/** * Gets key encryption parameters. * * @param samlObject the saml object * @param service the service * @param adaptor the adaptor * @param credential the credential * @return the key encryption parameters */ protected KeyEncryptionParameters getKeyEncryptionParameters(final Object samlObject, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final Credential credential) { val keyEncParams = new KeyEncryptionParameters(); keyEncParams.setRecipient(adaptor.getEntityId()); keyEncParams.setEncryptionCredential(credential); keyEncParams.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP); return keyEncParams; }
Assertion assertion = createAssertion(); // Assume this contains a recipient's RSA public key Credential keyEncryptionCredential = getKEKCredential(); EncryptionParameters encParams = new EncryptionParameters(); encParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256); KeyEncryptionParameters kekParams = new KeyEncryptionParameters(); kekParams.setEncryptionCredential(keyEncryptionCredential); kekParams.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP); KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration() .getKeyInfoGeneratorManager().getDefaultManager() .getFactory(keyEncryptionCredential); kekParams.setKeyInfoGenerator(kigf.newInstance()); Encrypter samlEncrypter = new Encrypter(encParams, kekParams); samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
protected Encrypter getEncrypter(SimpleKey key, KeyEncryptionMethod keyAlgorithm, DataEncryptionMethod dataAlgorithm) { Credential credential = getCredential(key, getCredentialsResolver(key)); SecretKey secretKey = generateKeyFromURI(dataAlgorithm); BasicCredential dataCredential = new BasicCredential(secretKey); DataEncryptionParameters dataEncryptionParameters = new DataEncryptionParameters(); dataEncryptionParameters.setEncryptionCredential(dataCredential); dataEncryptionParameters.setAlgorithm(dataAlgorithm.toString()); KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters(); keyEncryptionParameters.setEncryptionCredential(credential); keyEncryptionParameters.setAlgorithm(keyAlgorithm.toString()); Encrypter encrypter = new Encrypter(dataEncryptionParameters, asList(keyEncryptionParameters)); return encrypter; }