[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [higgins-dev] encrypted assertions with higgins saml2 util library
|
2009/6/12 Markus Sabadello <markus.sabadello@xxxxxxxxx>:
> If you create such an EncryptedAssertion class or other extensions to that
> library, would you be interested in contributing them to Higgins? I think
> that if those extensions are generic enough (not limited to your particular
> use case), they could fit well into what we already have.
I doubt that it will be good enough to include. The approach I'm
trying out is simply;
In SAMLResponse, in the getSAMLAssertion() method, if the assertion
element is null, try to fetch an encrypted assertion element instead,
then call a decrypt method, passing in a key provided earlier.
In the decrypt method, since this is basically just xml encryption
standard stuff, all I have to do is
private void decryptElement(Document document, PrivateKey privateKey) {
String namespaceURI = EncryptionConstants.EncryptionSpecNS;
String localName = EncryptionConstants._TAG_ENCRYPTEDDATA;
Element encryptedDataElement =
(Element)document.getElementsByTagNameNS(namespaceURI,
localName).item(0);
try {
XMLCipher xmlCipher = XMLCipher.getInstance();
xmlCipher.init(XMLCipher.DECRYPT_MODE, null);
xmlCipher.setKEK(privateKey);
xmlCipher.doFinal(document, encryptedDataElement);
} catch (Exception ee) {
log.error("unable to decrypt node; ", ee);
}
}
(Using apache xml security.)
This code will then put the decrypted assertion xml fragment back into
the document, from where the assertion element can simply be retrieved
as normal, returning a normal SAMLAssertion created from it.
I'm currently testing this, but am having some key issues i think.
There are no private key PEM-file loaders around for java it seems..
--
-Tor
