org.opensaml.xml.encryption.DecryptionException Java Examples

The following examples show how to use org.opensaml.xml.encryption.DecryptionException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: Decrypter.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Decrypt the specified instance of EncryptedElementType, and return it as an instance 
 * of the specified QName.
 * 
 * 
 * @param encElement the EncryptedElementType to decrypt
 * @return the decrypted SAMLObject
 * @throws DecryptionException thrown when decryption generates an error
 */
private SAMLObject decryptData(EncryptedElementType encElement) throws DecryptionException {
    
    if (encElement.getEncryptedData() == null) {
        throw new DecryptionException("Element had no EncryptedData child");
    }
    
    XMLObject xmlObject = null;
    try {
        xmlObject = decryptData(encElement.getEncryptedData(), isRootInNewDocument());
    } catch (DecryptionException e) {
        log.error("SAML Decrypter encountered an error decrypting element content", e);
        throw e; 
    }
    
    if (! (xmlObject instanceof SAMLObject)) {
        throw new DecryptionException("Decrypted XMLObject was not an instance of SAMLObject");
    }
    
    return (SAMLObject) xmlObject;
}
 
Example #2
Source File: SAMLClient.java    From saml-sdk-java with Apache License 2.0 6 votes vote down vote up
/**
 * Decrypt an assertion using the privkey stored in SPConfig.
 */
private Assertion decrypt(EncryptedAssertion encrypted)
    throws DecryptionException
{
    if (spConfig.getPrivateKey() == null)
        throw new DecryptionException("Encrypted assertion found but no SP key available");
    BasicCredential cred = new BasicCredential();
    cred.setPrivateKey(spConfig.getPrivateKey());
    StaticKeyInfoCredentialResolver resolver =
        new StaticKeyInfoCredentialResolver(cred);
    Decrypter decrypter =
        new Decrypter(null, resolver, new InlineEncryptedKeyResolver());
    decrypter.setRootInNewDocument(true);

    return decrypter.decrypt(encrypted);
}
 
Example #3
Source File: SamlHelper.java    From secure-data-service with Apache License 2.0 6 votes vote down vote up
protected Assertion decryptAssertion(EncryptedAssertion encryptedAssertion, KeyStore.PrivateKeyEntry keystoreEntry) {
    BasicX509Credential decryptionCredential = new BasicX509Credential();

    decryptionCredential.setPrivateKey(keystoreEntry.getPrivateKey());

    StaticKeyInfoCredentialResolver resolver = new StaticKeyInfoCredentialResolver(decryptionCredential);

    ChainingEncryptedKeyResolver keyResolver = new ChainingEncryptedKeyResolver();
    keyResolver.getResolverChain().add(new InlineEncryptedKeyResolver());
    keyResolver.getResolverChain().add(new EncryptedElementTypeEncryptedKeyResolver());
    keyResolver.getResolverChain().add(new SimpleRetrievalMethodEncryptedKeyResolver());

    Decrypter decrypter = new Decrypter(null, resolver, keyResolver);
    decrypter.setRootInNewDocument(true);
    Assertion assertion = null;
    try {
        assertion = decrypter.decrypt(encryptedAssertion);
    } catch (DecryptionException e) {
        raiseSamlValidationError("Unable to decrypt SAML assertion", null);
    }
    return assertion;
}
 
Example #4
Source File: Decrypter.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Decrypt the specified EncryptedAssertion.
 * 
 * @param encryptedAssertion the EncryptedAssertion to decrypt
 * @return an Assertion 
 * @throws DecryptionException thrown when decryption generates an error
 */
public Assertion decrypt(EncryptedAssertion encryptedAssertion) throws DecryptionException {
    SAMLObject samlObject = decryptData(encryptedAssertion);
    if (! (samlObject instanceof Assertion)) {
        throw new DecryptionException("Decrypted SAMLObject was not an instance of Assertion");
    }
    return (Assertion) samlObject;
}
 
Example #5
Source File: Decrypter.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Decrypt the specified EncryptedAttribute.
 * 
 * @param encryptedAttribute the EncryptedAttribute to decrypt
 * @return an Attribute
 * @throws DecryptionException thrown when decryption generates an error
 */
public Attribute decrypt(EncryptedAttribute encryptedAttribute) throws DecryptionException {
    SAMLObject samlObject = decryptData(encryptedAttribute);
    if (! (samlObject instanceof Attribute)) {
        throw new DecryptionException("Decrypted SAMLObject was not an instance of Attribute");
    }
    return (Attribute) samlObject;
}
 
Example #6
Source File: Decrypter.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Decrypt the specified NewEncryptedID.
 * 
 * @param newEncryptedID the NewEncryptedID to decrypt
 * @return a NewID
 * @throws DecryptionException thrown when decryption generates an error
 */
public NewID decrypt(NewEncryptedID newEncryptedID) throws DecryptionException {
    SAMLObject samlObject = decryptData(newEncryptedID);
    if (! (samlObject instanceof NewID)) {
        throw new DecryptionException("Decrypted SAMLObject was not an instance of NewID");
    }
    return (NewID) samlObject;
}
 
Example #7
Source File: SAMLClient.java    From saml-sdk-java with Apache License 2.0 5 votes vote down vote up
/**
 * Retrieve all supplied assertions, decrypting any encrypted
 * assertions if necessary.
 */
private List<Assertion> getAssertions(Response response)
    throws DecryptionException
{
    List<Assertion> assertions = new ArrayList<Assertion>();
    assertions.addAll(response.getAssertions());

    for (EncryptedAssertion e : response.getEncryptedAssertions()) {
        assertions.add(decrypt(e));
    }

    return assertions;
}
 
Example #8
Source File: Decrypter.java    From lams with GNU General Public License v2.0 2 votes vote down vote up
/**
 * Decrypt the specified EncryptedID.
 * 
 * <p>
 * Note that an EncryptedID can contain a NameID, an Assertion
 * or a BaseID.  It is up to the caller to determine the type of
 * the resulting SAMLObject.
 * </p>
 * 
 * @param encryptedID the EncryptedID to decrypt
 * @return an XMLObject
 * @throws DecryptionException thrown when decryption generates an error
 */
public SAMLObject decrypt(EncryptedID encryptedID) throws DecryptionException {
    return decryptData(encryptedID);
}