Search in sources :

Example 1 with EncryptionAlgorithmValidator

use of uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator in project verify-hub by alphagov.

the class SamlEngineModule method getAES256WithGCMAssertionDecrypter.

@Provides
@Named("AES256DecrypterWithGCM")
private AssertionDecrypter getAES256WithGCMAssertionDecrypter(IdaKeyStore keyStore) {
    IdaKeyStoreCredentialRetriever idaKeyStoreCredentialRetriever = new IdaKeyStoreCredentialRetriever(keyStore);
    Decrypter decrypter = new DecrypterFactory().createDecrypter(idaKeyStoreCredentialRetriever.getDecryptingCredentials());
    return new AssertionDecrypter(new EncryptionAlgorithmValidator(ImmutableSet.of(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM)), decrypter);
}
Also used : IdaKeyStoreCredentialRetriever(uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever) DecrypterFactory(uk.gov.ida.saml.security.DecrypterFactory) AssertionDecrypter(uk.gov.ida.saml.security.AssertionDecrypter) EncryptionAlgorithmValidator(uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator) Decrypter(org.opensaml.saml.saml2.encryption.Decrypter) AssertionDecrypter(uk.gov.ida.saml.security.AssertionDecrypter) Named(javax.inject.Named) Provides(com.google.inject.Provides)

Example 2 with EncryptionAlgorithmValidator

use of uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator in project verify-hub by alphagov.

the class AssertionDecrypter method decryptAssertions.

public List<Assertion> decryptAssertions(Response response) {
    KeyPair encryptionKeyPair = new KeyPair(publicKey, privateKey);
    KeyPair signingKeyPair = new KeyPair(publicKey, privateKey);
    IdaKeyStore keyStore = new IdaKeyStore(signingKeyPair, Collections.singletonList(encryptionKeyPair));
    IdaKeyStoreCredentialRetriever idaKeyStoreCredentialRetriever = new IdaKeyStoreCredentialRetriever(keyStore);
    Decrypter decrypter = new DecrypterFactory().createDecrypter(idaKeyStoreCredentialRetriever.getDecryptingCredentials());
    Set<String> contentEncryptionAlgorithms = Set.of(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM);
    Set<String> keyTransportAlgorithms = Set.of(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP, EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP11);
    uk.gov.ida.saml.security.AssertionDecrypter assertionDecrypter = new uk.gov.ida.saml.security.AssertionDecrypter(new EncryptionAlgorithmValidator(contentEncryptionAlgorithms, keyTransportAlgorithms), decrypter);
    return assertionDecrypter.decryptAssertions(new ValidatedResponse(response));
}
Also used : KeyPair(java.security.KeyPair) EncryptionAlgorithmValidator(uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator) Decrypter(org.opensaml.saml.saml2.encryption.Decrypter) ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse) IdaKeyStore(uk.gov.ida.saml.security.IdaKeyStore) IdaKeyStoreCredentialRetriever(uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever) DecrypterFactory(uk.gov.ida.saml.security.DecrypterFactory)

Aggregations

Decrypter (org.opensaml.saml.saml2.encryption.Decrypter)2 DecrypterFactory (uk.gov.ida.saml.security.DecrypterFactory)2 IdaKeyStoreCredentialRetriever (uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever)2 EncryptionAlgorithmValidator (uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator)2 Provides (com.google.inject.Provides)1 KeyPair (java.security.KeyPair)1 Named (javax.inject.Named)1 AssertionDecrypter (uk.gov.ida.saml.security.AssertionDecrypter)1 IdaKeyStore (uk.gov.ida.saml.security.IdaKeyStore)1 ValidatedResponse (uk.gov.ida.saml.security.validators.ValidatedResponse)1