Example 1 with DecryptionConfigurationCriterion
use of org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion in project cas by apereo.
the class SamlIdPObjectEncrypter method configureKeyDecryptionCredential.
/**
* Configure key decryption credential credential.
*
* @param peerEntityId the peer entity id
* @param adaptor the adaptor
* @param service the service
* @param decryptionConfiguration the decryption configuration
* @return the credential
* @throws Exception the exception
*/
protected Credential configureKeyDecryptionCredential(final String peerEntityId, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service, final BasicDecryptionConfiguration decryptionConfiguration) throws Exception {
val mdCredentialResolver = new SamlIdPMetadataCredentialResolver();
val providers = new ArrayList<KeyInfoProvider>(5);
providers.add(new RSAKeyValueProvider());
providers.add(new DSAKeyValueProvider());
providers.add(new InlineX509DataProvider());
providers.add(new DEREncodedKeyValueProvider());
providers.add(new KeyInfoReferenceProvider());
val keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(providers);
mdCredentialResolver.setKeyInfoCredentialResolver(keyInfoResolver);
val roleDescriptorResolver = SamlIdPUtils.getRoleDescriptorResolver(adaptor, samlIdPProperties.getMetadata().getCore().isRequireValidMetadata());
mdCredentialResolver.setRoleDescriptorResolver(roleDescriptorResolver);
mdCredentialResolver.initialize();
val criteriaSet = new CriteriaSet();
criteriaSet.add(new DecryptionConfigurationCriterion(decryptionConfiguration));
criteriaSet.add(new EntityIdCriterion(peerEntityId));
criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
criteriaSet.add(new SamlIdPSamlRegisteredServiceCriterion(service));
LOGGER.debug("Attempting to resolve the decryption key for entity id [{}]", peerEntityId);
val credential = Objects.requireNonNull(mdCredentialResolver.resolveSingle(criteriaSet));
val encryptinKey = samlIdPMetadataLocator.resolveEncryptionKey(Optional.ofNullable(service));
val bean = new PrivateKeyFactoryBean();
bean.setSingleton(false);
bean.setLocation(encryptinKey);
val privateKey = Objects.requireNonNull(bean.getObject());
val basicCredential = new BasicCredential(Objects.requireNonNull(credential.getPublicKey()), privateKey);
decryptionConfiguration.setKEKKeyInfoCredentialResolver(new StaticKeyInfoCredentialResolver(basicCredential));
val list = new ArrayList<EncryptedKeyResolver>(3);
list.add(new InlineEncryptedKeyResolver());
list.add(new EncryptedElementTypeEncryptedKeyResolver());
list.add(new SimpleRetrievalMethodEncryptedKeyResolver());
val encryptedKeyResolver = new ChainingEncryptedKeyResolver(list);
decryptionConfiguration.setEncryptedKeyResolver(encryptedKeyResolver);
return credential;
}
Also used :
lombok.val(lombok.val)
UsageCriterion(org.opensaml.security.criteria.UsageCriterion)
RSAKeyValueProvider(org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider)
SamlIdPSamlRegisteredServiceCriterion(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion)
ArrayList(java.util.ArrayList)
EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion)
InlineX509DataProvider(org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider)
KeyInfoReferenceProvider(org.opensaml.xmlsec.keyinfo.impl.provider.KeyInfoReferenceProvider)
DecryptionConfigurationCriterion(org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion)
ChainingEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver)
SamlIdPMetadataCredentialResolver(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataCredentialResolver)
BasicProviderKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver)
SimpleRetrievalMethodEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver)
StaticKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver)
PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean)
EncryptedElementTypeEncryptedKeyResolver(org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver)
CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)
EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion)
DSAKeyValueProvider(org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider)
DEREncodedKeyValueProvider(org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider)
InlineEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver)
BasicCredential(org.opensaml.security.credential.BasicCredential)
Example 2 with DecryptionConfigurationCriterion
use of org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion in project cas by apereo.
the class SamlIdPObjectEncrypter method resolveDecryptionParameters.
/**
* Resolve decryption parameters decryption parameters.
*
* @param service the service
* @param decryptionConfiguration the decryption configuration
* @return the decryption parameters
* @throws ResolverException the resolver exception
*/
protected DecryptionParameters resolveDecryptionParameters(final SamlRegisteredService service, final BasicDecryptionConfiguration decryptionConfiguration) throws ResolverException {
val criteria = new CriteriaSet();
criteria.add(new DecryptionConfigurationCriterion(decryptionConfiguration));
return new BasicDecryptionParametersResolver().resolveSingle(criteria);
}
Also used :
lombok.val(lombok.val)
CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)
BasicDecryptionParametersResolver(org.opensaml.xmlsec.impl.BasicDecryptionParametersResolver)
DecryptionConfigurationCriterion(org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion)
Aggregations
lombok.val (lombok.val)2
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)2
DecryptionConfigurationCriterion (org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion)2
ArrayList (java.util.ArrayList)1
SamlIdPMetadataCredentialResolver (org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataCredentialResolver)1
SamlIdPSamlRegisteredServiceCriterion (org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion)1
PrivateKeyFactoryBean (org.apereo.cas.util.crypto.PrivateKeyFactoryBean)1
EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)1
EntityRoleCriterion (org.opensaml.saml.criterion.EntityRoleCriterion)1
EncryptedElementTypeEncryptedKeyResolver (org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver)1
BasicCredential (org.opensaml.security.credential.BasicCredential)1
UsageCriterion (org.opensaml.security.criteria.UsageCriterion)1
ChainingEncryptedKeyResolver (org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver)1
InlineEncryptedKeyResolver (org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver)1
SimpleRetrievalMethodEncryptedKeyResolver (org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver)1
BasicDecryptionParametersResolver (org.opensaml.xmlsec.impl.BasicDecryptionParametersResolver)1
BasicProviderKeyInfoCredentialResolver (org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver)1
StaticKeyInfoCredentialResolver (org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver)1
DEREncodedKeyValueProvider (org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider)1
DSAKeyValueProvider (org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider)1
