Java Code Examples for org.opensaml.xml.encryption.KeyEncryptionParameters#setAlgorithm()
The following examples show how to use
org.opensaml.xml.encryption.KeyEncryptionParameters#setAlgorithm() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DefaultSSOEncrypter.java From carbon-identity with Apache License 2.0 | 5 votes |
@Override public EncryptedAssertion doEncryptedAssertion(Assertion assertion, X509Credential cred, String alias, String encryptionAlgorithm) throws IdentityException { try { Credential symmetricCredential = SecurityHelper.getSimpleCredential( SecurityHelper.generateSymmetricKey(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256)); EncryptionParameters encParams = new EncryptionParameters(); encParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256); encParams.setEncryptionCredential(symmetricCredential); KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters(); keyEncryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15); keyEncryptionParameters.setEncryptionCredential(cred); Encrypter encrypter = new Encrypter(encParams, keyEncryptionParameters); encrypter.setKeyPlacement(Encrypter.KeyPlacement.INLINE); EncryptedAssertion encrypted = encrypter.encrypt(assertion); return encrypted; } catch (Exception e) { throw IdentityException.error("Error while Encrypting Assertion", e); } }
Example 2
Source File: AuthnResponseGenerator.java From MaxKey with Apache License 2.0 | 4 votes |
public Response generateAuthnResponse( AppsSAML20Details saml20Details, AuthnRequestInfo authnRequestInfo, HashMap<String,String>attributeMap, BindingAdapter bindingAdapter){ Response authResponse = new ResponseBuilder().buildObject(); //builder Assertion Assertion assertion = assertionGenerator.generateAssertion( saml20Details, bindingAdapter, saml20Details.getSpAcsUrl(), authnRequestInfo.getAuthnRequestID(), saml20Details.getAudience(), Integer.parseInt(saml20Details.getValidityInterval()), attributeMap); //Encrypt if(Boolean.isTrue(saml20Details.getEncrypted())) { logger.info("begin to encrypt assertion"); try { // Assume this contains a recipient's RSA public EncryptionParameters encryptionParameters = new EncryptionParameters(); encryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128); logger.info("encryption assertion Algorithm : "+EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128); KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters(); keyEncryptionParameters.setEncryptionCredential(bindingAdapter.getSpSigningCredential()); // kekParams.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP); keyEncryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15); logger.info("keyEncryption Algorithm : "+EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15); KeyInfoGeneratorFactory keyInfoGeneratorFactory = Configuration .getGlobalSecurityConfiguration() .getKeyInfoGeneratorManager().getDefaultManager() .getFactory(bindingAdapter.getSpSigningCredential()); keyEncryptionParameters.setKeyInfoGenerator(keyInfoGeneratorFactory.newInstance()); Encrypter encrypter = new Encrypter(encryptionParameters, keyEncryptionParameters); encrypter.setKeyPlacement(KeyPlacement.PEER); EncryptedAssertion encryptedAssertion = encrypter.encrypt(assertion); authResponse.getEncryptedAssertions().add(encryptedAssertion); }catch(Exception e) { logger.info("Unable to encrypt assertion .",e); } }else { authResponse.getAssertions().add(assertion); } authResponse.setIssuer(issuerGenerator.generateIssuer()); authResponse.setID(idService.generateID()); authResponse.setIssueInstant(timeService.getCurrentDateTime()); authResponse.setInResponseTo(authnRequestInfo.getAuthnRequestID()); authResponse.setDestination(saml20Details.getSpAcsUrl()); authResponse.setStatus(statusGenerator.generateStatus(StatusCode.SUCCESS_URI)); logger.debug("authResponse.isSigned "+authResponse.isSigned()); return authResponse; }
Example 3
Source File: SecurityHelper.java From lams with GNU General Public License v2.0 | 3 votes |
/** * Build an instance of {@link KeyEncryptionParameters} suitable for passing to an * {@link org.opensaml.xml.encryption.Encrypter}. * * <p> * The following parameter values will be added: * <ul> * <li>the key encryption credential</li> * <li>key transport encryption algorithm URI</li> * <li>an appropriate {@link KeyInfoGenerator} instance which will be used to generate a {@link KeyInfo} element * from the key encryption credential</li> * <li>intended recipient of the resultant encrypted key (optional)</li> * </ul> * </p> * * <p> * All values are determined by the specified {@link SecurityConfiguration}. If a security configuration is not * supplied, the global security configuration ({@link Configuration#getGlobalSecurityConfiguration()}) will be * used. * </p> * * <p> * The encryption algorithm URI is derived from the optional supplied encryption credential. If omitted, the value * of {@link SecurityConfiguration#getAutoGeneratedDataEncryptionKeyAlgorithmURI()} will be used. * </p> * * <p> * The KeyInfoGenerator to be used is based on the {@link NamedKeyInfoGeneratorManager} defined in the security * configuration, and is determined by the type of the signing credential and an optional KeyInfo generator manager * name. If the latter is ommited, the default manager ({@link NamedKeyInfoGeneratorManager#getDefaultManager()}) * of the security configuration's named generator manager will be used. * </p> * * @param encryptionCredential the credential with which the key will be encrypted * @param wrappedKeyAlgorithm the JCA key algorithm name of the key to be encrypted (may be null) * @param config the SecurityConfiguration to use (may be null) * @param keyInfoGenName the named KeyInfoGeneratorManager configuration to use (may be null) * @param recipient the intended recipient of the resultant encrypted key, typically the owner of the key encryption * key (may be null) * @return a new instance of KeyEncryptionParameters * @throws SecurityException if encryption credential is not supplied * */ public static KeyEncryptionParameters buildKeyEncryptionParams(Credential encryptionCredential, String wrappedKeyAlgorithm, SecurityConfiguration config, String keyInfoGenName, String recipient) throws SecurityException { Logger log = getLogger(); SecurityConfiguration secConfig; if (config != null) { secConfig = config; } else { secConfig = Configuration.getGlobalSecurityConfiguration(); } KeyEncryptionParameters kekParams = new KeyEncryptionParameters(); kekParams.setEncryptionCredential(encryptionCredential); if (encryptionCredential == null) { throw new SecurityException("Key encryption credential may not be null"); } kekParams.setAlgorithm(secConfig.getKeyTransportEncryptionAlgorithmURI(encryptionCredential, wrappedKeyAlgorithm)); KeyInfoGenerator kiGenerator = getKeyInfoGenerator(encryptionCredential, secConfig, keyInfoGenName); if (kiGenerator != null) { kekParams.setKeyInfoGenerator(kiGenerator); } else { log.info("No factory for named KeyInfoGenerator {} was found for credential type {}", keyInfoGenName, encryptionCredential.getCredentialType().getName()); log.info("No KeyInfo will be generated for EncryptedKey"); } kekParams.setRecipient(recipient); return kekParams; }