Search in sources :

Example 6 with IdaKeyStore

use of uk.gov.ida.saml.security.IdaKeyStore in project verify-hub by alphagov.

the class SamlEngineModule method getKeyStore.

@Provides
@Singleton
private IdaKeyStore getKeyStore(SamlEngineConfiguration configuration, SigningCertFromMetadataExtractor signingCertExtractor) {
    try {
        PrivateKey primaryEncryptionKey = configuration.getPrimaryPrivateEncryptionKeyConfiguration().getPrivateKey();
        PrivateKey secondaryEncryptionKey = configuration.getSecondaryPrivateEncryptionKeyConfiguration().getPrivateKey();
        PrivateKey signingKey = configuration.getPrivateSigningKeyConfiguration().getPrivateKey();
        PublicKey publicSigningKey = KeySupport.derivePublicKey(signingKey);
        KeyPair primaryEncryptionKeyPair = new KeyPair(KeySupport.derivePublicKey(primaryEncryptionKey), primaryEncryptionKey);
        KeyPair secondaryEncryptionKeyPair = new KeyPair(KeySupport.derivePublicKey(secondaryEncryptionKey), secondaryEncryptionKey);
        KeyPair signingKeyPair = new KeyPair(publicSigningKey, signingKey);
        X509Certificate signingCertificate = signingCertExtractor.getSigningCertForCurrentSigningKey(publicSigningKey);
        return new IdaKeyStore(signingCertificate, signingKeyPair, asList(primaryEncryptionKeyPair, secondaryEncryptionKeyPair));
    } catch (KeyException e) {
        throw new KeyLoadingException(e);
    }
}
Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) KeyLoadingException(uk.gov.ida.hub.samlengine.exceptions.KeyLoadingException) IdaKeyStore(uk.gov.ida.saml.security.IdaKeyStore) X509Certificate(java.security.cert.X509Certificate) KeyException(java.security.KeyException) Singleton(javax.inject.Singleton) Provides(com.google.inject.Provides)

Example 7 with IdaKeyStore

use of uk.gov.ida.saml.security.IdaKeyStore in project verify-hub by alphagov.

the class AssertionDecrypter method decryptAssertions.

public List<Assertion> decryptAssertions(Response response) {
    KeyPair encryptionKeyPair = new KeyPair(publicKey, privateKey);
    KeyPair signingKeyPair = new KeyPair(publicKey, privateKey);
    IdaKeyStore keyStore = new IdaKeyStore(signingKeyPair, Collections.singletonList(encryptionKeyPair));
    IdaKeyStoreCredentialRetriever idaKeyStoreCredentialRetriever = new IdaKeyStoreCredentialRetriever(keyStore);
    Decrypter decrypter = new DecrypterFactory().createDecrypter(idaKeyStoreCredentialRetriever.getDecryptingCredentials());
    Set<String> contentEncryptionAlgorithms = Set.of(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM);
    Set<String> keyTransportAlgorithms = Set.of(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP, EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP11);
    uk.gov.ida.saml.security.AssertionDecrypter assertionDecrypter = new uk.gov.ida.saml.security.AssertionDecrypter(new EncryptionAlgorithmValidator(contentEncryptionAlgorithms, keyTransportAlgorithms), decrypter);
    return assertionDecrypter.decryptAssertions(new ValidatedResponse(response));
}
Also used : KeyPair(java.security.KeyPair) EncryptionAlgorithmValidator(uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator) Decrypter(org.opensaml.saml.saml2.encryption.Decrypter) ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse) IdaKeyStore(uk.gov.ida.saml.security.IdaKeyStore) IdaKeyStoreCredentialRetriever(uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever) DecrypterFactory(uk.gov.ida.saml.security.DecrypterFactory)

Aggregations

KeyPair (java.security.KeyPair)7 IdaKeyStore (uk.gov.ida.saml.security.IdaKeyStore)7 PrivateKey (java.security.PrivateKey)6 PublicKey (java.security.PublicKey)5 ArrayList (java.util.ArrayList)4 PrivateKeyFactory (uk.gov.ida.common.shared.security.PrivateKeyFactory)4 PublicKeyFactory (uk.gov.ida.common.shared.security.PublicKeyFactory)4 X509CertificateFactory (uk.gov.ida.common.shared.security.X509CertificateFactory)4 Provides (com.google.inject.Provides)2 X509Certificate (java.security.cert.X509Certificate)2 Singleton (javax.inject.Singleton)2 KeyException (java.security.KeyException)1 Decrypter (org.opensaml.saml.saml2.encryption.Decrypter)1 DeserializablePublicKeyConfiguration (uk.gov.ida.common.shared.configuration.DeserializablePublicKeyConfiguration)1 KeyLoadingException (uk.gov.ida.hub.samlengine.exceptions.KeyLoadingException)1 DecrypterFactory (uk.gov.ida.saml.security.DecrypterFactory)1 IdaKeyStoreCredentialRetriever (uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever)1 ValidatedResponse (uk.gov.ida.saml.security.validators.ValidatedResponse)1 EncryptionAlgorithmValidator (uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator)1