use of org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver in project cas by apereo.
the class SamlIdPObjectEncrypter method configureKeyDecryptionCredential.
/**
* Configure key decryption credential credential.
*
* @param peerEntityId the peer entity id
* @param adaptor the adaptor
* @param service the service
* @param decryptionConfiguration the decryption configuration
* @return the credential
* @throws Exception the exception
*/
protected Credential configureKeyDecryptionCredential(final String peerEntityId, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service, final BasicDecryptionConfiguration decryptionConfiguration) throws Exception {
val mdCredentialResolver = new SamlIdPMetadataCredentialResolver();
val providers = new ArrayList<KeyInfoProvider>(5);
providers.add(new RSAKeyValueProvider());
providers.add(new DSAKeyValueProvider());
providers.add(new InlineX509DataProvider());
providers.add(new DEREncodedKeyValueProvider());
providers.add(new KeyInfoReferenceProvider());
val keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(providers);
mdCredentialResolver.setKeyInfoCredentialResolver(keyInfoResolver);
val roleDescriptorResolver = SamlIdPUtils.getRoleDescriptorResolver(adaptor, samlIdPProperties.getMetadata().getCore().isRequireValidMetadata());
mdCredentialResolver.setRoleDescriptorResolver(roleDescriptorResolver);
mdCredentialResolver.initialize();
val criteriaSet = new CriteriaSet();
criteriaSet.add(new DecryptionConfigurationCriterion(decryptionConfiguration));
criteriaSet.add(new EntityIdCriterion(peerEntityId));
criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
criteriaSet.add(new SamlIdPSamlRegisteredServiceCriterion(service));
LOGGER.debug("Attempting to resolve the decryption key for entity id [{}]", peerEntityId);
val credential = Objects.requireNonNull(mdCredentialResolver.resolveSingle(criteriaSet));
val encryptinKey = samlIdPMetadataLocator.resolveEncryptionKey(Optional.ofNullable(service));
val bean = new PrivateKeyFactoryBean();
bean.setSingleton(false);
bean.setLocation(encryptinKey);
val privateKey = Objects.requireNonNull(bean.getObject());
val basicCredential = new BasicCredential(Objects.requireNonNull(credential.getPublicKey()), privateKey);
decryptionConfiguration.setKEKKeyInfoCredentialResolver(new StaticKeyInfoCredentialResolver(basicCredential));
val list = new ArrayList<EncryptedKeyResolver>(3);
list.add(new InlineEncryptedKeyResolver());
list.add(new EncryptedElementTypeEncryptedKeyResolver());
list.add(new SimpleRetrievalMethodEncryptedKeyResolver());
val encryptedKeyResolver = new ChainingEncryptedKeyResolver(list);
decryptionConfiguration.setEncryptedKeyResolver(encryptedKeyResolver);
return credential;
}
use of org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver in project cas by apereo.
the class WsFederationHelper method buildAssertionDecrypter.
private static Decrypter buildAssertionDecrypter(final WsFederationConfiguration config) {
val list = new ArrayList<EncryptedKeyResolver>(3);
list.add(new InlineEncryptedKeyResolver());
list.add(new EncryptedElementTypeEncryptedKeyResolver());
list.add(new SimpleRetrievalMethodEncryptedKeyResolver());
LOGGER.trace("Built a list of encrypted key resolvers: [{}]", list);
val encryptedKeyResolver = new ChainingEncryptedKeyResolver(list);
LOGGER.trace("Building credential instance to decrypt data");
val encryptionCredential = getEncryptionCredential(config);
val resolver = new StaticKeyInfoCredentialResolver(encryptionCredential);
val decrypter = new Decrypter(null, resolver, encryptedKeyResolver);
decrypter.setRootInNewDocument(true);
return decrypter;
}
Aggregations