use of uk.gov.ida.saml.security.IdaKeyStore in project verify-hub by alphagov.
the class SamlEngineModule method getKeyStore.
@Provides
@Singleton
private IdaKeyStore getKeyStore(SamlEngineConfiguration configuration, SigningCertFromMetadataExtractor signingCertExtractor) {
try {
PrivateKey primaryEncryptionKey = configuration.getPrimaryPrivateEncryptionKeyConfiguration().getPrivateKey();
PrivateKey secondaryEncryptionKey = configuration.getSecondaryPrivateEncryptionKeyConfiguration().getPrivateKey();
PrivateKey signingKey = configuration.getPrivateSigningKeyConfiguration().getPrivateKey();
PublicKey publicSigningKey = KeySupport.derivePublicKey(signingKey);
KeyPair primaryEncryptionKeyPair = new KeyPair(KeySupport.derivePublicKey(primaryEncryptionKey), primaryEncryptionKey);
KeyPair secondaryEncryptionKeyPair = new KeyPair(KeySupport.derivePublicKey(secondaryEncryptionKey), secondaryEncryptionKey);
KeyPair signingKeyPair = new KeyPair(publicSigningKey, signingKey);
X509Certificate signingCertificate = signingCertExtractor.getSigningCertForCurrentSigningKey(publicSigningKey);
return new IdaKeyStore(signingCertificate, signingKeyPair, asList(primaryEncryptionKeyPair, secondaryEncryptionKeyPair));
} catch (KeyException e) {
throw new KeyLoadingException(e);
}
}
use of uk.gov.ida.saml.security.IdaKeyStore in project verify-hub by alphagov.
the class AssertionDecrypter method decryptAssertions.
public List<Assertion> decryptAssertions(Response response) {
KeyPair encryptionKeyPair = new KeyPair(publicKey, privateKey);
KeyPair signingKeyPair = new KeyPair(publicKey, privateKey);
IdaKeyStore keyStore = new IdaKeyStore(signingKeyPair, Collections.singletonList(encryptionKeyPair));
IdaKeyStoreCredentialRetriever idaKeyStoreCredentialRetriever = new IdaKeyStoreCredentialRetriever(keyStore);
Decrypter decrypter = new DecrypterFactory().createDecrypter(idaKeyStoreCredentialRetriever.getDecryptingCredentials());
Set<String> contentEncryptionAlgorithms = Set.of(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM);
Set<String> keyTransportAlgorithms = Set.of(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP, EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP11);
uk.gov.ida.saml.security.AssertionDecrypter assertionDecrypter = new uk.gov.ida.saml.security.AssertionDecrypter(new EncryptionAlgorithmValidator(contentEncryptionAlgorithms, keyTransportAlgorithms), decrypter);
return assertionDecrypter.decryptAssertions(new ValidatedResponse(response));
}
Aggregations