Package se.swedenconnect.opensaml.xmlsec.encryption.support

Class SAMLObjectDecrypter

java.lang.Object
se.swedenconnect.opensaml.xmlsec.encryption.support.SAMLObjectDecrypter
public class SAMLObjectDecrypter extends Object
A support bean for easy decryption.

OpenSAML offers two ways to represent decryption parameters, the DecryptionParameters and the DecryptionConfiguration. This bean supports being initialized by either of these two, but also, and perhaps easier to use; it supports initialization with just the encryption credentials and assigns the defaults from DecryptionUtils.createDecryptionParameters(Credential...).

Author:
Martin Lindström (martin@idsec.se)

  • Constructor Details

    • SAMLObjectDecrypter

      public SAMLObjectDecrypter(Credential decryptionCredential)
      Constructor given the credential to use to decrypt the messages (certificate or key pair).
      Parameters:
      decryptionCredential - decryption credential

    • SAMLObjectDecrypter

      public SAMLObjectDecrypter(List<Credential> decryptionCredentials)
      Constructor accepting several credentials (certificates or key pairs) to be used when decrypting. This may be useful after a key rollover.
      Parameters:
      decryptionCredentials - decryption credentials

    • SAMLObjectDecrypter

      public SAMLObjectDecrypter(DecryptionParameters decryptionParameters)
      Initializes the decrypter using DecryptionParameters.
      Parameters:
      decryptionParameters - parameters

    • SAMLObjectDecrypter

      public SAMLObjectDecrypter(DecryptionConfiguration decryptionConfiguration)
      Initializes the decrypter using DecryptionConfiguration.
      Parameters:
      decryptionConfiguration - parameters

  • Method Details

    • decrypt

      public <T extends XMLObject, E extends EncryptedElementType> T decrypt(E encryptedObject, Class<T> destinationClass) throws DecryptionException
      Decrypts the supplied encrypted object into an object of the given type.
      Type Parameters:
      T - the type of the destination object
      E - the type of the encrypted object
      Parameters:
      encryptedObject - the encrypted object
      destinationClass - the class of the destination object
      Returns:
      the decrypted element of object T
      Throws:
      DecryptionException - for decryption errors

    • decrypt

      public <T extends XMLObject> T decrypt(EncryptedData encryptedData, Class<T> destinationClass) throws DecryptionException
      Decrypts the supplied encrypted object into an object of the given type.
      Type Parameters:
      T - the type of the destination object
      Parameters:
      encryptedData - the encrypted data
      destinationClass - the class of the destination object
      Returns:
      the decrypted element of object T
      Throws:
      DecryptionException - for decryption errors

    • setBlacklistedAlgorithms

      public void setBlacklistedAlgorithms(Collection<String> blacklistedAlgorithms)
      Assigns a list of black listed algorithms
      Parameters:
      blacklistedAlgorithms - non allowed algorithms

    • setWhitelistedAlgorithms

      public void setWhitelistedAlgorithms(Collection<String> whitelistedAlgorithms)
      Assigns a list of white listed algorithms
      Parameters:
      whitelistedAlgorithms - white listed algorithms

    • setPkcs11Workaround

      public void setPkcs11Workaround(boolean pkcs11Workaround)
      If using a HSM it is likely that the SunPKCS11 crypto provider is used. This provider does not have support for OAEP padding. This is used commonly for XML encryption since http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p is the default algorithm to use for key encryption. This class has a workaround for this limitation that is enabled by setting the pkcs11Workaround flag.
      Parameters:
      pkcs11Workaround - whether to run in PKCS11 workaround mode

    • setPkcs11testMode

      public void setPkcs11testMode(boolean pkcs11testMode)
      For internal testing only.
      Parameters:
      pkcs11testMode - test flag