConfirmation = confirmation.getNameID(); final BaseID baseIDFromConfirmation = confirmation.getBaseID(); final EncryptedID encryptedIDFromConfirmation = confirmation.getEncryptedID();
protected List<SubjectConfirmation> getConfirmations( List<org.opensaml.saml.saml2.core .SubjectConfirmation> subjectConfirmations, List<SimpleKey> localKeys ) { List<SubjectConfirmation> result = new LinkedList<>(); for (org.opensaml.saml.saml2.core.SubjectConfirmation s : subjectConfirmations) { NameID nameID = getNameID(s.getNameID(), s.getEncryptedID(), localKeys); result.add( new SubjectConfirmation() .setNameId(nameID != null ? nameID.getValue() : null) .setFormat(nameID != null ? NameId.fromUrn(nameID.getFormat()) : null) .setMethod(SubjectConfirmationMethod.fromUrn(s.getMethod())) .setConfirmationData( new SubjectConfirmationData() .setRecipient(s.getSubjectConfirmationData().getRecipient()) .setNotOnOrAfter(s.getSubjectConfirmationData().getNotOnOrAfter()) .setNotBefore(s.getSubjectConfirmationData().getNotBefore()) .setInResponseTo(s.getSubjectConfirmationData().getInResponseTo()) ) ); } return result; }