Search in sources :

Example 1 with DecryptionConfigurationCriterion

use of org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion in project cas by apereo.

the class SamlIdPObjectEncrypter method configureKeyDecryptionCredential.

/**
 * Configure key decryption credential credential.
 *
 * @param peerEntityId            the peer entity id
 * @param adaptor                 the adaptor
 * @param service                 the service
 * @param decryptionConfiguration the decryption configuration
 * @return the credential
 * @throws Exception the exception
 */
protected Credential configureKeyDecryptionCredential(final String peerEntityId, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service, final BasicDecryptionConfiguration decryptionConfiguration) throws Exception {
    val mdCredentialResolver = new SamlIdPMetadataCredentialResolver();
    val providers = new ArrayList<KeyInfoProvider>(5);
    providers.add(new RSAKeyValueProvider());
    providers.add(new DSAKeyValueProvider());
    providers.add(new InlineX509DataProvider());
    providers.add(new DEREncodedKeyValueProvider());
    providers.add(new KeyInfoReferenceProvider());
    val keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(providers);
    mdCredentialResolver.setKeyInfoCredentialResolver(keyInfoResolver);
    val roleDescriptorResolver = SamlIdPUtils.getRoleDescriptorResolver(adaptor, samlIdPProperties.getMetadata().getCore().isRequireValidMetadata());
    mdCredentialResolver.setRoleDescriptorResolver(roleDescriptorResolver);
    mdCredentialResolver.initialize();
    val criteriaSet = new CriteriaSet();
    criteriaSet.add(new DecryptionConfigurationCriterion(decryptionConfiguration));
    criteriaSet.add(new EntityIdCriterion(peerEntityId));
    criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
    criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
    criteriaSet.add(new SamlIdPSamlRegisteredServiceCriterion(service));
    LOGGER.debug("Attempting to resolve the decryption key for entity id [{}]", peerEntityId);
    val credential = Objects.requireNonNull(mdCredentialResolver.resolveSingle(criteriaSet));
    val encryptinKey = samlIdPMetadataLocator.resolveEncryptionKey(Optional.ofNullable(service));
    val bean = new PrivateKeyFactoryBean();
    bean.setSingleton(false);
    bean.setLocation(encryptinKey);
    val privateKey = Objects.requireNonNull(bean.getObject());
    val basicCredential = new BasicCredential(Objects.requireNonNull(credential.getPublicKey()), privateKey);
    decryptionConfiguration.setKEKKeyInfoCredentialResolver(new StaticKeyInfoCredentialResolver(basicCredential));
    val list = new ArrayList<EncryptedKeyResolver>(3);
    list.add(new InlineEncryptedKeyResolver());
    list.add(new EncryptedElementTypeEncryptedKeyResolver());
    list.add(new SimpleRetrievalMethodEncryptedKeyResolver());
    val encryptedKeyResolver = new ChainingEncryptedKeyResolver(list);
    decryptionConfiguration.setEncryptedKeyResolver(encryptedKeyResolver);
    return credential;
}
Also used : lombok.val(lombok.val) UsageCriterion(org.opensaml.security.criteria.UsageCriterion) RSAKeyValueProvider(org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider) SamlIdPSamlRegisteredServiceCriterion(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion) ArrayList(java.util.ArrayList) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) InlineX509DataProvider(org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider) KeyInfoReferenceProvider(org.opensaml.xmlsec.keyinfo.impl.provider.KeyInfoReferenceProvider) DecryptionConfigurationCriterion(org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion) ChainingEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver) SamlIdPMetadataCredentialResolver(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataCredentialResolver) BasicProviderKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver) SimpleRetrievalMethodEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver) StaticKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver) PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean) EncryptedElementTypeEncryptedKeyResolver(org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) DSAKeyValueProvider(org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider) DEREncodedKeyValueProvider(org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider) InlineEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver) BasicCredential(org.opensaml.security.credential.BasicCredential)

Example 2 with DecryptionConfigurationCriterion

use of org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion in project cas by apereo.

the class SamlIdPObjectEncrypter method resolveDecryptionParameters.

/**
 * Resolve decryption parameters decryption parameters.
 *
 * @param service                 the service
 * @param decryptionConfiguration the decryption configuration
 * @return the decryption parameters
 * @throws ResolverException the resolver exception
 */
protected DecryptionParameters resolveDecryptionParameters(final SamlRegisteredService service, final BasicDecryptionConfiguration decryptionConfiguration) throws ResolverException {
    val criteria = new CriteriaSet();
    criteria.add(new DecryptionConfigurationCriterion(decryptionConfiguration));
    return new BasicDecryptionParametersResolver().resolveSingle(criteria);
}
Also used : lombok.val(lombok.val) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) BasicDecryptionParametersResolver(org.opensaml.xmlsec.impl.BasicDecryptionParametersResolver) DecryptionConfigurationCriterion(org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion)

Aggregations

lombok.val (lombok.val)2 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)2 DecryptionConfigurationCriterion (org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion)2 ArrayList (java.util.ArrayList)1 SamlIdPMetadataCredentialResolver (org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataCredentialResolver)1 SamlIdPSamlRegisteredServiceCriterion (org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion)1 PrivateKeyFactoryBean (org.apereo.cas.util.crypto.PrivateKeyFactoryBean)1 EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)1 EntityRoleCriterion (org.opensaml.saml.criterion.EntityRoleCriterion)1 EncryptedElementTypeEncryptedKeyResolver (org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver)1 BasicCredential (org.opensaml.security.credential.BasicCredential)1 UsageCriterion (org.opensaml.security.criteria.UsageCriterion)1 ChainingEncryptedKeyResolver (org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver)1 InlineEncryptedKeyResolver (org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver)1 SimpleRetrievalMethodEncryptedKeyResolver (org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver)1 BasicDecryptionParametersResolver (org.opensaml.xmlsec.impl.BasicDecryptionParametersResolver)1 BasicProviderKeyInfoCredentialResolver (org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver)1 StaticKeyInfoCredentialResolver (org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver)1 DEREncodedKeyValueProvider (org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider)1 DSAKeyValueProvider (org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider)1