Java Code Examples for org.opensaml.saml.saml2.encryption.Decrypter#decrypt()

The following examples show how to use org.opensaml.saml.saml2.encryption.Decrypter#decrypt() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ConsumerServlet.java    From OpenSAML-ref-project-demo-v3 with Apache License 2.0 6 votes vote down vote up
/**
 * 解密断言
 * @param encryptedAssertion 加密的断言
 */
private Assertion decryptAssertion(EncryptedAssertion encryptedAssertion) {
    StaticKeyInfoCredentialResolver keyInfoCredentialResolver
            = new StaticKeyInfoCredentialResolver(SPCredentials.getCredential());

    Decrypter decrypter = new Decrypter(null,
            keyInfoCredentialResolver,
            new InlineEncryptedKeyResolver());
    decrypter.setRootInNewDocument(true);

    try {
        return decrypter.decrypt(encryptedAssertion);
    } catch (DecryptionException e) {
        throw new RuntimeException(e);
    }
}
 
Example 2
Source File: AuthenticationHandlerSAML2.java    From sling-whiteboard with Apache License 2.0 5 votes vote down vote up
private Assertion decryptAssertion(final EncryptedAssertion encryptedAssertion) {
    // Use SP Private Key to decrypt
    StaticKeyInfoCredentialResolver keyInfoCredentialResolver = new StaticKeyInfoCredentialResolver(this.spKeypair);
    Decrypter decrypter = new Decrypter(null, keyInfoCredentialResolver, new InlineEncryptedKeyResolver());
    decrypter.setRootInNewDocument(true);
    try {
        return decrypter.decrypt(encryptedAssertion);
    } catch (DecryptionException e) {
        throw new RuntimeException(e);
    }
}
 
Example 3
Source File: SamlClient.java    From saml-client with MIT License 5 votes vote down vote up
/**
 * Decode the encrypted assertion.
 *
 * @param response the response
 * @throws DecryptionException the decryption exception
 */
private void decodeEncryptedAssertion(Response response) throws DecryptionException {
  if (response.getEncryptedAssertions().size() == 0) {
    return;
  }
  for (EncryptedAssertion encryptedAssertion : response.getEncryptedAssertions()) {
    // Create a decrypter.
    List<KeyInfoCredentialResolver> resolverChain = new ArrayList<>();

    if(spCredential != null) {
      resolverChain.add(new StaticKeyInfoCredentialResolver(spCredential));
    }

    if(!additionalSpCredentials.isEmpty()) {
      resolverChain.add(new CollectionKeyInfoCredentialResolver(additionalSpCredentials));
    }

    Decrypter decrypter =
        new Decrypter(
            null,
            new ChainingKeyInfoCredentialResolver(resolverChain),
            new InlineEncryptedKeyResolver());

    decrypter.setRootInNewDocument(true);

    // Decrypt the assertion.
    Assertion decryptedAssertion = decrypter.decrypt(encryptedAssertion);
    // Add the assertion
    response.getAssertions().add(decryptedAssertion);
  }
}
 
Example 4
Source File: SamlAssertionConsumerFunction.java    From armeria with Apache License 2.0 5 votes vote down vote up
private static Assertion decryptAssertion(EncryptedAssertion encryptedAssertion,
                                          Credential decryptionCredential) {
    final StaticKeyInfoCredentialResolver keyInfoCredentialResolver =
            new StaticKeyInfoCredentialResolver(decryptionCredential);
    final Decrypter decrypter =
            new Decrypter(null, keyInfoCredentialResolver, new InlineEncryptedKeyResolver());
    decrypter.setRootInNewDocument(true);
    try {
        return decrypter.decrypt(encryptedAssertion);
    } catch (DecryptionException e) {
        throw new InvalidSamlRequestException("failed to decrypt an assertion", e);
    }
}
 
Example 5
Source File: SAMLProcessorImpl.java    From cxf-fediz with Apache License 2.0 4 votes vote down vote up
private void decryptEncryptedAssertions(org.opensaml.saml.saml2.core.Response responseObject, FedizContext config)
        throws ProcessingException {
    if (responseObject.getEncryptedAssertions() != null && !responseObject.getEncryptedAssertions().isEmpty()) {
        KeyManager decryptionKeyManager = config.getDecryptionKey();
        if (decryptionKeyManager == null || decryptionKeyManager.getCrypto() == null) {
            LOG.debug("We must have a decryption Crypto instance configured to decrypt encrypted tokens");
            throw new ProcessingException(TYPE.BAD_REQUEST);
        }
        String keyPassword = decryptionKeyManager.getKeyPassword();
        if (keyPassword == null) {
            LOG.debug("We must have a decryption key password to decrypt encrypted tokens");
            throw new ProcessingException(TYPE.BAD_REQUEST);
        }
 
        String keyAlias = decryptionKeyManager.getKeyAlias();
        if (keyAlias == null) {
            LOG.debug("No alias configured for decrypt");
            throw new ProcessingException(TYPE.BAD_REQUEST);
        }
        
        try {
            // Get the private key
            PrivateKey privateKey = decryptionKeyManager.getCrypto().getPrivateKey(keyAlias, keyPassword);
            if (privateKey == null) {
                LOG.debug("No private key available");
                throw new ProcessingException(TYPE.BAD_REQUEST);
            }
            
            BasicX509Credential cred = new BasicX509Credential(
                CertsUtils.getX509CertificateFromCrypto(decryptionKeyManager.getCrypto(), keyAlias));
            cred.setPrivateKey(privateKey);
            
            StaticKeyInfoCredentialResolver resolver = new StaticKeyInfoCredentialResolver(cred);
            
            ChainingEncryptedKeyResolver keyResolver = new ChainingEncryptedKeyResolver(
                    Arrays.<EncryptedKeyResolver>asList(
                            new InlineEncryptedKeyResolver(),
                            new EncryptedElementTypeEncryptedKeyResolver(), 
                            new SimpleRetrievalMethodEncryptedKeyResolver(),
                            new SimpleKeyInfoReferenceEncryptedKeyResolver()));
            
            Decrypter decrypter = new Decrypter(null, resolver, keyResolver);
            
            for (EncryptedAssertion encryptedAssertion : responseObject.getEncryptedAssertions()) {
            
                Assertion decrypted = decrypter.decrypt(encryptedAssertion);
                Element decryptedToken = decrypted.getDOM();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Decrypted assertion: {}", DOM2Writer.nodeToString(decryptedToken));
                }
                responseObject.getAssertions().add(decrypted);
                // Add the decrypted Assertion to the Response DOM, as otherwise there's a problem with
                // doc.getElementById() when trying to verify the signature of the decrypted assertion
                decryptedToken.getOwnerDocument().getDocumentElement().appendChild(decryptedToken);
            }
        } catch (Exception e) {
            LOG.debug("Cannot decrypt assertions", e);
            throw new ProcessingException(TYPE.BAD_REQUEST);
        }
    }
}