/** * Provides key used for encryption from extended metadata. Uses default when key is not specified. * * @return encryption key */ protected String getEncryptionKey() { if (extendedMetadata != null && extendedMetadata.getEncryptionKey() != null) { return extendedMetadata.getEncryptionKey(); } else { return keyManager.getDefaultCredentialName(); } }
credentials.add(keyManager.getCredential(extendedMetadata.getSigningKey())); if (extendedMetadata.getEncryptionKey() != null) { log.debug("Using customized encryption key {} from extended metadata for entityID {}", extendedMetadata.getEncryptionKey(), entityID); credentials.add(keyManager.getCredential(extendedMetadata.getEncryptionKey())); log.debug("Using customized TLS key {} from extended metadata for entityID {}", extendedMetadata.getEncryptionKey(), entityID); credentials.add(keyManager.getCredential(extendedMetadata.getTlsKey())); if (extendedMetadata.getEncryptionKey() != null) { log.debug("Using customized encryption key {} from extended metadata for entityID {}", extendedMetadata.getEncryptionKey(), entityID); credentials.add(keyManager.getCredential(extendedMetadata.getEncryptionKey()));
/** * Populates a decrypter based on settings in the extended metadata or using a default credential when no * encryption credential is specified in the extended metadata. * * @param samlContext context to populate decryptor for. */ protected void populateDecrypter(SAMLMessageContext samlContext) { // Locate encryption key for this entity Credential encryptionCredential; if (samlContext.getLocalExtendedMetadata().getEncryptionKey() != null) { encryptionCredential = keyManager.getCredential(samlContext.getLocalExtendedMetadata().getEncryptionKey()); } else { encryptionCredential = keyManager.getDefaultCredential(); } // Entity used for decrypting of encrypted XML parts // Extracts EncryptedKey from the encrypted XML using the encryptedKeyResolver and attempts to decrypt it // using private keys supplied by the resolver. KeyInfoCredentialResolver resolver = new StaticKeyInfoCredentialResolver(encryptionCredential); Decrypter decrypter = new Decrypter(null, resolver, encryptedKeyResolver); decrypter.setRootInNewDocument(true); samlContext.setLocalDecrypter(decrypter); }