View Javadoc

1   /*
2    * Copyright [2006] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.saml2.encryption;
18  
19  import org.opensaml.common.SAMLObject;
20  import org.opensaml.saml2.core.Assertion;
21  import org.opensaml.saml2.core.Attribute;
22  import org.opensaml.saml2.core.EncryptedAssertion;
23  import org.opensaml.saml2.core.EncryptedAttribute;
24  import org.opensaml.saml2.core.EncryptedElementType;
25  import org.opensaml.saml2.core.EncryptedID;
26  import org.opensaml.saml2.core.NewEncryptedID;
27  import org.opensaml.saml2.core.NewID;
28  import org.opensaml.xml.XMLObject;
29  import org.opensaml.xml.encryption.DecryptionException;
30  import org.opensaml.xml.encryption.EncryptedKeyResolver;
31  import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
32  import org.slf4j.Logger;
33  import org.slf4j.LoggerFactory;
34  
35  /**
36   * Class which implements SAML2-specific options for {@link EncryptedElementType} objects.
37   * 
38   * <p>
39   * For information on other parameters and options, and general XML Encryption issues,
40   * see {@link org.opensaml.xml.encryption.Decrypter}.
41   * </p>
42   */
43  public class Decrypter extends org.opensaml.xml.encryption.Decrypter {
44      
45      /** Class logger. */
46      private final Logger log = LoggerFactory.getLogger(Decrypter.class);
47      
48      /**
49       * Constructor.
50       *
51       * @param newResolver resolver for data encryption keys.
52       * @param newKEKResolver resolver for key encryption keys.
53       * @param newEncKeyResolver resolver for EncryptedKey elements
54       */
55      public Decrypter(KeyInfoCredentialResolver newResolver, KeyInfoCredentialResolver newKEKResolver, 
56              EncryptedKeyResolver newEncKeyResolver) {
57          super(newResolver, newKEKResolver, newEncKeyResolver);
58      }
59      
60      /**
61       * Decrypt the specified EncryptedAssertion.
62       * 
63       * @param encryptedAssertion the EncryptedAssertion to decrypt
64       * @return an Assertion 
65       * @throws DecryptionException thrown when decryption generates an error
66       */
67      public Assertion decrypt(EncryptedAssertion encryptedAssertion) throws DecryptionException {
68          SAMLObject samlObject = decryptData(encryptedAssertion);
69          if (! (samlObject instanceof Assertion)) {
70              throw new DecryptionException("Decrypted SAMLObject was not an instance of Assertion");
71          }
72          return (Assertion) samlObject;
73      }
74  
75      /**
76       * Decrypt the specified EncryptedAttribute.
77       * 
78       * @param encryptedAttribute the EncryptedAttribute to decrypt
79       * @return an Attribute
80       * @throws DecryptionException thrown when decryption generates an error
81       */
82      public Attribute decrypt(EncryptedAttribute encryptedAttribute) throws DecryptionException {
83          SAMLObject samlObject = decryptData(encryptedAttribute);
84          if (! (samlObject instanceof Attribute)) {
85              throw new DecryptionException("Decrypted SAMLObject was not an instance of Attribute");
86          }
87          return (Attribute) samlObject;
88      }
89      
90      /**
91       * Decrypt the specified EncryptedID.
92       * 
93       * <p>
94       * Note that an EncryptedID can contain a NameID, an Assertion
95       * or a BaseID.  It is up to the caller to determine the type of
96       * the resulting SAMLObject.
97       * </p>
98       * 
99       * @param encryptedID the EncryptedID to decrypt
100      * @return an XMLObject
101      * @throws DecryptionException thrown when decryption generates an error
102      */
103     public SAMLObject decrypt(EncryptedID encryptedID) throws DecryptionException {
104         return decryptData(encryptedID);
105     }
106 
107 
108     /**
109      * Decrypt the specified NewEncryptedID.
110      * 
111      * @param newEncryptedID the NewEncryptedID to decrypt
112      * @return a NewID
113      * @throws DecryptionException thrown when decryption generates an error
114      */
115     public NewID decrypt(NewEncryptedID newEncryptedID) throws DecryptionException {
116         SAMLObject samlObject = decryptData(newEncryptedID);
117         if (! (samlObject instanceof NewID)) {
118             throw new DecryptionException("Decrypted SAMLObject was not an instance of NewID");
119         }
120         return (NewID) samlObject;
121     }
122     
123     /**
124      * Decrypt the specified instance of EncryptedElementType, and return it as an instance 
125      * of the specified QName.
126      * 
127      * 
128      * @param encElement the EncryptedElementType to decrypt
129      * @return the decrypted SAMLObject
130      * @throws DecryptionException thrown when decryption generates an error
131      */
132     private SAMLObject decryptData(EncryptedElementType encElement) throws DecryptionException {
133         
134         if (encElement.getEncryptedData() == null) {
135             throw new DecryptionException("Element had no EncryptedData child");
136         }
137         
138         XMLObject xmlObject = null;
139         try {
140             xmlObject = decryptData(encElement.getEncryptedData(), isRootInNewDocument());
141         } catch (DecryptionException e) {
142             log.error("SAML Decrypter encountered an error decrypting element content", e);
143             throw e; 
144         }
145         
146         if (! (xmlObject instanceof SAMLObject)) {
147             throw new DecryptionException("Decrypted XMLObject was not an instance of SAMLObject");
148         }
149         
150         return (SAMLObject) xmlObject;
151     }
152 
153 }