Java Code Examples for org.opensaml.xml.security.SecurityHelper#extractEncryptionKey()

The following examples show how to use org.opensaml.xml.security.SecurityHelper#extractEncryptionKey() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: Encrypter.java    From lams with GNU General Public License v2.0 6 votes vote down vote up 
/**
 * Check key encryption parameters for consistency and required values.
 * 
 * @param kekParams the key encryption parameters to check
 * @param allowEmpty if false, a null parameter is treated as an error
 * 
 * @throws EncryptionException thrown if any parameters are missing or have invalid values
 */
protected void checkParams(KeyEncryptionParameters kekParams, boolean allowEmpty) throws EncryptionException {
    if (kekParams == null) {
        if (allowEmpty) {
            return;
        } else {
            log.error("Key encryption parameters are required");
            throw new EncryptionException("Key encryption parameters are required");
        }
    }
    Key key = SecurityHelper.extractEncryptionKey(kekParams.getEncryptionCredential());
    if (key == null) {
        log.error("Key encryption credential and contained key are required");
        throw new EncryptionException("Key encryption credential and contained key are required");
    } else if (key instanceof DSAPublicKey) {
        log.error("Attempt made to use DSA key for encrypted key transport");
        throw new EncryptionException("DSA keys may not be used for encrypted key transport");
    } else if (key instanceof ECPublicKey) {
        log.error("Attempt made to use EC key for encrypted key transport");
        throw new EncryptionException("EC keys may not be used for encrypted key transport");
    } else if (DatatypeHelper.isEmpty(kekParams.getAlgorithm())) {
        log.error("Key encryption algorithm URI is required");
        throw new EncryptionException("Key encryption algorithm URI is required");
    }
}
Example 2
Source File: Encrypter.java    From lams with GNU General Public License v2.0 5 votes vote down vote up 
/**
 * Encrypts a key.
 * 
 * @param key the key to encrypt
 * @param kekParams parameters for encrypting the key
 * @param containingDocument the document that will own the DOM element underlying the resulting EncryptedKey object
 * 
 * @return the resulting EncryptedKey object
 * 
 * @throws EncryptionException exception thrown on encryption errors
 */
public EncryptedKey encryptKey(Key key, KeyEncryptionParameters kekParams, Document containingDocument)
        throws EncryptionException {

    checkParams(kekParams, false);

    Key encryptionKey = SecurityHelper.extractEncryptionKey(kekParams.getEncryptionCredential());
    String encryptionAlgorithmURI = kekParams.getAlgorithm();

    EncryptedKey encryptedKey = encryptKey(key, encryptionKey, encryptionAlgorithmURI, containingDocument);

    if (kekParams.getKeyInfoGenerator() != null) {
        KeyInfoGenerator generator = kekParams.getKeyInfoGenerator();
        log.debug("Dynamically generating KeyInfo from Credential for EncryptedKey using generator: {}",
                generator.getClass().getName());
        try {
            encryptedKey.setKeyInfo(generator.generate(kekParams.getEncryptionCredential()));
        } catch (SecurityException e) {
            log.error("Error during EncryptedKey KeyInfo generation", e);
            throw new EncryptionException("Error during EncryptedKey KeyInfo generation", e);
        }
    }

    if (kekParams.getRecipient() != null) {
        encryptedKey.setRecipient(kekParams.getRecipient());
    }

    return encryptedKey;
}
Example 3
Source File: Encrypter.java    From lams with GNU General Public License v2.0 5 votes vote down vote up 
/**
 * Encrypts the given XMLObject using the specified encryption key, algorithm URI and content mode flag.
 * EncryptedKeys, if any, are placed inline within the KeyInfo of the resulting EncryptedData.
 * 
 * @param xmlObject the XMLObject to be encrypted
 * @param encParams the encryption parameters to use
 * @param kekParamsList the key encryption parameters to use
 * @param encryptContentMode whether just the content of the XMLObject should be encrypted
 * 
 * @return the resulting EncryptedData object
 * @throws EncryptionException exception thrown on encryption errors
 */
private EncryptedData encryptElement(XMLObject xmlObject, EncryptionParameters encParams,
        List<KeyEncryptionParameters> kekParamsList, boolean encryptContentMode) throws EncryptionException {

    checkParams(encParams, kekParamsList);

    String encryptionAlgorithmURI = encParams.getAlgorithm();
    Key encryptionKey = SecurityHelper.extractEncryptionKey(encParams.getEncryptionCredential());
    if (encryptionKey == null) {
        encryptionKey = generateEncryptionKey(encryptionAlgorithmURI);
    }

    EncryptedData encryptedData = encryptElement(xmlObject, encryptionKey, encryptionAlgorithmURI,
            encryptContentMode);
    Document ownerDocument = encryptedData.getDOM().getOwnerDocument();

    if (encParams.getKeyInfoGenerator() != null) {
        KeyInfoGenerator generator = encParams.getKeyInfoGenerator();
        log.debug("Dynamically generating KeyInfo from Credential for EncryptedData using generator: {}",
                generator.getClass().getName());
        try {
            encryptedData.setKeyInfo(generator.generate(encParams.getEncryptionCredential()));
        } catch (SecurityException e) {
            log.error("Error during EncryptedData KeyInfo generation", e);
            throw new EncryptionException("Error during EncryptedData KeyInfo generation", e);
        }
    }

    for (KeyEncryptionParameters kekParams : kekParamsList) {
        EncryptedKey encryptedKey = encryptKey(encryptionKey, kekParams, ownerDocument);
        if (encryptedData.getKeyInfo() == null) {
            KeyInfo keyInfo = keyInfoBuilder.buildObject();
            encryptedData.setKeyInfo(keyInfo);
        }
        encryptedData.getKeyInfo().getEncryptedKeys().add(encryptedKey);
    }

    return encryptedData;
}
Example 4
Source File: Encrypter.java    From lams with GNU General Public License v2.0 5 votes vote down vote up 
/**
 * Check the encryption parameters and key encryption parameters for valid combinations of options.
 * 
 * @param encParams the encryption parameters to use
 * @param kekParamsList the key encryption parameters to use
 * @throws EncryptionException exception thrown on encryption errors
 */
protected void checkParams(EncryptionParameters encParams, List<KeyEncryptionParameters> kekParamsList)
        throws EncryptionException {

    checkParams(encParams);
    checkParams(kekParamsList, true);

    if (SecurityHelper.extractEncryptionKey(encParams.getEncryptionCredential()) == null
            && (kekParamsList == null || kekParamsList.isEmpty())) {
        log.error("Using a generated encryption key requires a KeyEncryptionParameters "
                + "object and key encryption key");
        throw new EncryptionException("Using a generated encryption key requires a KeyEncryptionParameters "
                + "object and key encryption key");
    }
}
Example 5
Source File: Encrypter.java    From lams with GNU General Public License v2.0 5 votes vote down vote up 
/**
 * Encrypt the specified XMLObject, and return it as an instance of the specified QName,
 * which should be one of the types derived from {@link org.opensaml.saml2.core.EncryptedElementType}.
 * 
 * @param xmlObject the XMLObject to encrypt
 * @param encElementName the QName of the specialization of EncryptedElementType to return
 * @return a specialization of {@link org.opensaml.saml2.core.EncryptedElementType}
 * @throws EncryptionException thrown when encryption generates an error
 */
private EncryptedElementType encrypt(XMLObject xmlObject, QName encElementName) throws EncryptionException {
    
    checkParams(encParams, kekParamsList);
   
    EncryptedElementType encElement = 
        (EncryptedElementType) builderFactory.getBuilder(encElementName).buildObject(encElementName);
    
    // Marshall the containing element, we will need its Document context to pass 
    // to the key encryption method
    checkAndMarshall(encElement);
    Document ownerDocument = encElement.getDOM().getOwnerDocument();
    
    String encryptionAlgorithmURI = encParams.getAlgorithm();
    Key encryptionKey = SecurityHelper.extractEncryptionKey(encParams.getEncryptionCredential());
    if (encryptionKey == null) {
        encryptionKey = generateEncryptionKey(encryptionAlgorithmURI);
    }
    
    EncryptedData encryptedData = encryptElement(xmlObject, encryptionKey, encryptionAlgorithmURI, false);
    if (encParams.getKeyInfoGenerator() != null) {
        KeyInfoGenerator generator = encParams.getKeyInfoGenerator();
        log.debug("Dynamically generating KeyInfo from Credential for EncryptedData using generator: {}",
                generator.getClass().getName());
        try {
            encryptedData.setKeyInfo( generator.generate(encParams.getEncryptionCredential()) );
        } catch (SecurityException e) {
            throw new EncryptionException("Error generating EncryptedData KeyInfo", e);
        }
    }
    
    List<EncryptedKey> encryptedKeys = new ArrayList<EncryptedKey>();
    if (kekParamsList != null && ! kekParamsList.isEmpty()) {
        encryptedKeys.addAll( encryptKey(encryptionKey, kekParamsList, ownerDocument) );
    }
    
    return processElements(encElement, encryptedData, encryptedKeys);
}