org.opensaml.saml.saml2.encryption

Class Encrypter

java.lang.Object

org.opensaml.xmlsec.encryption.support.Encrypter

org.opensaml.saml.saml2.encryption.Encrypter

public class Encrypter
extends Encrypter

Encrypter for SAML 2 SAMLObjects which has specific options for generating instances of subtypes of EncryptedElementType.

Overloaded methods are provided for encrypting various SAML 2 elements to their corresponding encrypted element variant of EncryptedElementType.

Support is also provided for differing placement options for any associated EncryptedKeys that may be generated. The options are:

• INLINE: EncryptedKeys will placed inside the KeyInfo element of the EncryptedData element
• PEER: EncryptedKeys will be placed as peer elements of the EncryptedData inside the EncryptedElementType element

The default placement is PEER.

The EncryptedKey forward and back referencing behavior associated with these key placement options is intended to be consistent with the guidelines detailed in SAML 2 Errata E43. See that document for further information.

For information on other parameters and options, and general XML Encryption issues, see Encrypter.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Encrypter.KeyPlacement Options for where to place the resulting EncryptedKey elements with respect to the associated EncryptedData element.

Field Summary

Fields

Modifier and Type	Field and Description
private org.opensaml.core.xml.XMLObjectBuilderFactory	builderFactory Factory for building XMLObject instances.
private XMLEncryptionBuilder<CarriedKeyName>	carriedKeyNameBuilder Builder for CarriedKeyName objects.
private XMLEncryptionBuilder<DataReference>	dataReferenceBuilder Builder for DataReference objects.
private DataEncryptionParameters	encParams The parameters to use for encrypting the data.
private net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy	idGenerator Generator for XML ID attribute values.
private List<KeyEncryptionParameters>	kekParamsList The parameters to use for encrypting (wrapping) the data encryption key.
private XMLSignatureBuilder<KeyInfo>	keyInfoBuilder Builder for KeyInfo objects.
private XMLSignatureBuilder<KeyName>	keyNameBuilder Builder for KeyName objects.
private Encrypter.KeyPlacement	keyPlacement The option for where to place the generated EncryptedKey elements.
private Logger	log Class logger.
private XMLEncryptionBuilder<ReferenceList>	referenceListBuilder Builder for ReferenceList objects.
private XMLSignatureBuilder<RetrievalMethod>	retrievalMethodBuilder Builder for RetrievalMethod objects.

Constructor Summary

Constructors

Constructor and Description
Encrypter(DataEncryptionParameters dataEncParams) Constructor.
Encrypter(DataEncryptionParameters dataEncParams, KeyEncryptionParameters keyEncParam) Constructor.
Encrypter(DataEncryptionParameters dataEncParams, List<KeyEncryptionParameters> keyEncParams) Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
EncryptedAssertion	encrypt(Assertion assertion) Encrypt the specified Assertion.
EncryptedAttribute	encrypt(Attribute attribute) Encrypt the specified Attribute.
EncryptedID	encrypt(BaseID baseID) Encrypt the specified BaseID.
EncryptedID	encrypt(NameID nameID) Encrypt the specified NameID.
NewEncryptedID	encrypt(NewID newID) Encrypt the specified NewID.
private EncryptedElementType	encrypt(org.opensaml.core.xml.XMLObject xmlObject, QName encElementName) Encrypt the specified XMLObject, and return it as an instance of the specified QName, which should be one of the types derived from EncryptedElementType.
EncryptedID	encryptAsID(Assertion assertion) Encrypt the specified Assertion, treating as an identifier and returning an EncryptedID.
Encrypter.KeyPlacement	getKeyPlacement() Get the current key placement option.
private void	init() Helper method for constructors.
protected void	linkMultiplePeerKeys(EncryptedData encData, List<EncryptedKey> encKeys) Link multiple "multicast" EncryptedKeys to the EncryptedData according to guidelines in SAML Errata E43.
protected void	linkSinglePeerKey(EncryptedData encData, EncryptedKey encKey) Link a single EncryptedKey to the EncryptedData according to guidelines in SAML Errata E43.
private void	logPreEncryption(org.opensaml.core.xml.XMLObject xmlObject, String objectType) Log the target object prior to encryption.
protected EncryptedElementType	placeKeysAsPeers(EncryptedElementType encElement, EncryptedData encData, List<EncryptedKey> encKeys) Store the specified EncryptedData and EncryptedKey(s) in the specified instance of EncryptedElementType as peer elements, following SAML 2 Errata E43 guidelines for forward and back referencing between the EncryptedData and EncryptedKey(s).
protected EncryptedElementType	placeKeysInline(EncryptedElementType encElement, EncryptedData encData, List<EncryptedKey> encKeys) Place the EncryptedKey elements inside the KeyInfo element within the EncryptedData element.
protected EncryptedElementType	processElements(EncryptedElementType encElement, EncryptedData encData, List<EncryptedKey> encKeys) Handle post-processing of generated EncryptedData and EncryptedKey(s) and storage in the appropriate EncryptedElementType instance.
void	setIDGenerator(net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy newIDGenerator) Set the generator to use when creating XML ID attribute values.
void	setKeyPlacement(Encrypter.KeyPlacement newKeyPlacement) Set the key placement option.

Methods inherited from class org.opensaml.xmlsec.encryption.support.Encrypter

buildXMLCipher, checkAndMarshall, checkParams, checkParams, checkParams, checkParams, decodeOAEPParams, encryptElement, encryptElement, encryptElement, encryptElement, encryptElementContent, encryptElementContent, encryptElementContent, encryptKey, encryptKey, encryptKey, generateEncryptionKey, getEffectiveMGF, getJCAProviderName, postProcessApacheEncryptedKey, setJCAProviderName

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

builderFactory

private org.opensaml.core.xml.XMLObjectBuilderFactory builderFactory

Factory for building XMLObject instances.

keyInfoBuilder

private XMLSignatureBuilder<KeyInfo> keyInfoBuilder

Builder for KeyInfo objects.

dataReferenceBuilder

private XMLEncryptionBuilder<DataReference> dataReferenceBuilder

Builder for DataReference objects.

referenceListBuilder

private XMLEncryptionBuilder<ReferenceList> referenceListBuilder

Builder for ReferenceList objects.

retrievalMethodBuilder

private XMLSignatureBuilder<RetrievalMethod> retrievalMethodBuilder

Builder for RetrievalMethod objects.

keyNameBuilder

private XMLSignatureBuilder<KeyName> keyNameBuilder

Builder for KeyName objects.

carriedKeyNameBuilder

private XMLEncryptionBuilder<CarriedKeyName> carriedKeyNameBuilder

Builder for CarriedKeyName objects.

idGenerator

private net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy idGenerator

Generator for XML ID attribute values.

encParams

private DataEncryptionParameters encParams

The parameters to use for encrypting the data.

kekParamsList

private List<KeyEncryptionParameters> kekParamsList

The parameters to use for encrypting (wrapping) the data encryption key.

keyPlacement

private Encrypter.KeyPlacement keyPlacement

The option for where to place the generated EncryptedKey elements.

log

private final Logger log

Class logger.

Constructor Detail

Encrypter

public Encrypter(DataEncryptionParameters dataEncParams,
         List<KeyEncryptionParameters> keyEncParams)

Constructor.

Parameters:

dataEncParams - the data encryption parameters

keyEncParams - the key encryption parameters

Encrypter

public Encrypter(DataEncryptionParameters dataEncParams,
         KeyEncryptionParameters keyEncParam)

Constructor.

Parameters:

dataEncParams - the data encryption parameters

keyEncParam - the key encryption parameter

Encrypter

public Encrypter(DataEncryptionParameters dataEncParams)

Constructor.

Parameters:

dataEncParams - the data encryption parameters

Method Detail

init

private void init()

Helper method for constructors.

setIDGenerator

public void setIDGenerator(net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy newIDGenerator)

Set the generator to use when creating XML ID attribute values.

Parameters:

newIDGenerator - the new IdentifierGenerator to use

getKeyPlacement

public Encrypter.KeyPlacement getKeyPlacement()

Get the current key placement option.

Returns:

returns the key placement option.

setKeyPlacement

public void setKeyPlacement(Encrypter.KeyPlacement newKeyPlacement)

Set the key placement option.

Parameters:

newKeyPlacement - The new key placement option to set

encrypt

public EncryptedAssertion encrypt(Assertion assertion)
                           throws EncryptionException

Encrypt the specified Assertion.

Parameters:

assertion - the Assertion to encrypt

Returns:

an EncryptedAssertion

Throws:

EncryptionException - thrown when encryption generates an error

encryptAsID

public EncryptedID encryptAsID(Assertion assertion)
                        throws EncryptionException

Encrypt the specified Assertion, treating as an identifier and returning an EncryptedID.

Parameters:

assertion - the Assertion to encrypt

Returns:

an EncryptedID

Throws:

EncryptionException - thrown when encryption generates an error

encrypt

public EncryptedAttribute encrypt(Attribute attribute)
                           throws EncryptionException

Encrypt the specified Attribute.

Parameters:

attribute - the Attribute to encrypt

Returns:

an EncryptedAttribute

Throws:

EncryptionException - thrown when encryption generates an error

encrypt

public EncryptedID encrypt(NameID nameID)
                    throws EncryptionException

Encrypt the specified NameID.

Parameters:

nameID - the NameID to encrypt

Returns:

an EncryptedID

Throws:

EncryptionException - thrown when encryption generates an error

encrypt

public EncryptedID encrypt(BaseID baseID)
                    throws EncryptionException

Encrypt the specified BaseID.

Parameters:

baseID - the BaseID to encrypt

Returns:

an EncryptedID

Throws:

EncryptionException - thrown when encryption generates an error

encrypt

public NewEncryptedID encrypt(NewID newID)
                       throws EncryptionException

Encrypt the specified NewID.

Parameters:

newID - the NewID to encrypt

Returns:

a NewEncryptedID

Throws:

EncryptionException - thrown when encryption generates an error

logPreEncryption

private void logPreEncryption(org.opensaml.core.xml.XMLObject xmlObject,
                    String objectType)

Log the target object prior to encryption.

Parameters:

xmlObject - the XMLObject to encrypt

objectType - String description of the type of object to encrypt

encrypt

private EncryptedElementType encrypt(org.opensaml.core.xml.XMLObject xmlObject,
                           QName encElementName)
                              throws EncryptionException

Encrypt the specified XMLObject, and return it as an instance of the specified QName, which should be one of the types derived from EncryptedElementType.

Parameters:

xmlObject - the XMLObject to encrypt

encElementName - the QName of the specialization of EncryptedElementType to return

Returns:

a specialization of EncryptedElementType

Throws:

EncryptionException - thrown when encryption generates an error

processElements

protected EncryptedElementType processElements(EncryptedElementType encElement,
                                   EncryptedData encData,
                                   List<EncryptedKey> encKeys)
                                        throws EncryptionException

Handle post-processing of generated EncryptedData and EncryptedKey(s) and storage in the appropriate EncryptedElementType instance.

Parameters:

encElement - the EncryptedElementType instance which will hold the encrypted data and keys

encData - the EncryptedData object

encKeys - the list of EncryptedKey objects

Returns:

the processed EncryptedElementType instance

Throws:

EncryptionException - thrown when processing encounters an error

placeKeysInline

protected EncryptedElementType placeKeysInline(EncryptedElementType encElement,
                                   EncryptedData encData,
                                   List<EncryptedKey> encKeys)

Place the EncryptedKey elements inside the KeyInfo element within the EncryptedData element. Although operationally trivial, this method is provided so that subclasses may override or augment as desired.

Parameters:

encElement - the EncryptedElementType instance which will hold the encrypted data and keys

encData - the EncryptedData object

encKeys - the list of EncryptedKey objects

Returns:

the processed EncryptedElementType instance

placeKeysAsPeers

protected EncryptedElementType placeKeysAsPeers(EncryptedElementType encElement,
                                    EncryptedData encData,
                                    List<EncryptedKey> encKeys)

Store the specified EncryptedData and EncryptedKey(s) in the specified instance of EncryptedElementType as peer elements, following SAML 2 Errata E43 guidelines for forward and back referencing between the EncryptedData and EncryptedKey(s).

Parameters:

encElement - a specialization of EncryptedElementType to store the encrypted data and keys

encData - the EncryptedData to store

encKeys - the EncryptedKey(s) to store

Returns:

the resulting specialization of EncryptedElementType

linkSinglePeerKey

protected void linkSinglePeerKey(EncryptedData encData,
                     EncryptedKey encKey)

Link a single EncryptedKey to the EncryptedData according to guidelines in SAML Errata E43.

Parameters:

encData - the EncryptedData

encKey - the EncryptedKey

linkMultiplePeerKeys

protected void linkMultiplePeerKeys(EncryptedData encData,
                        List<EncryptedKey> encKeys)

Link multiple "multicast" EncryptedKeys to the EncryptedData according to guidelines in SAML Errata E43.

Parameters:

encData - the EncryptedData

encKeys - the list of EncryptedKeys