org.opensaml.xml.encryption.EncryptionParameters Java Examples
The following examples show how to use
org.opensaml.xml.encryption.EncryptionParameters.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: Encrypter.java From lams with GNU General Public License v2.0 | 5 votes |
/** * Constructor. * * @param dataEncParams the data encryption parameters * @param keyEncParams the key encryption parameters */ public Encrypter(EncryptionParameters dataEncParams, List<KeyEncryptionParameters> keyEncParams) { super(); this.encParams = dataEncParams; this.kekParamsList = keyEncParams; init(); }
Example #2
Source File: Encrypter.java From lams with GNU General Public License v2.0 | 5 votes |
/** * Constructor. * * @param dataEncParams the data encryption parameters * @param keyEncParam the key encryption parameter */ public Encrypter(EncryptionParameters dataEncParams, KeyEncryptionParameters keyEncParam) { super(); List<KeyEncryptionParameters> keks = new ArrayList<KeyEncryptionParameters>(); keks.add(keyEncParam); this.encParams = dataEncParams; this.kekParamsList = keks; init(); }
Example #3
Source File: Encrypter.java From lams with GNU General Public License v2.0 | 5 votes |
/** * Constructor. * * @param dataEncParams the data encryption parameters */ public Encrypter(EncryptionParameters dataEncParams) { super(); List<KeyEncryptionParameters> keks = new ArrayList<KeyEncryptionParameters>(); this.encParams = dataEncParams; this.kekParamsList = keks; init(); }
Example #4
Source File: DefaultSSOEncrypter.java From carbon-identity with Apache License 2.0 | 5 votes |
@Override public EncryptedAssertion doEncryptedAssertion(Assertion assertion, X509Credential cred, String alias, String encryptionAlgorithm) throws IdentityException { try { Credential symmetricCredential = SecurityHelper.getSimpleCredential( SecurityHelper.generateSymmetricKey(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256)); EncryptionParameters encParams = new EncryptionParameters(); encParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256); encParams.setEncryptionCredential(symmetricCredential); KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters(); keyEncryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15); keyEncryptionParameters.setEncryptionCredential(cred); Encrypter encrypter = new Encrypter(encParams, keyEncryptionParameters); encrypter.setKeyPlacement(Encrypter.KeyPlacement.INLINE); EncryptedAssertion encrypted = encrypter.encrypt(assertion); return encrypted; } catch (Exception e) { throw IdentityException.error("Error while Encrypting Assertion", e); } }
Example #5
Source File: AuthnResponseGenerator.java From MaxKey with Apache License 2.0 | 4 votes |
public Response generateAuthnResponse( AppsSAML20Details saml20Details, AuthnRequestInfo authnRequestInfo, HashMap<String,String>attributeMap, BindingAdapter bindingAdapter){ Response authResponse = new ResponseBuilder().buildObject(); //builder Assertion Assertion assertion = assertionGenerator.generateAssertion( saml20Details, bindingAdapter, saml20Details.getSpAcsUrl(), authnRequestInfo.getAuthnRequestID(), saml20Details.getAudience(), Integer.parseInt(saml20Details.getValidityInterval()), attributeMap); //Encrypt if(Boolean.isTrue(saml20Details.getEncrypted())) { logger.info("begin to encrypt assertion"); try { // Assume this contains a recipient's RSA public EncryptionParameters encryptionParameters = new EncryptionParameters(); encryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128); logger.info("encryption assertion Algorithm : "+EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128); KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters(); keyEncryptionParameters.setEncryptionCredential(bindingAdapter.getSpSigningCredential()); // kekParams.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP); keyEncryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15); logger.info("keyEncryption Algorithm : "+EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15); KeyInfoGeneratorFactory keyInfoGeneratorFactory = Configuration .getGlobalSecurityConfiguration() .getKeyInfoGeneratorManager().getDefaultManager() .getFactory(bindingAdapter.getSpSigningCredential()); keyEncryptionParameters.setKeyInfoGenerator(keyInfoGeneratorFactory.newInstance()); Encrypter encrypter = new Encrypter(encryptionParameters, keyEncryptionParameters); encrypter.setKeyPlacement(KeyPlacement.PEER); EncryptedAssertion encryptedAssertion = encrypter.encrypt(assertion); authResponse.getEncryptedAssertions().add(encryptedAssertion); }catch(Exception e) { logger.info("Unable to encrypt assertion .",e); } }else { authResponse.getAssertions().add(assertion); } authResponse.setIssuer(issuerGenerator.generateIssuer()); authResponse.setID(idService.generateID()); authResponse.setIssueInstant(timeService.getCurrentDateTime()); authResponse.setInResponseTo(authnRequestInfo.getAuthnRequestID()); authResponse.setDestination(saml20Details.getSpAcsUrl()); authResponse.setStatus(statusGenerator.generateStatus(StatusCode.SUCCESS_URI)); logger.debug("authResponse.isSigned "+authResponse.isSigned()); return authResponse; }
Example #6
Source File: SecurityHelper.java From lams with GNU General Public License v2.0 | 3 votes |
/** * Build an instance of {@link EncryptionParameters} suitable for passing to an * {@link org.opensaml.xml.encryption.Encrypter}. * * <p> * The following parameter values will be added: * <ul> * <li>the encryption credential (optional)</li> * <li>encryption algorithm URI</li> * <li>an appropriate {@link KeyInfoGenerator} instance which will be used to generate a {@link KeyInfo} element * from the encryption credential</li> * </ul> * </p> * * <p> * All values are determined by the specified {@link SecurityConfiguration}. If a security configuration is not * supplied, the global security configuration ({@link Configuration#getGlobalSecurityConfiguration()}) will be * used. * </p> * * <p> * The encryption algorithm URI is derived from the optional supplied encryption credential. If omitted, the value * of {@link SecurityConfiguration#getAutoGeneratedDataEncryptionKeyAlgorithmURI()} will be used. * </p> * * <p> * The KeyInfoGenerator to be used is based on the {@link NamedKeyInfoGeneratorManager} defined in the security * configuration, and is determined by the type of the signing credential and an optional KeyInfo generator manager * name. If the latter is ommited, the default manager ({@link NamedKeyInfoGeneratorManager#getDefaultManager()}) * of the security configuration's named generator manager will be used. * </p> * * @param encryptionCredential the credential with which the data will be encrypted (may be null) * @param config the SecurityConfiguration to use (may be null) * @param keyInfoGenName the named KeyInfoGeneratorManager configuration to use (may be null) * @return a new instance of EncryptionParameters */ public static EncryptionParameters buildDataEncryptionParams(Credential encryptionCredential, SecurityConfiguration config, String keyInfoGenName) { Logger log = getLogger(); SecurityConfiguration secConfig; if (config != null) { secConfig = config; } else { secConfig = Configuration.getGlobalSecurityConfiguration(); } EncryptionParameters encParams = new EncryptionParameters(); encParams.setEncryptionCredential(encryptionCredential); if (encryptionCredential == null) { encParams.setAlgorithm(secConfig.getAutoGeneratedDataEncryptionKeyAlgorithmURI()); } else { encParams.setAlgorithm(secConfig.getDataEncryptionAlgorithmURI(encryptionCredential)); KeyInfoGenerator kiGenerator = getKeyInfoGenerator(encryptionCredential, secConfig, keyInfoGenName); if (kiGenerator != null) { encParams.setKeyInfoGenerator(kiGenerator); } else { log.info("No factory for named KeyInfoGenerator {} was found for credential type{}", keyInfoGenName, encryptionCredential.getCredentialType().getName()); log.info("No KeyInfo will be generated for EncryptedData"); } } return encParams; }