Package org.opensaml.saml.saml2.encryption

Class Encrypter

  • public class Encrypter
extends org.opensaml.xmlsec.encryption.support.Encrypter
    Encrypter for SAML 2 SAMLObjects which has specific options for generating instances of subtypes of EncryptedElementType.

    Overloaded methods are provided for encrypting various SAML 2 elements to their corresponding encrypted element variant of EncryptedElementType.

    Support is also provided for differing placement options for any associated EncryptedKeys that may be generated. The options are:

    • INLINE: EncryptedKeys will placed inside the KeyInfo element of the EncryptedData element
    • PEER: EncryptedKeys will be placed as peer elements of the EncryptedData inside the EncryptedElementType element

    The default placement is PEER.

    The EncryptedKey forward and back referencing behavior associated with these key placement options is intended to be consistent with the guidelines detailed in SAML 2 Errata E43. See that document for further information.

    For information on other parameters and options, and general XML Encryption issues, see Encrypter.

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  Encrypter.KeyPlacement
      Options for where to place the resulting EncryptedKey elements with respect to the associated EncryptedData element.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private org.opensaml.core.xml.XMLObjectBuilderFactory builderFactory
      Factory for building XMLObject instances.
      private org.opensaml.xmlsec.encryption.XMLEncryptionBuilder<org.opensaml.xmlsec.encryption.CarriedKeyName> carriedKeyNameBuilder
      Builder for CarriedKeyName objects.
      private org.opensaml.xmlsec.encryption.XMLEncryptionBuilder<org.opensaml.xmlsec.encryption.DataReference> dataReferenceBuilder
      Builder for DataReference objects.
      private org.opensaml.xmlsec.encryption.support.DataEncryptionParameters encParams
      The parameters to use for encrypting the data.
      private net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy idGenerator
      Generator for XML ID attribute values.
      private List<org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters> kekParamsList
      The parameters to use for encrypting (wrapping) the data encryption key.
      private org.opensaml.xmlsec.signature.XMLSignatureBuilder<org.opensaml.xmlsec.signature.KeyInfo> keyInfoBuilder
      Builder for KeyInfo objects.
      private org.opensaml.xmlsec.signature.XMLSignatureBuilder<org.opensaml.xmlsec.signature.KeyName> keyNameBuilder
      Builder for KeyName objects.
      private Encrypter.KeyPlacement keyPlacement
      The option for where to place the generated EncryptedKey elements.
      private org.slf4j.Logger log
      Class logger.
      private org.opensaml.xmlsec.encryption.XMLEncryptionBuilder<org.opensaml.xmlsec.encryption.ReferenceList> referenceListBuilder
      Builder for ReferenceList objects.
      private org.opensaml.xmlsec.signature.XMLSignatureBuilder<org.opensaml.xmlsec.signature.RetrievalMethod> retrievalMethodBuilder
      Builder for RetrievalMethod objects.

    • Constructor Summary

      Constructors 
      Constructor Description
      Encrypter​(org.opensaml.xmlsec.encryption.support.DataEncryptionParameters dataEncParams)
      Constructor.
      Encrypter​(org.opensaml.xmlsec.encryption.support.DataEncryptionParameters dataEncParams, List<org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters> keyEncParams)
      Constructor.
      Encrypter​(org.opensaml.xmlsec.encryption.support.DataEncryptionParameters dataEncParams, org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters keyEncParam)
      Constructor.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private EncryptedElementType encrypt​(org.opensaml.core.xml.XMLObject xmlObject, QName encElementName)
      Encrypt the specified XMLObject, and return it as an instance of the specified QName, which should be one of the types derived from EncryptedElementType.
      EncryptedAssertion encrypt​(Assertion assertion)
      Encrypt the specified Assertion.
      EncryptedAttribute encrypt​(Attribute attribute)
      Encrypt the specified Attribute.
      EncryptedID encrypt​(BaseID baseID)
      Encrypt the specified BaseID.
      EncryptedID encrypt​(NameID nameID)
      Encrypt the specified NameID.
      NewEncryptedID encrypt​(NewID newID)
      Encrypt the specified NewID.
      EncryptedID encryptAsID​(Assertion assertion)
      Encrypt the specified Assertion, treating as an identifier and returning an EncryptedID.
      Encrypter.KeyPlacement getKeyPlacement()
      Get the current key placement option.
      private void init()
      Helper method for constructors.
      protected void linkMultiplePeerKeys​(org.opensaml.xmlsec.encryption.EncryptedData encData, List<org.opensaml.xmlsec.encryption.EncryptedKey> encKeys)
      Link multiple "multicast" EncryptedKeys to the EncryptedData according to guidelines in SAML Errata E43.
      protected void linkSinglePeerKey​(org.opensaml.xmlsec.encryption.EncryptedData encData, org.opensaml.xmlsec.encryption.EncryptedKey encKey)
      Link a single EncryptedKey to the EncryptedData according to guidelines in SAML Errata E43.
      private void logPreEncryption​(org.opensaml.core.xml.XMLObject xmlObject, String objectType)
      Log the target object prior to encryption.
      protected EncryptedElementType placeKeysAsPeers​(EncryptedElementType encElement, org.opensaml.xmlsec.encryption.EncryptedData encData, List<org.opensaml.xmlsec.encryption.EncryptedKey> encKeys)
      Store the specified EncryptedData and EncryptedKey(s) in the specified instance of EncryptedElementType as peer elements, following SAML 2 Errata E43 guidelines for forward and back referencing between the EncryptedData and EncryptedKey(s).
      protected EncryptedElementType placeKeysInline​(EncryptedElementType encElement, org.opensaml.xmlsec.encryption.EncryptedData encData, List<org.opensaml.xmlsec.encryption.EncryptedKey> encKeys)
      Place the EncryptedKey elements inside the KeyInfo element within the EncryptedData element.
      protected EncryptedElementType processElements​(EncryptedElementType encElement, org.opensaml.xmlsec.encryption.EncryptedData encData, List<org.opensaml.xmlsec.encryption.EncryptedKey> encKeys)
      Handle post-processing of generated EncryptedData and EncryptedKey(s) and storage in the appropriate EncryptedElementType instance.
      void setIDGenerator​(net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy newIDGenerator)
      Set the generator to use when creating XML ID attribute values.
      void setKeyPlacement​(Encrypter.KeyPlacement newKeyPlacement)
      Set the key placement option.

      • Methods inherited from class org.opensaml.xmlsec.encryption.support.Encrypter

        buildXMLCipher, checkAndMarshall, checkParams, checkParams, checkParams, checkParams, decodeOAEPParams, encryptElement, encryptElement, encryptElement, encryptElement, encryptElementContent, encryptElementContent, encryptElementContent, encryptKey, encryptKey, encryptKey, generateEncryptionKey, getEffectiveMGF, getJCAProviderName, postProcessApacheEncryptedKey, setJCAProviderName

    • Field Detail

      • builderFactory

        private org.opensaml.core.xml.XMLObjectBuilderFactory builderFactory
        Factory for building XMLObject instances.

      • keyInfoBuilder

        private org.opensaml.xmlsec.signature.XMLSignatureBuilder<org.opensaml.xmlsec.signature.KeyInfo> keyInfoBuilder
        Builder for KeyInfo objects.

      • dataReferenceBuilder

        private org.opensaml.xmlsec.encryption.XMLEncryptionBuilder<org.opensaml.xmlsec.encryption.DataReference> dataReferenceBuilder
        Builder for DataReference objects.

      • referenceListBuilder

        private org.opensaml.xmlsec.encryption.XMLEncryptionBuilder<org.opensaml.xmlsec.encryption.ReferenceList> referenceListBuilder
        Builder for ReferenceList objects.

      • retrievalMethodBuilder

        private org.opensaml.xmlsec.signature.XMLSignatureBuilder<org.opensaml.xmlsec.signature.RetrievalMethod> retrievalMethodBuilder
        Builder for RetrievalMethod objects.

      • keyNameBuilder

        private org.opensaml.xmlsec.signature.XMLSignatureBuilder<org.opensaml.xmlsec.signature.KeyName> keyNameBuilder
        Builder for KeyName objects.

      • carriedKeyNameBuilder

        private org.opensaml.xmlsec.encryption.XMLEncryptionBuilder<org.opensaml.xmlsec.encryption.CarriedKeyName> carriedKeyNameBuilder
        Builder for CarriedKeyName objects.

      • idGenerator

        private net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy idGenerator
        Generator for XML ID attribute values.

      • encParams

        private org.opensaml.xmlsec.encryption.support.DataEncryptionParameters encParams
        The parameters to use for encrypting the data.

      • kekParamsList

        private List<org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters> kekParamsList
        The parameters to use for encrypting (wrapping) the data encryption key.

      • keyPlacement

        private Encrypter.KeyPlacement keyPlacement
        The option for where to place the generated EncryptedKey elements.

      • log

        private final org.slf4j.Logger log
        Class logger.

    • Constructor Detail

      • Encrypter

        public Encrypter​(org.opensaml.xmlsec.encryption.support.DataEncryptionParameters dataEncParams,
                 List<org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters> keyEncParams)
        Constructor.
        Parameters:
        dataEncParams - the data encryption parameters
        keyEncParams - the key encryption parameters

      • Encrypter

        public Encrypter​(org.opensaml.xmlsec.encryption.support.DataEncryptionParameters dataEncParams,
                 org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters keyEncParam)
        Constructor.
        Parameters:
        dataEncParams - the data encryption parameters
        keyEncParam - the key encryption parameter

      • Encrypter

        public Encrypter​(org.opensaml.xmlsec.encryption.support.DataEncryptionParameters dataEncParams)
        Constructor.
        Parameters:
        dataEncParams - the data encryption parameters

    • Method Detail

      • init

        private void init()
        Helper method for constructors.

      • setIDGenerator

        public void setIDGenerator​(net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy newIDGenerator)
        Set the generator to use when creating XML ID attribute values.
        Parameters:
        newIDGenerator - the new IdentifierGenerator to use

      • getKeyPlacement

        public Encrypter.KeyPlacement getKeyPlacement()
        Get the current key placement option.
        Returns:
        returns the key placement option.

      • setKeyPlacement

        public void setKeyPlacement​(Encrypter.KeyPlacement newKeyPlacement)
        Set the key placement option.
        Parameters:
        newKeyPlacement - The new key placement option to set

      • encrypt

        public EncryptedAssertion encrypt​(Assertion assertion)
                           throws org.opensaml.xmlsec.encryption.support.EncryptionException
        Encrypt the specified Assertion.
        Parameters:
        assertion - the Assertion to encrypt
        Returns:
        an EncryptedAssertion
        Throws:
        org.opensaml.xmlsec.encryption.support.EncryptionException - thrown when encryption generates an error

      • encryptAsID

        public EncryptedID encryptAsID​(Assertion assertion)
                        throws org.opensaml.xmlsec.encryption.support.EncryptionException
        Encrypt the specified Assertion, treating as an identifier and returning an EncryptedID.
        Parameters:
        assertion - the Assertion to encrypt
        Returns:
        an EncryptedID
        Throws:
        org.opensaml.xmlsec.encryption.support.EncryptionException - thrown when encryption generates an error

      • encrypt

        public EncryptedAttribute encrypt​(Attribute attribute)
                           throws org.opensaml.xmlsec.encryption.support.EncryptionException
        Encrypt the specified Attribute.
        Parameters:
        attribute - the Attribute to encrypt
        Returns:
        an EncryptedAttribute
        Throws:
        org.opensaml.xmlsec.encryption.support.EncryptionException - thrown when encryption generates an error

      • encrypt

        public EncryptedID encrypt​(NameID nameID)
                    throws org.opensaml.xmlsec.encryption.support.EncryptionException
        Encrypt the specified NameID.
        Parameters:
        nameID - the NameID to encrypt
        Returns:
        an EncryptedID
        Throws:
        org.opensaml.xmlsec.encryption.support.EncryptionException - thrown when encryption generates an error

      • encrypt

        public EncryptedID encrypt​(BaseID baseID)
                    throws org.opensaml.xmlsec.encryption.support.EncryptionException
        Encrypt the specified BaseID.
        Parameters:
        baseID - the BaseID to encrypt
        Returns:
        an EncryptedID
        Throws:
        org.opensaml.xmlsec.encryption.support.EncryptionException - thrown when encryption generates an error

      • encrypt

        public NewEncryptedID encrypt​(NewID newID)
                       throws org.opensaml.xmlsec.encryption.support.EncryptionException
        Encrypt the specified NewID.
        Parameters:
        newID - the NewID to encrypt
        Returns:
        a NewEncryptedID
        Throws:
        org.opensaml.xmlsec.encryption.support.EncryptionException - thrown when encryption generates an error

      • logPreEncryption

        private void logPreEncryption​(org.opensaml.core.xml.XMLObject xmlObject,
                              String objectType)
        Log the target object prior to encryption.
        Parameters:
        xmlObject - the XMLObject to encrypt
        objectType - String description of the type of object to encrypt

      • encrypt

        private EncryptedElementType encrypt​(org.opensaml.core.xml.XMLObject xmlObject,
                                     QName encElementName)
                              throws org.opensaml.xmlsec.encryption.support.EncryptionException
        Encrypt the specified XMLObject, and return it as an instance of the specified QName, which should be one of the types derived from EncryptedElementType.
        Parameters:
        xmlObject - the XMLObject to encrypt
        encElementName - the QName of the specialization of EncryptedElementType to return
        Returns:
        a specialization of EncryptedElementType
        Throws:
        org.opensaml.xmlsec.encryption.support.EncryptionException - thrown when encryption generates an error

      • processElements

        protected EncryptedElementType processElements​(EncryptedElementType encElement,
                                               org.opensaml.xmlsec.encryption.EncryptedData encData,
                                               List<org.opensaml.xmlsec.encryption.EncryptedKey> encKeys)
                                        throws org.opensaml.xmlsec.encryption.support.EncryptionException
        Handle post-processing of generated EncryptedData and EncryptedKey(s) and storage in the appropriate EncryptedElementType instance.
        Parameters:
        encElement - the EncryptedElementType instance which will hold the encrypted data and keys
        encData - the EncryptedData object
        encKeys - the list of EncryptedKey objects
        Returns:
        the processed EncryptedElementType instance
        Throws:
        org.opensaml.xmlsec.encryption.support.EncryptionException - thrown when processing encounters an error

      • placeKeysInline

        protected EncryptedElementType placeKeysInline​(EncryptedElementType encElement,
                                               org.opensaml.xmlsec.encryption.EncryptedData encData,
                                               List<org.opensaml.xmlsec.encryption.EncryptedKey> encKeys)
        Place the EncryptedKey elements inside the KeyInfo element within the EncryptedData element. Although operationally trivial, this method is provided so that subclasses may override or augment as desired.
        Parameters:
        encElement - the EncryptedElementType instance which will hold the encrypted data and keys
        encData - the EncryptedData object
        encKeys - the list of EncryptedKey objects
        Returns:
        the processed EncryptedElementType instance

      • placeKeysAsPeers

        protected EncryptedElementType placeKeysAsPeers​(EncryptedElementType encElement,
                                                org.opensaml.xmlsec.encryption.EncryptedData encData,
                                                List<org.opensaml.xmlsec.encryption.EncryptedKey> encKeys)
        Store the specified EncryptedData and EncryptedKey(s) in the specified instance of EncryptedElementType as peer elements, following SAML 2 Errata E43 guidelines for forward and back referencing between the EncryptedData and EncryptedKey(s).
        Parameters:
        encElement - a specialization of EncryptedElementType to store the encrypted data and keys
        encData - the EncryptedData to store
        encKeys - the EncryptedKey(s) to store
        Returns:
        the resulting specialization of EncryptedElementType

      • linkSinglePeerKey

        protected void linkSinglePeerKey​(org.opensaml.xmlsec.encryption.EncryptedData encData,
                                 org.opensaml.xmlsec.encryption.EncryptedKey encKey)
        Link a single EncryptedKey to the EncryptedData according to guidelines in SAML Errata E43.
        Parameters:
        encData - the EncryptedData
        encKey - the EncryptedKey

      • linkMultiplePeerKeys

        protected void linkMultiplePeerKeys​(org.opensaml.xmlsec.encryption.EncryptedData encData,
                                    List<org.opensaml.xmlsec.encryption.EncryptedKey> encKeys)
        Link multiple "multicast" EncryptedKeys to the EncryptedData according to guidelines in SAML Errata E43.
        Parameters:
        encData - the EncryptedData
        encKeys - the list of EncryptedKeys