EncryptedKey encryptedKey = encryptKey(document, secretKey, publicKey, keySize); String encryptionAlgorithm = getXMLEncryptionURL(secretKey.getAlgorithm(), keySize);
Element encDataElement = getNextElementNode(documentRoot.getFirstChild()); if (encDataElement == null) throw new IllegalStateException(ErrorCodes.DOM_MISSING_ELEMENT Element encKeyElement = getNextElementNode(encDataElement.getNextSibling()); if (encKeyElement == null) Element dataElement = getNextElementNode(decryptedRoot.getFirstChild()); if (dataElement == null) throw new IllegalStateException(ErrorCodes.NULL_VALUE + "Data Element after encryption is null");
/** * <p> * Encrypt the Key to be transported * </p> * <p> * Data is encrypted with a SecretKey. Then the key needs to be transported to the other end where it is needed for * decryption. For the Key transport, the SecretKey is encrypted with the recipient's public key. At the receiving end, the * receiver can decrypt the Secret Key using his private key.s * </p> * * @param document * @param keyToBeEncrypted Symmetric Key (SecretKey) * @param keyUsedToEncryptSecretKey Asymmetric Key (Public Key) * @param keySize Length of the key * @return * @throws ProcessingException */ public static EncryptedKey encryptKey(Document document, SecretKey keyToBeEncrypted, PublicKey keyUsedToEncryptSecretKey, int keySize) throws ProcessingException { XMLCipher keyCipher = null; String pubKeyAlg = keyUsedToEncryptSecretKey.getAlgorithm(); try { String keyWrapAlgo = getXMLEncryptionURLForKeyUnwrap(pubKeyAlg, keySize); keyCipher = XMLCipher.getInstance(keyWrapAlgo); keyCipher.init(XMLCipher.WRAP_MODE, keyUsedToEncryptSecretKey); return keyCipher.encryptKey(document, keyToBeEncrypted); } catch (XMLEncryptionException e) { throw logger.processingError(e); } }
String certAlgo = cert.getPublicKey().getAlgorithm(); keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo, XMLEncryptionUtil.getEncryptionURL(certAlgo), XMLEncryptionUtil.getEncryptionKeySize(certAlgo), false, true); updateKeyDescriptor(metadata, keyDescriptor);
try XMLEncryptionUtil.encryptElement(rstrDocument, tokenElement, providerPublicKey, secretKey, (int) keySize);
private ResponseType decryptAssertion(ResponseType responseType, PrivateKey privateKey) throws ProcessingException { if (privateKey == null) throw new IllegalArgumentException(ErrorCodes.NULL_ARGUMENT + "privateKey"); SAML2Response saml2Response = new SAML2Response(); try { Document doc = saml2Response.convert(responseType); Element enc = DocumentUtil.getElement(doc, new QName(JBossSAMLConstants.ENCRYPTED_ASSERTION.get())); if (enc == null) throw new ProcessingException(ErrorCodes.NULL_VALUE + "Null encrypted assertion element"); String oldID = enc.getAttribute(JBossSAMLConstants.ID.get()); Document newDoc = DocumentUtil.createDocument(); Node importedNode = newDoc.importNode(enc, true); newDoc.appendChild(importedNode); Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(newDoc, privateKey); SAMLParser parser = new SAMLParser(); JAXPValidationUtil.checkSchemaValidation(decryptedDocumentElement); AssertionType assertion = (AssertionType) parser.parse(StaxParserUtil.getXMLEventReader(DocumentUtil .getNodeAsStream(decryptedDocumentElement))); responseType.replaceAssertion(oldID, new RTChoiceType(assertion)); return responseType; } catch (Exception e) { throw new ProcessingException(e); } }
EncryptedKey key = XMLEncryptionUtil.encryptKey(document, new SecretKeySpec(secret, "AES"), encryptionKey, secret.length * 8); Element encryptedKeyElement = XMLCipher.getInstance().martial(key);
String certAlgo = cert.getPublicKey().getAlgorithm(); keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo, XMLEncryptionUtil.getEncryptionURL(certAlgo), XMLEncryptionUtil.getEncryptionKeySize(certAlgo), false, true); updateKeyDescriptor(metadata, keyDescriptor);
try XMLEncryptionUtil.encryptElement(rstrDocument, tokenElement, providerPublicKey, secretKey, (int) keySize);
private ResponseType decryptAssertion(ResponseType responseType, PrivateKey privateKey) throws ProcessingException { if (privateKey == null) throw new IllegalArgumentException(ErrorCodes.NULL_ARGUMENT + "privateKey"); SAML2Response saml2Response = new SAML2Response(); try { Document doc = saml2Response.convert(responseType); Element enc = DocumentUtil.getElement(doc, new QName(JBossSAMLConstants.ENCRYPTED_ASSERTION.get())); if (enc == null) throw new ProcessingException(ErrorCodes.NULL_VALUE + "Null encrypted assertion element"); String oldID = enc.getAttribute(JBossSAMLConstants.ID.get()); Document newDoc = DocumentUtil.createDocument(); Node importedNode = newDoc.importNode(enc, true); newDoc.appendChild(importedNode); Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(newDoc, privateKey); SAMLParser parser = new SAMLParser(); JAXPValidationUtil.checkSchemaValidation(decryptedDocumentElement); AssertionType assertion = (AssertionType) parser.parse(StaxParserUtil.getXMLEventReader(DocumentUtil .getNodeAsStream(decryptedDocumentElement))); responseType.replaceAssertion(oldID, new RTChoiceType(assertion)); return responseType; } catch (Exception e) { throw new ProcessingException(e); } }
EncryptedKey key = XMLEncryptionUtil.encryptKey(document, new SecretKeySpec(secret, "AES"), encryptionKey, secret.length * 8); Element encryptedKeyElement = XMLCipher.getInstance().martial(key);
EncryptedKey encryptedKey = encryptKey(document, secretKey, publicKey, keySize); String encryptionAlgorithm = getXMLEncryptionURL(secretKey.getAlgorithm(), keySize);
String certAlgo = cert.getPublicKey().getAlgorithm(); keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo, XMLEncryptionUtil.getEncryptionURL(certAlgo), XMLEncryptionUtil.getEncryptionKeySize(certAlgo), false, true); updateKeyDescriptor(metadata, keyDescriptor);
Element tokenElement = (Element) rst.getFirstChild(); try { XMLEncryptionUtil.encryptElement(rstrDocument, tokenElement, providerPublicKey, secretKey, (int) keySize); } catch (ProcessingException e) {
private ResponseType decryptAssertion(ResponseType responseType, PrivateKey privateKey) throws ProcessingException { if (privateKey == null) throw logger.nullArgumentError("privateKey"); SAML2Response saml2Response = new SAML2Response(); try { Document doc = saml2Response.convert(responseType); Element enc = DocumentUtil.getElement(doc, new QName(JBossSAMLConstants.ENCRYPTED_ASSERTION.get())); if (enc == null) throw logger.samlHandlerNullEncryptedAssertion(); String oldID = enc.getAttribute(JBossSAMLConstants.ID.get()); Document newDoc = DocumentUtil.createDocument(); Node importedNode = newDoc.importNode(enc, true); newDoc.appendChild(importedNode); Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(newDoc, privateKey); SAMLParser parser = new SAMLParser(); JAXPValidationUtil.checkSchemaValidation(decryptedDocumentElement); AssertionType assertion = (AssertionType) parser.parse(StaxParserUtil.getXMLEventReader(DocumentUtil .getNodeAsStream(decryptedDocumentElement))); responseType.replaceAssertion(oldID, new RTChoiceType(assertion)); return responseType; } catch (Exception e) { throw logger.processingError(e); } }
String keyWrapAlgo = getXMLEncryptionURLForKeyUnwrap(pubKeyAlg, keySize); keyCipher = XMLCipher.getInstance(keyWrapAlgo);
Document document = DocumentUtil.createDocument(); EncryptedKey key = XMLEncryptionUtil.encryptKey(document, new SecretKeySpec(secret, "AES"), encryptionKey, secret.length * 8);
Element encDataElement = getNextElementNode(documentRoot.getFirstChild()); if (encDataElement == null) throw new IllegalStateException(ErrorCodes.DOM_MISSING_ELEMENT Element encKeyElement = getNextElementNode(encDataElement.getNextSibling()); if (encKeyElement == null) Element dataElement = getNextElementNode(decryptedRoot.getFirstChild()); if (dataElement == null) throw new IllegalStateException(ErrorCodes.NULL_VALUE + "Data Element after encryption is null");
EncryptedKey encryptedKey = encryptKey(document, secretKey, publicKey, keySize); String encryptionAlgorithm = getXMLEncryptionURL(secretKey.getAlgorithm(), keySize);
String certAlgo = cert.getPublicKey().getAlgorithm(); keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo, XMLEncryptionUtil.getEncryptionURL(certAlgo), XMLEncryptionUtil.getEncryptionKeySize(certAlgo), false, true); updateKeyDescriptor(metadata, keyDescriptor);