Class SAMLObjectDecrypter
java.lang.Object
se.swedenconnect.opensaml.xmlsec.encryption.support.SAMLObjectDecrypter
A support bean for easy decryption.
OpenSAML offers two ways to represent decryption parameters, the DecryptionParameters
and the
DecryptionConfiguration
. This bean supports being initialized by either of these two, but also, and perhaps
easier to use; it supports initialization with just the encryption credentials and assigns the defaults from
DecryptionUtils.createDecryptionParameters(Credential...)
.
- Author:
- Martin Lindström (martin@idsec.se)
-
Constructor Summary
ConstructorDescriptionSAMLObjectDecrypter
(List<org.opensaml.security.credential.Credential> decryptionCredentials) Constructor accepting several credentials (certificates or key pairs) to be used when decrypting.SAMLObjectDecrypter
(org.opensaml.security.credential.Credential decryptionCredential) Constructor given the credential to use to decrypt the messages (certificate or key pair).SAMLObjectDecrypter
(org.opensaml.xmlsec.DecryptionConfiguration decryptionConfiguration) Initializes the decrypter usingDecryptionConfiguration
.SAMLObjectDecrypter
(org.opensaml.xmlsec.DecryptionParameters decryptionParameters) Initializes the decrypter usingDecryptionParameters
. -
Method Summary
Modifier and TypeMethodDescription<T extends org.opensaml.core.xml.XMLObject,
E extends org.opensaml.saml.saml2.core.EncryptedElementType>
TDecrypts the supplied encrypted object into an object of the given type.<T extends org.opensaml.core.xml.XMLObject>
TDecrypts the supplied encrypted object into an object of the given type.void
setBlacklistedAlgorithms
(Collection<String> blacklistedAlgorithms) Assigns a list of black listed algorithmsvoid
setPkcs11testMode
(boolean pkcs11testMode) For internal testing only.void
setPkcs11Workaround
(boolean pkcs11Workaround) If using an HSM it is likely that the SunPKCS11 crypto provider is used.void
setWhitelistedAlgorithms
(Collection<String> whitelistedAlgorithms) Assigns a list of white listed algorithms
-
Constructor Details
-
SAMLObjectDecrypter
public SAMLObjectDecrypter(org.opensaml.security.credential.Credential decryptionCredential) Constructor given the credential to use to decrypt the messages (certificate or key pair).- Parameters:
decryptionCredential
- decryption credential
-
SAMLObjectDecrypter
Constructor accepting several credentials (certificates or key pairs) to be used when decrypting. This may be useful after a key rollover.- Parameters:
decryptionCredentials
- decryption credentials
-
SAMLObjectDecrypter
public SAMLObjectDecrypter(org.opensaml.xmlsec.DecryptionParameters decryptionParameters) Initializes the decrypter usingDecryptionParameters
.- Parameters:
decryptionParameters
- parameters
-
SAMLObjectDecrypter
public SAMLObjectDecrypter(org.opensaml.xmlsec.DecryptionConfiguration decryptionConfiguration) Initializes the decrypter usingDecryptionConfiguration
.- Parameters:
decryptionConfiguration
- parameters
-
-
Method Details
-
decrypt
public <T extends org.opensaml.core.xml.XMLObject,E extends org.opensaml.saml.saml2.core.EncryptedElementType> T decrypt(E encryptedObject, Class<T> destinationClass) throws org.opensaml.xmlsec.encryption.support.DecryptionException Decrypts the supplied encrypted object into an object of the given type.- Type Parameters:
T
- the type of the destination objectE
- the type of the encrypted object- Parameters:
encryptedObject
- the encrypted objectdestinationClass
- the class of the destination object- Returns:
- the decrypted element of object T
- Throws:
org.opensaml.xmlsec.encryption.support.DecryptionException
- for decryption errors
-
decrypt
public <T extends org.opensaml.core.xml.XMLObject> T decrypt(org.opensaml.xmlsec.encryption.EncryptedData encryptedData, Class<T> destinationClass) throws org.opensaml.xmlsec.encryption.support.DecryptionException Decrypts the supplied encrypted object into an object of the given type.- Type Parameters:
T
- the type of the destination object- Parameters:
encryptedData
- the encrypted datadestinationClass
- the class of the destination object- Returns:
- the decrypted element of object T
- Throws:
org.opensaml.xmlsec.encryption.support.DecryptionException
- for decryption errors
-
setBlacklistedAlgorithms
Assigns a list of black listed algorithms- Parameters:
blacklistedAlgorithms
- non allowed algorithms
-
setWhitelistedAlgorithms
Assigns a list of white listed algorithms- Parameters:
whitelistedAlgorithms
- white listed algorithms
-
setPkcs11Workaround
public void setPkcs11Workaround(boolean pkcs11Workaround) If using an HSM it is likely that the SunPKCS11 crypto provider is used. This provider does not have support for OAEP padding. This is used commonly for XML encryption sincehttp://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
is the default algorithm to use for key encryption. This class has a workaround for this limitation that is enabled by setting thepkcs11Workaround
flag.- Parameters:
pkcs11Workaround
- whether to run in PKCS11 workaround mode
-
setPkcs11testMode
public void setPkcs11testMode(boolean pkcs11testMode) For internal testing only.- Parameters:
pkcs11testMode
- test flag
-