org.opensaml.xml.encryption.KeyEncryptionParameters Java Examples

The following examples show how to use org.opensaml.xml.encryption.KeyEncryptionParameters. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: Encrypter.java    From lams with GNU General Public License v2.0 5 votes vote down vote up 
/**
 * Constructor.
 *
 * @param dataEncParams the data encryption parameters
 * @param keyEncParams the key encryption parameters
 */
public Encrypter(EncryptionParameters dataEncParams, List<KeyEncryptionParameters> keyEncParams) {
    super();
    
    this.encParams = dataEncParams;
    this.kekParamsList = keyEncParams;
    
    init();
}
Example #2
Source File: Encrypter.java    From lams with GNU General Public License v2.0 5 votes vote down vote up 
/**
 * Constructor.
 *
 * @param dataEncParams the data encryption parameters
 * @param keyEncParam the key encryption parameter
 */
public Encrypter(EncryptionParameters dataEncParams, KeyEncryptionParameters keyEncParam) {
    super();
    
    List<KeyEncryptionParameters> keks = new ArrayList<KeyEncryptionParameters>();
    keks.add(keyEncParam);
    
    this.encParams = dataEncParams;
    this.kekParamsList = keks;
    
    init();
}
Example #3
Source File: Encrypter.java    From lams with GNU General Public License v2.0 5 votes vote down vote up 
/**
 * Constructor.
 *
 * @param dataEncParams the data encryption parameters
 */
public Encrypter(EncryptionParameters dataEncParams) {
    super();
    
    List<KeyEncryptionParameters> keks = new ArrayList<KeyEncryptionParameters>();
    
    this.encParams = dataEncParams;
    this.kekParamsList = keks;
    
    init();
}
Example #4
Source File: DefaultSSOEncrypter.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up 
@Override
public EncryptedAssertion doEncryptedAssertion(Assertion assertion, X509Credential cred, String alias, String encryptionAlgorithm) throws IdentityException {
    try {

        Credential symmetricCredential = SecurityHelper.getSimpleCredential(
                SecurityHelper.generateSymmetricKey(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256));

        EncryptionParameters encParams = new EncryptionParameters();
        encParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256);
        encParams.setEncryptionCredential(symmetricCredential);

        KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
        keyEncryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
        keyEncryptionParameters.setEncryptionCredential(cred);

        Encrypter encrypter = new Encrypter(encParams, keyEncryptionParameters);
        encrypter.setKeyPlacement(Encrypter.KeyPlacement.INLINE);

        EncryptedAssertion encrypted = encrypter.encrypt(assertion);
        return encrypted;
    } catch (Exception e) {
        throw IdentityException.error("Error while Encrypting Assertion", e);
    }
}
Example #5
Source File: AuthnResponseGenerator.java    From MaxKey with Apache License 2.0 4 votes vote down vote up 
public Response generateAuthnResponse(  AppsSAML20Details saml20Details,
										AuthnRequestInfo authnRequestInfo,
										HashMap<String,String>attributeMap, 
										BindingAdapter bindingAdapter){
	
	Response authResponse = new ResponseBuilder().buildObject();
	//builder Assertion
	Assertion assertion = assertionGenerator.generateAssertion( 
										saml20Details,
										bindingAdapter,
										saml20Details.getSpAcsUrl(),
										authnRequestInfo.getAuthnRequestID(),
										saml20Details.getAudience(),
										Integer.parseInt(saml20Details.getValidityInterval()), 
										attributeMap);
	
	//Encrypt 
	if(Boolean.isTrue(saml20Details.getEncrypted())) {
		logger.info("begin to encrypt assertion");
		try {
			// Assume this contains a recipient's RSA public
			EncryptionParameters encryptionParameters = new EncryptionParameters();
			encryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
			logger.info("encryption assertion Algorithm : "+EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
			KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
			keyEncryptionParameters.setEncryptionCredential(bindingAdapter.getSpSigningCredential());
			// kekParams.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
			keyEncryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
			logger.info("keyEncryption  Algorithm : "+EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
			KeyInfoGeneratorFactory keyInfoGeneratorFactory = Configuration
													.getGlobalSecurityConfiguration()
													.getKeyInfoGeneratorManager().getDefaultManager()
													.getFactory(bindingAdapter.getSpSigningCredential());
			keyEncryptionParameters.setKeyInfoGenerator(keyInfoGeneratorFactory.newInstance());
			Encrypter encrypter = new Encrypter(encryptionParameters, keyEncryptionParameters);
			encrypter.setKeyPlacement(KeyPlacement.PEER);
			EncryptedAssertion encryptedAssertion = encrypter.encrypt(assertion);
			authResponse.getEncryptedAssertions().add(encryptedAssertion);
		}catch(Exception e) {
			logger.info("Unable to encrypt assertion .",e);
		}
	}else { 
		authResponse.getAssertions().add(assertion);
	}
	
	authResponse.setIssuer(issuerGenerator.generateIssuer());
	authResponse.setID(idService.generateID());
	authResponse.setIssueInstant(timeService.getCurrentDateTime());
	authResponse.setInResponseTo(authnRequestInfo.getAuthnRequestID());
	authResponse.setDestination(saml20Details.getSpAcsUrl());
	authResponse.setStatus(statusGenerator.generateStatus(StatusCode.SUCCESS_URI));
	logger.debug("authResponse.isSigned "+authResponse.isSigned());
	return authResponse;
}
Example #6
Source File: SecurityHelper.java    From lams with GNU General Public License v2.0 3 votes vote down vote up 
/**
 * Build an instance of {@link KeyEncryptionParameters} suitable for passing to an
 * {@link org.opensaml.xml.encryption.Encrypter}.
 * 
 * <p>
 * The following parameter values will be added:
 * <ul>
 * <li>the key encryption credential</li>
 * <li>key transport encryption algorithm URI</li>
 * <li>an appropriate {@link KeyInfoGenerator} instance which will be used to generate a {@link KeyInfo} element
 * from the key encryption credential</li>
 * <li>intended recipient of the resultant encrypted key (optional)</li>
 * </ul>
 * </p>
 * 
 * <p>
 * All values are determined by the specified {@link SecurityConfiguration}. If a security configuration is not
 * supplied, the global security configuration ({@link Configuration#getGlobalSecurityConfiguration()}) will be
 * used.
 * </p>
 * 
 * <p>
 * The encryption algorithm URI is derived from the optional supplied encryption credential. If omitted, the value
 * of {@link SecurityConfiguration#getAutoGeneratedDataEncryptionKeyAlgorithmURI()} will be used.
 * </p>
 * 
 * <p>
 * The KeyInfoGenerator to be used is based on the {@link NamedKeyInfoGeneratorManager} defined in the security
 * configuration, and is determined by the type of the signing credential and an optional KeyInfo generator manager
 * name. If the latter is ommited, the default manager ({@link NamedKeyInfoGeneratorManager#getDefaultManager()})
 * of the security configuration's named generator manager will be used.
 * </p>
 * 
 * @param encryptionCredential the credential with which the key will be encrypted
 * @param wrappedKeyAlgorithm the JCA key algorithm name of the key to be encrypted (may be null)
 * @param config the SecurityConfiguration to use (may be null)
 * @param keyInfoGenName the named KeyInfoGeneratorManager configuration to use (may be null)
 * @param recipient the intended recipient of the resultant encrypted key, typically the owner of the key encryption
 *            key (may be null)
 * @return a new instance of KeyEncryptionParameters
 * @throws SecurityException if encryption credential is not supplied
 * 
 */
public static KeyEncryptionParameters buildKeyEncryptionParams(Credential encryptionCredential,
        String wrappedKeyAlgorithm, SecurityConfiguration config, String keyInfoGenName, String recipient)
        throws SecurityException {
    Logger log = getLogger();

    SecurityConfiguration secConfig;
    if (config != null) {
        secConfig = config;
    } else {
        secConfig = Configuration.getGlobalSecurityConfiguration();
    }

    KeyEncryptionParameters kekParams = new KeyEncryptionParameters();
    kekParams.setEncryptionCredential(encryptionCredential);

    if (encryptionCredential == null) {
        throw new SecurityException("Key encryption credential may not be null");
    }

    kekParams.setAlgorithm(secConfig.getKeyTransportEncryptionAlgorithmURI(encryptionCredential,
            wrappedKeyAlgorithm));

    KeyInfoGenerator kiGenerator = getKeyInfoGenerator(encryptionCredential, secConfig, keyInfoGenName);
    if (kiGenerator != null) {
        kekParams.setKeyInfoGenerator(kiGenerator);
    } else {
        log.info("No factory for named KeyInfoGenerator {} was found for credential type {}", keyInfoGenName,
                encryptionCredential.getCredentialType().getName());
        log.info("No KeyInfo will be generated for EncryptedKey");
    }

    kekParams.setRecipient(recipient);

    return kekParams;
}