/** {@inheritDoc} */ public Iterable<EncryptedKey> resolve(EncryptedData encryptedData) { return resolveKeyInfo(encryptedData.getKeyInfo(), depthLimit); }
/** {@inheritDoc} */ public Iterable<EncryptedKey> resolve(EncryptedData encryptedData) { return resolveKeyInfo(encryptedData.getKeyInfo(), depthLimit); }
/** {@inheritDoc} */ public Iterable<EncryptedKey> resolve(EncryptedData encryptedData) { List<EncryptedKey> resolvedEncKeys = new ArrayList<EncryptedKey>(); if (encryptedData.getKeyInfo() == null) { return resolvedEncKeys; } for (EncryptedKey encKey : encryptedData.getKeyInfo().getEncryptedKeys()) { if (matchRecipient(encKey.getRecipient())) { resolvedEncKeys.add(encKey); } } return resolvedEncKeys; }
/** {@inheritDoc} */ public Iterable<EncryptedKey> resolve(EncryptedData encryptedData) { List<EncryptedKey> resolvedEncKeys = new ArrayList<EncryptedKey>(); if (encryptedData.getKeyInfo() == null) { return resolvedEncKeys; } for (EncryptedKey encKey : encryptedData.getKeyInfo().getEncryptedKeys()) { if (matchRecipient(encKey.getRecipient())) { resolvedEncKeys.add(encKey); } } return resolvedEncKeys; }
/** * Place the EncryptedKey elements inside the KeyInfo element within the EncryptedData element. * * Although operationally trivial, this method is provided so that subclasses may * override or augment as desired. * * @param encElement the EncryptedElementType instance which will hold the encrypted data and keys * @param encData the EncryptedData object * @param encKeys the list of EncryptedKey objects * @return the processed EncryptedElementType instance */ protected EncryptedElementType placeKeysInline(EncryptedElementType encElement, EncryptedData encData, List<EncryptedKey> encKeys) { log.debug("Placing EncryptedKey elements inline inside EncryptedData"); encData.getKeyInfo().getEncryptedKeys().addAll(encKeys); encElement.setEncryptedData(encData); return encElement; }
/** * Evaluate whether an EncryptedKey's CarriedKeyName matches one of the KeyName values * from the EncryptedData context. * * @param encryptedData the EncryptedData context * @param encryptedKey the candidate Encryptedkey to evaluate * @return true if the encrypted key's carried key name matches that of the encrytped data, * false otherwise */ protected boolean matchCarriedKeyName(EncryptedData encryptedData, EncryptedKey encryptedKey) { if (encryptedKey.getCarriedKeyName() == null || DatatypeHelper.isEmpty(encryptedKey.getCarriedKeyName().getValue()) ) { return true; } if (encryptedData.getKeyInfo() == null || encryptedData.getKeyInfo().getKeyNames().isEmpty() ) { return false; } String keyCarriedKeyName = encryptedKey.getCarriedKeyName().getValue(); List<String> dataKeyNames = KeyInfoHelper.getKeyNames(encryptedData.getKeyInfo()); return dataKeyNames.contains(keyCarriedKeyName); }
/** * Evaluate whether an EncryptedKey's CarriedKeyName matches one of the KeyName values * from the EncryptedData context. * * @param encryptedData the EncryptedData context * @param encryptedKey the candidate Encryptedkey to evaluate * @return true if the encrypted key's carried key name matches that of the encrytped data, * false otherwise */ protected boolean matchCarriedKeyName(EncryptedData encryptedData, EncryptedKey encryptedKey) { if (encryptedKey.getCarriedKeyName() == null || DatatypeHelper.isEmpty(encryptedKey.getCarriedKeyName().getValue()) ) { return true; } if (encryptedData.getKeyInfo() == null || encryptedData.getKeyInfo().getKeyNames().isEmpty() ) { return false; } String keyCarriedKeyName = encryptedKey.getCarriedKeyName().getValue(); List<String> dataKeyNames = KeyInfoHelper.getKeyNames(encryptedData.getKeyInfo()); return dataKeyNames.contains(keyCarriedKeyName); }
/** {@inheritDoc} */ public Iterable<EncryptedKey> resolve(EncryptedData encryptedData) { List<EncryptedKey> resolvedEncKeys = new ArrayList<EncryptedKey>(); if (encryptedData.getKeyInfo() == null) { return resolvedEncKeys; } for (RetrievalMethod rm : encryptedData.getKeyInfo().getRetrievalMethods()) { if (!DatatypeHelper.safeEquals(rm.getType(), EncryptionConstants.TYPE_ENCRYPTED_KEY)) { continue; } if (rm.getTransforms() != null) { log.warn("EncryptedKey RetrievalMethod has transforms, can not process"); continue; } EncryptedKey encKey = dereferenceURI(rm); if (encKey == null) { continue; } if (matchRecipient(encKey.getRecipient())) { resolvedEncKeys.add(encKey); } } return resolvedEncKeys; }
/** {@inheritDoc} */ public Iterable<EncryptedKey> resolve(EncryptedData encryptedData) { List<EncryptedKey> resolvedEncKeys = new ArrayList<EncryptedKey>(); if (encryptedData.getKeyInfo() == null) { return resolvedEncKeys; } for (RetrievalMethod rm : encryptedData.getKeyInfo().getRetrievalMethods()) { if (!DatatypeHelper.safeEquals(rm.getType(), EncryptionConstants.TYPE_ENCRYPTED_KEY)) { continue; } if (rm.getTransforms() != null) { log.warn("EncryptedKey RetrievalMethod has transforms, can not process"); continue; } EncryptedKey encKey = dereferenceURI(rm); if (encKey == null) { continue; } if (matchRecipient(encKey.getRecipient())) { resolvedEncKeys.add(encKey); } } return resolvedEncKeys; }
/** * Link a single EncryptedKey to the EncryptedData according to guidelines in SAML Errata E43. * * @param encData the EncryptedData * @param encKey the EncryptedKey */ protected void linkSinglePeerKey(EncryptedData encData, EncryptedKey encKey) { log.debug("Linking single peer EncryptedKey with RetrievalMethod and DataReference"); // Forward reference from EncryptedData to the EncryptedKey RetrievalMethod rm = retrievalMethodBuilder.buildObject(); rm.setURI("#" + encKey.getID()); rm.setType(EncryptionConstants.TYPE_ENCRYPTED_KEY); encData.getKeyInfo().getRetrievalMethods().add(rm); // Back reference from the EncryptedKey to the EncryptedData DataReference dr = dataReferenceBuilder.buildObject(); dr.setURI("#" + encData.getID()); encKey.getReferenceList().getDataReferences().add(dr); }
log.debug("Linking multiple peer EncryptedKeys with CarriedKeyName and DataReference"); List<KeyName> dataEncKeyNames = encData.getKeyInfo().getKeyNames(); String carriedKeyNameValue; if (dataEncKeyNames.size() == 0 || DatatypeHelper.isEmpty(dataEncKeyNames.get(0).getValue()) ) {
if (encryptedData.getKeyInfo() == null) { KeyInfo keyInfo = keyInfoBuilder.buildObject(); encryptedData.setKeyInfo(keyInfo); encryptedData.getKeyInfo().getEncryptedKeys().add(encryptedKey);
if (encryptedData.getKeyInfo() == null) { KeyInfo keyInfo = keyInfoBuilder.buildObject(); encryptedData.setKeyInfo(keyInfo); encryptedData.getKeyInfo().getEncryptedKeys().add(encryptedKey);
if (encData.getKeyInfo() == null) { encData.setKeyInfo(keyInfoBuilder.buildObject());
KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver(SAML2AuthUtils .getServerCredentials()); EncryptedKey key = encryptedAssertion.getEncryptedData().getKeyInfo().getEncryptedKeys().get(0); Decrypter decrypter = new Decrypter(null, keyResolver, null); SecretKey dkey = (SecretKey) decrypter.decryptKey(key, encryptedAssertion.getEncryptedData().
/** * To get the decrypted assertion. * @param encryptedAssertion encrypted assertion * @param domainName userstore domain name * @return encrypted SAML assertion * @throws SAML2SSOUIAuthenticatorException */ public static Assertion getDecryptedAssertion(EncryptedAssertion encryptedAssertion, String domainName) throws SAML2SSOUIAuthenticatorException { X509Credential credential = getX509CredentialImplForTenant(domainName); try { KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver(credential); EncryptedKey key = encryptedAssertion.getEncryptedData().getKeyInfo().getEncryptedKeys().get(0); Decrypter decrypter = new Decrypter(null, keyResolver, null); SecretKey dkey = (SecretKey) decrypter.decryptKey(key, encryptedAssertion.getEncryptedData(). getEncryptionMethod().getAlgorithm()); Credential shared = SecurityHelper.getSimpleCredential(dkey); decrypter = new Decrypter(new StaticKeyInfoCredentialResolver(shared), null, null); decrypter.setRootInNewDocument(true); return decrypter.decrypt(encryptedAssertion); } catch (DecryptionException e) { throw new SAML2SSOUIAuthenticatorException("Error while decrypting the saml response.", e); } }
/** * Get Decrypted Assertion * * @param encryptedAssertion * @return * @throws Exception */ protected Assertion getDecryptedAssertion(EncryptedAssertion encryptedAssertion) throws SSOAgentException { try { KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver( new X509CredentialImpl(ssoAgentConfig.getSAML2().getSSOAgentX509Credential())); EncryptedKey key = encryptedAssertion.getEncryptedData(). getKeyInfo().getEncryptedKeys().get(0); Decrypter decrypter = new Decrypter(null, keyResolver, null); SecretKey dkey = (SecretKey) decrypter.decryptKey(key, encryptedAssertion.getEncryptedData(). getEncryptionMethod().getAlgorithm()); Credential shared = SecurityHelper.getSimpleCredential(dkey); decrypter = new Decrypter(new StaticKeyInfoCredentialResolver(shared), null, null); decrypter.setRootInNewDocument(true); return decrypter.decrypt(encryptedAssertion); } catch (Exception e) { throw new SSOAgentException("Decrypted assertion error", e); } }
/** * Get Decrypted Assertion * * @param encryptedAssertion * @return * @throws Exception */ protected Assertion getDecryptedAssertion(EncryptedAssertion encryptedAssertion) throws SSOAgentException { try { KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver( new X509CredentialImpl(ssoAgentConfig.getSAML2().getSSOAgentX509Credential())); EncryptedKey key = encryptedAssertion.getEncryptedData(). getKeyInfo().getEncryptedKeys().get(0); Decrypter decrypter = new Decrypter(null, keyResolver, null); SecretKey dkey = (SecretKey) decrypter.decryptKey(key, encryptedAssertion.getEncryptedData(). getEncryptionMethod().getAlgorithm()); Credential shared = SecurityHelper.getSimpleCredential(dkey); decrypter = new Decrypter(new StaticKeyInfoCredentialResolver(shared), null, null); decrypter.setRootInNewDocument(true); return decrypter.decrypt(encryptedAssertion); } catch (Exception e) { throw new SSOAgentException("Decrypted assertion error", e); } }