use of org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion in project cas by apereo.
the class SamlIdPObjectEncrypter method configureKeyDecryptionCredential.
/**
* Configure key decryption credential credential.
*
* @param peerEntityId the peer entity id
* @param adaptor the adaptor
* @param service the service
* @param decryptionConfiguration the decryption configuration
* @return the credential
* @throws Exception the exception
*/
protected Credential configureKeyDecryptionCredential(final String peerEntityId, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service, final BasicDecryptionConfiguration decryptionConfiguration) throws Exception {
val mdCredentialResolver = new SamlIdPMetadataCredentialResolver();
val providers = new ArrayList<KeyInfoProvider>(5);
providers.add(new RSAKeyValueProvider());
providers.add(new DSAKeyValueProvider());
providers.add(new InlineX509DataProvider());
providers.add(new DEREncodedKeyValueProvider());
providers.add(new KeyInfoReferenceProvider());
val keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(providers);
mdCredentialResolver.setKeyInfoCredentialResolver(keyInfoResolver);
val roleDescriptorResolver = SamlIdPUtils.getRoleDescriptorResolver(adaptor, samlIdPProperties.getMetadata().getCore().isRequireValidMetadata());
mdCredentialResolver.setRoleDescriptorResolver(roleDescriptorResolver);
mdCredentialResolver.initialize();
val criteriaSet = new CriteriaSet();
criteriaSet.add(new DecryptionConfigurationCriterion(decryptionConfiguration));
criteriaSet.add(new EntityIdCriterion(peerEntityId));
criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
criteriaSet.add(new SamlIdPSamlRegisteredServiceCriterion(service));
LOGGER.debug("Attempting to resolve the decryption key for entity id [{}]", peerEntityId);
val credential = Objects.requireNonNull(mdCredentialResolver.resolveSingle(criteriaSet));
val encryptinKey = samlIdPMetadataLocator.resolveEncryptionKey(Optional.ofNullable(service));
val bean = new PrivateKeyFactoryBean();
bean.setSingleton(false);
bean.setLocation(encryptinKey);
val privateKey = Objects.requireNonNull(bean.getObject());
val basicCredential = new BasicCredential(Objects.requireNonNull(credential.getPublicKey()), privateKey);
decryptionConfiguration.setKEKKeyInfoCredentialResolver(new StaticKeyInfoCredentialResolver(basicCredential));
val list = new ArrayList<EncryptedKeyResolver>(3);
list.add(new InlineEncryptedKeyResolver());
list.add(new EncryptedElementTypeEncryptedKeyResolver());
list.add(new SimpleRetrievalMethodEncryptedKeyResolver());
val encryptedKeyResolver = new ChainingEncryptedKeyResolver(list);
decryptionConfiguration.setEncryptedKeyResolver(encryptedKeyResolver);
return credential;
}
use of org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion in project cas by apereo.
the class SamlIdPObjectEncrypter method resolveDecryptionParameters.
/**
* Resolve decryption parameters decryption parameters.
*
* @param service the service
* @param decryptionConfiguration the decryption configuration
* @return the decryption parameters
* @throws ResolverException the resolver exception
*/
protected DecryptionParameters resolveDecryptionParameters(final SamlRegisteredService service, final BasicDecryptionConfiguration decryptionConfiguration) throws ResolverException {
val criteria = new CriteriaSet();
criteria.add(new DecryptionConfigurationCriterion(decryptionConfiguration));
return new BasicDecryptionParametersResolver().resolveSingle(criteria);
}
Aggregations