Examples with DecrypterFactory - uk.gov.ida.saml.security.DecrypterFactory

Example 1 with DecrypterFactory

use of uk.gov.ida.saml.security.DecrypterFactory in project verify-hub by alphagov.

the class SamlEngineModule method getAES256WithGCMAssertionDecrypter.

@Provides
@Named("AES256DecrypterWithGCM")
private AssertionDecrypter getAES256WithGCMAssertionDecrypter(IdaKeyStore keyStore) {
    IdaKeyStoreCredentialRetriever idaKeyStoreCredentialRetriever = new IdaKeyStoreCredentialRetriever(keyStore);
    Decrypter decrypter = new DecrypterFactory().createDecrypter(idaKeyStoreCredentialRetriever.getDecryptingCredentials());
    return new AssertionDecrypter(new EncryptionAlgorithmValidator(ImmutableSet.of(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM)), decrypter);
}

Also used : IdaKeyStoreCredentialRetriever(uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever) DecrypterFactory(uk.gov.ida.saml.security.DecrypterFactory) AssertionDecrypter(uk.gov.ida.saml.security.AssertionDecrypter) EncryptionAlgorithmValidator(uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator) Decrypter(org.opensaml.saml.saml2.encryption.Decrypter) AssertionDecrypter(uk.gov.ida.saml.security.AssertionDecrypter) Named(javax.inject.Named) Provides(com.google.inject.Provides)

Example 2 with DecrypterFactory

use of uk.gov.ida.saml.security.DecrypterFactory in project verify-hub by alphagov.

the class AssertionDecrypter method decrypt.

private Assertion decrypt(EncryptedAssertion encryptedAssertion) {
    Decrypter decrypter = new DecrypterFactory().createDecrypter(List.of(new BasicCredential(publicKey, privateKey)));
    decrypter.setRootInNewDocument(true);
    try {
        return decrypter.decrypt(encryptedAssertion);
    } catch (DecryptionException e) {
        throw new RuntimeException(e);
    }
}

Also used : DecrypterFactory(uk.gov.ida.saml.security.DecrypterFactory) Decrypter(org.opensaml.saml.saml2.encryption.Decrypter) DecryptionException(org.opensaml.xmlsec.encryption.support.DecryptionException) BasicCredential(org.opensaml.security.credential.BasicCredential)

Example 3 with DecrypterFactory

use of uk.gov.ida.saml.security.DecrypterFactory in project verify-hub by alphagov.

the class AuthnRequestFromRelyingPartyUnmarshallerTest method setUp.

@BeforeAll
public static void setUp() {
    final BasicCredential basicCredential = createBasicCredential();
    encrypter = new EncrypterFactory().createEncrypter(basicCredential);
    unmarshaller = new AuthnRequestFromRelyingPartyUnmarshaller(new DecrypterFactory().createDecrypter(List.of(basicCredential)));
}

Also used : DecrypterFactory(uk.gov.ida.saml.security.DecrypterFactory) EncrypterFactory(uk.gov.ida.saml.security.EncrypterFactory) BasicCredential(org.opensaml.security.credential.BasicCredential) BeforeAll(org.junit.jupiter.api.BeforeAll)

Example 4 with DecrypterFactory

use of uk.gov.ida.saml.security.DecrypterFactory in project verify-hub by alphagov.

the class AssertionDecrypter method decryptAssertions.

public List<Assertion> decryptAssertions(Response response) {
    KeyPair encryptionKeyPair = new KeyPair(publicKey, privateKey);
    KeyPair signingKeyPair = new KeyPair(publicKey, privateKey);
    IdaKeyStore keyStore = new IdaKeyStore(signingKeyPair, Collections.singletonList(encryptionKeyPair));
    IdaKeyStoreCredentialRetriever idaKeyStoreCredentialRetriever = new IdaKeyStoreCredentialRetriever(keyStore);
    Decrypter decrypter = new DecrypterFactory().createDecrypter(idaKeyStoreCredentialRetriever.getDecryptingCredentials());
    Set<String> contentEncryptionAlgorithms = Set.of(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM);
    Set<String> keyTransportAlgorithms = Set.of(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP, EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP11);
    uk.gov.ida.saml.security.AssertionDecrypter assertionDecrypter = new uk.gov.ida.saml.security.AssertionDecrypter(new EncryptionAlgorithmValidator(contentEncryptionAlgorithms, keyTransportAlgorithms), decrypter);
    return assertionDecrypter.decryptAssertions(new ValidatedResponse(response));
}

Also used : KeyPair(java.security.KeyPair) EncryptionAlgorithmValidator(uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator) Decrypter(org.opensaml.saml.saml2.encryption.Decrypter) ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse) IdaKeyStore(uk.gov.ida.saml.security.IdaKeyStore) IdaKeyStoreCredentialRetriever(uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever) DecrypterFactory(uk.gov.ida.saml.security.DecrypterFactory)

Aggregations

DecrypterFactory (uk.gov.ida.saml.security.DecrypterFactory)4 Decrypter (org.opensaml.saml.saml2.encryption.Decrypter)3 BasicCredential (org.opensaml.security.credential.BasicCredential)2 IdaKeyStoreCredentialRetriever (uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever)2 EncryptionAlgorithmValidator (uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator)2 Provides (com.google.inject.Provides)1 KeyPair (java.security.KeyPair)1 Named (javax.inject.Named)1 BeforeAll (org.junit.jupiter.api.BeforeAll)1 DecryptionException (org.opensaml.xmlsec.encryption.support.DecryptionException)1 AssertionDecrypter (uk.gov.ida.saml.security.AssertionDecrypter)1 EncrypterFactory (uk.gov.ida.saml.security.EncrypterFactory)1 IdaKeyStore (uk.gov.ida.saml.security.IdaKeyStore)1 ValidatedResponse (uk.gov.ida.saml.security.validators.ValidatedResponse)1