org.opensaml.xml.encryption.EncryptionParameters Java Examples

/**
 * Constructor.
 *
 * @param dataEncParams the data encryption parameters
 * @param keyEncParams the key encryption parameters
 */
public Encrypter(EncryptionParameters dataEncParams, List<KeyEncryptionParameters> keyEncParams) {
    super();
    
    this.encParams = dataEncParams;
    this.kekParamsList = keyEncParams;
    
    init();
}
 

/**
 * Constructor.
 *
 * @param dataEncParams the data encryption parameters
 * @param keyEncParam the key encryption parameter
 */
public Encrypter(EncryptionParameters dataEncParams, KeyEncryptionParameters keyEncParam) {
    super();
    
    List<KeyEncryptionParameters> keks = new ArrayList<KeyEncryptionParameters>();
    keks.add(keyEncParam);
    
    this.encParams = dataEncParams;
    this.kekParamsList = keks;
    
    init();
}
 

/**
 * Constructor.
 *
 * @param dataEncParams the data encryption parameters
 */
public Encrypter(EncryptionParameters dataEncParams) {
    super();
    
    List<KeyEncryptionParameters> keks = new ArrayList<KeyEncryptionParameters>();
    
    this.encParams = dataEncParams;
    this.kekParamsList = keks;
    
    init();
}
 

@Override
public EncryptedAssertion doEncryptedAssertion(Assertion assertion, X509Credential cred, String alias, String encryptionAlgorithm) throws IdentityException {
    try {

        Credential symmetricCredential = SecurityHelper.getSimpleCredential(
                SecurityHelper.generateSymmetricKey(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256));

        EncryptionParameters encParams = new EncryptionParameters();
        encParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256);
        encParams.setEncryptionCredential(symmetricCredential);

        KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
        keyEncryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
        keyEncryptionParameters.setEncryptionCredential(cred);

        Encrypter encrypter = new Encrypter(encParams, keyEncryptionParameters);
        encrypter.setKeyPlacement(Encrypter.KeyPlacement.INLINE);

        EncryptedAssertion encrypted = encrypter.encrypt(assertion);
        return encrypted;
    } catch (Exception e) {
        throw IdentityException.error("Error while Encrypting Assertion", e);
    }
}
 

public Response generateAuthnResponse(  AppsSAML20Details saml20Details,
										AuthnRequestInfo authnRequestInfo,
										HashMap<String,String>attributeMap, 
										BindingAdapter bindingAdapter){
	
	Response authResponse = new ResponseBuilder().buildObject();
	//builder Assertion
	Assertion assertion = assertionGenerator.generateAssertion( 
										saml20Details,
										bindingAdapter,
										saml20Details.getSpAcsUrl(),
										authnRequestInfo.getAuthnRequestID(),
										saml20Details.getAudience(),
										Integer.parseInt(saml20Details.getValidityInterval()), 
										attributeMap);
	
	//Encrypt 
	if(Boolean.isTrue(saml20Details.getEncrypted())) {
		logger.info("begin to encrypt assertion");
		try {
			// Assume this contains a recipient's RSA public
			EncryptionParameters encryptionParameters = new EncryptionParameters();
			encryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
			logger.info("encryption assertion Algorithm : "+EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
			KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
			keyEncryptionParameters.setEncryptionCredential(bindingAdapter.getSpSigningCredential());
			// kekParams.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
			keyEncryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
			logger.info("keyEncryption  Algorithm : "+EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
			KeyInfoGeneratorFactory keyInfoGeneratorFactory = Configuration
													.getGlobalSecurityConfiguration()
													.getKeyInfoGeneratorManager().getDefaultManager()
													.getFactory(bindingAdapter.getSpSigningCredential());
			keyEncryptionParameters.setKeyInfoGenerator(keyInfoGeneratorFactory.newInstance());
			Encrypter encrypter = new Encrypter(encryptionParameters, keyEncryptionParameters);
			encrypter.setKeyPlacement(KeyPlacement.PEER);
			EncryptedAssertion encryptedAssertion = encrypter.encrypt(assertion);
			authResponse.getEncryptedAssertions().add(encryptedAssertion);
		}catch(Exception e) {
			logger.info("Unable to encrypt assertion .",e);
		}
	}else { 
		authResponse.getAssertions().add(assertion);
	}
	
	authResponse.setIssuer(issuerGenerator.generateIssuer());
	authResponse.setID(idService.generateID());
	authResponse.setIssueInstant(timeService.getCurrentDateTime());
	authResponse.setInResponseTo(authnRequestInfo.getAuthnRequestID());
	authResponse.setDestination(saml20Details.getSpAcsUrl());
	authResponse.setStatus(statusGenerator.generateStatus(StatusCode.SUCCESS_URI));
	logger.debug("authResponse.isSigned "+authResponse.isSigned());
	return authResponse;
}
 

/**
 * Build an instance of {@link EncryptionParameters} suitable for passing to an
 * {@link org.opensaml.xml.encryption.Encrypter}.
 * 
 * <p>
 * The following parameter values will be added:
 * <ul>
 * <li>the encryption credential (optional)</li>
 * <li>encryption algorithm URI</li>
 * <li>an appropriate {@link KeyInfoGenerator} instance which will be used to generate a {@link KeyInfo} element
 * from the encryption credential</li>
 * </ul>
 * </p>
 * 
 * <p>
 * All values are determined by the specified {@link SecurityConfiguration}. If a security configuration is not
 * supplied, the global security configuration ({@link Configuration#getGlobalSecurityConfiguration()}) will be
 * used.
 * </p>
 * 
 * <p>
 * The encryption algorithm URI is derived from the optional supplied encryption credential. If omitted, the value
 * of {@link SecurityConfiguration#getAutoGeneratedDataEncryptionKeyAlgorithmURI()} will be used.
 * </p>
 * 
 * <p>
 * The KeyInfoGenerator to be used is based on the {@link NamedKeyInfoGeneratorManager} defined in the security
 * configuration, and is determined by the type of the signing credential and an optional KeyInfo generator manager
 * name. If the latter is ommited, the default manager ({@link NamedKeyInfoGeneratorManager#getDefaultManager()})
 * of the security configuration's named generator manager will be used.
 * </p>
 * 
 * @param encryptionCredential the credential with which the data will be encrypted (may be null)
 * @param config the SecurityConfiguration to use (may be null)
 * @param keyInfoGenName the named KeyInfoGeneratorManager configuration to use (may be null)
 * @return a new instance of EncryptionParameters
 */
public static EncryptionParameters buildDataEncryptionParams(Credential encryptionCredential,
        SecurityConfiguration config, String keyInfoGenName) {
    Logger log = getLogger();

    SecurityConfiguration secConfig;
    if (config != null) {
        secConfig = config;
    } else {
        secConfig = Configuration.getGlobalSecurityConfiguration();
    }

    EncryptionParameters encParams = new EncryptionParameters();
    encParams.setEncryptionCredential(encryptionCredential);

    if (encryptionCredential == null) {
        encParams.setAlgorithm(secConfig.getAutoGeneratedDataEncryptionKeyAlgorithmURI());
    } else {
        encParams.setAlgorithm(secConfig.getDataEncryptionAlgorithmURI(encryptionCredential));

        KeyInfoGenerator kiGenerator = getKeyInfoGenerator(encryptionCredential, secConfig, keyInfoGenName);
        if (kiGenerator != null) {
            encParams.setKeyInfoGenerator(kiGenerator);
        } else {
            log.info("No factory for named KeyInfoGenerator {} was found for credential type{}", keyInfoGenName,
                    encryptionCredential.getCredentialType().getName());
            log.info("No KeyInfo will be generated for EncryptedData");
        }
    }

    return encParams;
}