org.opensaml.xml.encryption.EncryptionConstants Java Examples

The following examples show how to use org.opensaml.xml.encryption.EncryptionConstants. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: DefaultSecurityConfigurationBootstrap.java    From lams with GNU General Public License v2.0 6 votes vote down vote up 
/**
 * Populate encryption-related parameters.
 * 
 * @param config the security configuration to populate
 */
protected static void populateEncryptionParams(BasicSecurityConfiguration config) {
    // Data encryption URI's
    config.registerDataEncryptionAlgorithmURI("AES", 128, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
    config.registerDataEncryptionAlgorithmURI("AES", 192, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192);
    config.registerDataEncryptionAlgorithmURI("AES", 256, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256);
    config.registerDataEncryptionAlgorithmURI("DESede", 168, EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES);
    config.registerDataEncryptionAlgorithmURI("DESede", 192, EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES);
    
    // Key encryption URI's
    
    // Asymmetric key transport algorithms
    config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "AES", EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
    config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "DESede", EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
    
    // Symmetric key wrap algorithms
    config.registerKeyTransportEncryptionAlgorithmURI("AES", 128, null, EncryptionConstants.ALGO_ID_KEYWRAP_AES128);
    config.registerKeyTransportEncryptionAlgorithmURI("AES", 192, null, EncryptionConstants.ALGO_ID_KEYWRAP_AES192);
    config.registerKeyTransportEncryptionAlgorithmURI("AES", 256, null, EncryptionConstants.ALGO_ID_KEYWRAP_AES256);
    config.registerKeyTransportEncryptionAlgorithmURI("DESede", 168, null, EncryptionConstants.ALGO_ID_KEYWRAP_TRIPLEDES);
    config.registerKeyTransportEncryptionAlgorithmURI("DESede", 192, null, EncryptionConstants.ALGO_ID_KEYWRAP_TRIPLEDES);
    
    // Other encryption-related params
    config.setAutoGeneratedDataEncryptionKeyAlgorithmURI(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
}
Example #2
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 5 votes vote down vote up 
/** Constructor. */
protected X509Options() {
    x509DigestAlgorithmURI = EncryptionConstants.ALGO_ID_DIGEST_SHA256;
    subjectAltNames = new LazySet<Integer>();
    x500DNHandler = new InternalX500DNHandler();
    x500SubjectDNFormat = X500DNHandler.FORMAT_RFC2253;
    x500IssuerDNFormat = X500DNHandler.FORMAT_RFC2253;
}
Example #3
Source File: Encrypter.java    From lams with GNU General Public License v2.0 5 votes vote down vote up 
/**
 * Link a single EncryptedKey to the EncryptedData according to guidelines in SAML Errata E43.
 * 
 * @param encData the EncryptedData
 * @param encKey the EncryptedKey
 */
protected void linkSinglePeerKey(EncryptedData encData, EncryptedKey encKey) {
    log.debug("Linking single peer EncryptedKey with RetrievalMethod and DataReference");
    // Forward reference from EncryptedData to the EncryptedKey
    RetrievalMethod rm = retrievalMethodBuilder.buildObject();
    rm.setURI("#" + encKey.getID());
    rm.setType(EncryptionConstants.TYPE_ENCRYPTED_KEY);
    encData.getKeyInfo().getRetrievalMethods().add(rm);
    
    // Back reference from the EncryptedKey to the EncryptedData
    DataReference dr = dataReferenceBuilder.buildObject();
    dr.setURI("#" + encData.getID());
    encKey.getReferenceList().getDataReferences().add(dr);
}
Example #4
Source File: DefaultSSOEncrypter.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up 
@Override
public EncryptedAssertion doEncryptedAssertion(Assertion assertion, X509Credential cred, String alias, String encryptionAlgorithm) throws IdentityException {
    try {

        Credential symmetricCredential = SecurityHelper.getSimpleCredential(
                SecurityHelper.generateSymmetricKey(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256));

        EncryptionParameters encParams = new EncryptionParameters();
        encParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256);
        encParams.setEncryptionCredential(symmetricCredential);

        KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
        keyEncryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
        keyEncryptionParameters.setEncryptionCredential(cred);

        Encrypter encrypter = new Encrypter(encParams, keyEncryptionParameters);
        encrypter.setKeyPlacement(Encrypter.KeyPlacement.INLINE);

        EncryptedAssertion encrypted = encrypter.encrypt(assertion);
        return encrypted;
    } catch (Exception e) {
        throw IdentityException.error("Error while Encrypting Assertion", e);
    }
}
Example #5
Source File: SAMLResponseBuilder.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up 
/**
 * Build SAML response using IdP configuration & user name
 *
 * @param ssoIdPConfigs
 * @param userName
 * @return SAML Response object
 * @throws IdentityException
 */
public Response buildSAMLResponse(SAMLSSOServiceProviderDO ssoIdPConfigs, String userName)
        throws IdentityException {
    if (log.isDebugEnabled()) {
        log.debug("Building SAML Response for the consumer '" +
                ssoIdPConfigs.getAssertionConsumerUrl() + "'");
    }
    Response response = new org.opensaml.saml2.core.impl.ResponseBuilder().buildObject();
    response.setIssuer(SAMLSSOUtil.getIssuer());
    response.setID(SAMLSSOUtil.createID());
    response.setDestination(ssoIdPConfigs.getAssertionConsumerUrl());
    response.setStatus(buildStatus(SAMLSSOConstants.StatusCodes.SUCCESS_CODE, null));
    response.setVersion(SAMLVersion.VERSION_20);
    DateTime issueInstant = new DateTime();
    DateTime notOnOrAfter =
            new DateTime(issueInstant.getMillis() +
                    SAMLSSOUtil.getSAMLResponseValidityPeriod() * 60 *
                            1000);
    response.setIssueInstant(issueInstant);
    Assertion assertion = buildSAMLAssertion(ssoIdPConfigs, notOnOrAfter, userName);
    if (ssoIdPConfigs.isDoEnableEncryptedAssertion()) {
        String domainName = MultitenantUtils.getTenantDomain(userName);
        String alias = ssoIdPConfigs.getCertAlias();
        if (alias != null) {
            EncryptedAssertion encryptedAssertion =
                    SAMLSSOUtil.setEncryptedAssertion(assertion,
                            EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256,
                            alias,
                            domainName);
            response.getEncryptedAssertions().add(encryptedAssertion);
        }
    } else {
        response.getAssertions().add(assertion);
    }
    if (ssoIdPConfigs.isDoSignResponse()) {
        SAMLSSOUtil.setSignature(response, ssoIdPConfigs.getSigningAlgorithmUri(), ssoIdPConfigs
                .getDigestAlgorithmUri(), new SignKeyDataHolder(userName));
    }
    return response;
}
Example #6
Source File: AuthnResponseGenerator.java    From MaxKey with Apache License 2.0 4 votes vote down vote up 
public Response generateAuthnResponse(  AppsSAML20Details saml20Details,
										AuthnRequestInfo authnRequestInfo,
										HashMap<String,String>attributeMap, 
										BindingAdapter bindingAdapter){
	
	Response authResponse = new ResponseBuilder().buildObject();
	//builder Assertion
	Assertion assertion = assertionGenerator.generateAssertion( 
										saml20Details,
										bindingAdapter,
										saml20Details.getSpAcsUrl(),
										authnRequestInfo.getAuthnRequestID(),
										saml20Details.getAudience(),
										Integer.parseInt(saml20Details.getValidityInterval()), 
										attributeMap);
	
	//Encrypt 
	if(Boolean.isTrue(saml20Details.getEncrypted())) {
		logger.info("begin to encrypt assertion");
		try {
			// Assume this contains a recipient's RSA public
			EncryptionParameters encryptionParameters = new EncryptionParameters();
			encryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
			logger.info("encryption assertion Algorithm : "+EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
			KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
			keyEncryptionParameters.setEncryptionCredential(bindingAdapter.getSpSigningCredential());
			// kekParams.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
			keyEncryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
			logger.info("keyEncryption  Algorithm : "+EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
			KeyInfoGeneratorFactory keyInfoGeneratorFactory = Configuration
													.getGlobalSecurityConfiguration()
													.getKeyInfoGeneratorManager().getDefaultManager()
													.getFactory(bindingAdapter.getSpSigningCredential());
			keyEncryptionParameters.setKeyInfoGenerator(keyInfoGeneratorFactory.newInstance());
			Encrypter encrypter = new Encrypter(encryptionParameters, keyEncryptionParameters);
			encrypter.setKeyPlacement(KeyPlacement.PEER);
			EncryptedAssertion encryptedAssertion = encrypter.encrypt(assertion);
			authResponse.getEncryptedAssertions().add(encryptedAssertion);
		}catch(Exception e) {
			logger.info("Unable to encrypt assertion .",e);
		}
	}else { 
		authResponse.getAssertions().add(assertion);
	}
	
	authResponse.setIssuer(issuerGenerator.generateIssuer());
	authResponse.setID(idService.generateID());
	authResponse.setIssueInstant(timeService.getCurrentDateTime());
	authResponse.setInResponseTo(authnRequestInfo.getAuthnRequestID());
	authResponse.setDestination(saml20Details.getSpAcsUrl());
	authResponse.setStatus(statusGenerator.generateStatus(StatusCode.SUCCESS_URI));
	logger.debug("authResponse.isSigned "+authResponse.isSigned());
	return authResponse;
}
Example #7
Source File: DefaultResponseBuilder.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up 
@Override
public Response buildResponse(SAMLSSOAuthnReqDTO authReqDTO, String sessionId)
        throws IdentityException {

    if (log.isDebugEnabled()) {
        log.debug("Building SAML Response for the consumer '"
                + authReqDTO.getAssertionConsumerURL() + "'");
    }
    Response response = new org.opensaml.saml2.core.impl.ResponseBuilder().buildObject();
    response.setIssuer(SAMLSSOUtil.getIssuer());
    response.setID(SAMLSSOUtil.createID());
    if (!authReqDTO.isIdPInitSSOEnabled()) {
        response.setInResponseTo(authReqDTO.getId());
    }
    response.setDestination(authReqDTO.getAssertionConsumerURL());
    response.setStatus(buildStatus(SAMLSSOConstants.StatusCodes.SUCCESS_CODE, null));
    response.setVersion(SAMLVersion.VERSION_20);
    DateTime issueInstant = new DateTime();
    DateTime notOnOrAfter = new DateTime(issueInstant.getMillis()
            + SAMLSSOUtil.getSAMLResponseValidityPeriod() * 60 * 1000L);
    response.setIssueInstant(issueInstant);
    Assertion assertion = SAMLSSOUtil.buildSAMLAssertion(authReqDTO, notOnOrAfter, sessionId);

    if (authReqDTO.isDoEnableEncryptedAssertion()) {

        String domainName = authReqDTO.getTenantDomain();
        String alias = authReqDTO.getCertAlias();
        if (alias != null) {
            EncryptedAssertion encryptedAssertion = SAMLSSOUtil.setEncryptedAssertion(assertion,
                    EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256, alias, domainName);
            response.getEncryptedAssertions().add(encryptedAssertion);
        }
    } else {
        response.getAssertions().add(assertion);
    }

    if (authReqDTO.isDoSignResponse()) {
        SAMLSSOUtil.setSignature(response, authReqDTO.getSigningAlgorithmUri(), authReqDTO.getDigestAlgorithmUri
                (), new SignKeyDataHolder(authReqDTO.getUser().getAuthenticatedSubjectIdentifier()));
    }
    return response;
}