Example 1 with EncryptionAlgorithmValidator
use of uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator in project verify-hub by alphagov.
the class SamlEngineModule method getAES256WithGCMAssertionDecrypter.
@Provides
@Named("AES256DecrypterWithGCM")
private AssertionDecrypter getAES256WithGCMAssertionDecrypter(IdaKeyStore keyStore) {
IdaKeyStoreCredentialRetriever idaKeyStoreCredentialRetriever = new IdaKeyStoreCredentialRetriever(keyStore);
Decrypter decrypter = new DecrypterFactory().createDecrypter(idaKeyStoreCredentialRetriever.getDecryptingCredentials());
return new AssertionDecrypter(new EncryptionAlgorithmValidator(ImmutableSet.of(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM)), decrypter);
}
Also used :
IdaKeyStoreCredentialRetriever(uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever)
DecrypterFactory(uk.gov.ida.saml.security.DecrypterFactory)
AssertionDecrypter(uk.gov.ida.saml.security.AssertionDecrypter)
EncryptionAlgorithmValidator(uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator)
Decrypter(org.opensaml.saml.saml2.encryption.Decrypter)
AssertionDecrypter(uk.gov.ida.saml.security.AssertionDecrypter)
Named(javax.inject.Named)
Provides(com.google.inject.Provides)
Example 2 with EncryptionAlgorithmValidator
use of uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator in project verify-hub by alphagov.
the class AssertionDecrypter method decryptAssertions.
public List<Assertion> decryptAssertions(Response response) {
KeyPair encryptionKeyPair = new KeyPair(publicKey, privateKey);
KeyPair signingKeyPair = new KeyPair(publicKey, privateKey);
IdaKeyStore keyStore = new IdaKeyStore(signingKeyPair, Collections.singletonList(encryptionKeyPair));
IdaKeyStoreCredentialRetriever idaKeyStoreCredentialRetriever = new IdaKeyStoreCredentialRetriever(keyStore);
Decrypter decrypter = new DecrypterFactory().createDecrypter(idaKeyStoreCredentialRetriever.getDecryptingCredentials());
Set<String> contentEncryptionAlgorithms = Set.of(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM);
Set<String> keyTransportAlgorithms = Set.of(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP, EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP11);
uk.gov.ida.saml.security.AssertionDecrypter assertionDecrypter = new uk.gov.ida.saml.security.AssertionDecrypter(new EncryptionAlgorithmValidator(contentEncryptionAlgorithms, keyTransportAlgorithms), decrypter);
return assertionDecrypter.decryptAssertions(new ValidatedResponse(response));
}
Also used :
KeyPair(java.security.KeyPair)
EncryptionAlgorithmValidator(uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator)
Decrypter(org.opensaml.saml.saml2.encryption.Decrypter)
ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse)
IdaKeyStore(uk.gov.ida.saml.security.IdaKeyStore)
IdaKeyStoreCredentialRetriever(uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever)
DecrypterFactory(uk.gov.ida.saml.security.DecrypterFactory)
Aggregations
Decrypter (org.opensaml.saml.saml2.encryption.Decrypter)2
DecrypterFactory (uk.gov.ida.saml.security.DecrypterFactory)2
IdaKeyStoreCredentialRetriever (uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever)2
EncryptionAlgorithmValidator (uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator)2
Provides (com.google.inject.Provides)1
KeyPair (java.security.KeyPair)1
Named (javax.inject.Named)1
AssertionDecrypter (uk.gov.ida.saml.security.AssertionDecrypter)1
IdaKeyStore (uk.gov.ida.saml.security.IdaKeyStore)1
ValidatedResponse (uk.gov.ida.saml.security.validators.ValidatedResponse)1
