1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.opensaml.saml2.encryption;
18
19 import org.opensaml.common.SAMLObject;
20 import org.opensaml.saml2.core.Assertion;
21 import org.opensaml.saml2.core.Attribute;
22 import org.opensaml.saml2.core.EncryptedAssertion;
23 import org.opensaml.saml2.core.EncryptedAttribute;
24 import org.opensaml.saml2.core.EncryptedElementType;
25 import org.opensaml.saml2.core.EncryptedID;
26 import org.opensaml.saml2.core.NewEncryptedID;
27 import org.opensaml.saml2.core.NewID;
28 import org.opensaml.xml.XMLObject;
29 import org.opensaml.xml.encryption.DecryptionException;
30 import org.opensaml.xml.encryption.EncryptedKeyResolver;
31 import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
32 import org.slf4j.Logger;
33 import org.slf4j.LoggerFactory;
34
35
36
37
38
39
40
41
42
43 public class Decrypter extends org.opensaml.xml.encryption.Decrypter {
44
45
46 private final Logger log = LoggerFactory.getLogger(Decrypter.class);
47
48
49
50
51
52
53
54
55 public Decrypter(KeyInfoCredentialResolver newResolver, KeyInfoCredentialResolver newKEKResolver,
56 EncryptedKeyResolver newEncKeyResolver) {
57 super(newResolver, newKEKResolver, newEncKeyResolver);
58 }
59
60
61
62
63
64
65
66
67 public Assertion decrypt(EncryptedAssertion encryptedAssertion) throws DecryptionException {
68 SAMLObject samlObject = decryptData(encryptedAssertion);
69 if (! (samlObject instanceof Assertion)) {
70 throw new DecryptionException("Decrypted SAMLObject was not an instance of Assertion");
71 }
72 return (Assertion) samlObject;
73 }
74
75
76
77
78
79
80
81
82 public Attribute decrypt(EncryptedAttribute encryptedAttribute) throws DecryptionException {
83 SAMLObject samlObject = decryptData(encryptedAttribute);
84 if (! (samlObject instanceof Attribute)) {
85 throw new DecryptionException("Decrypted SAMLObject was not an instance of Attribute");
86 }
87 return (Attribute) samlObject;
88 }
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103 public SAMLObject decrypt(EncryptedID encryptedID) throws DecryptionException {
104 return decryptData(encryptedID);
105 }
106
107
108
109
110
111
112
113
114
115 public NewID decrypt(NewEncryptedID newEncryptedID) throws DecryptionException {
116 SAMLObject samlObject = decryptData(newEncryptedID);
117 if (! (samlObject instanceof NewID)) {
118 throw new DecryptionException("Decrypted SAMLObject was not an instance of NewID");
119 }
120 return (NewID) samlObject;
121 }
122
123
124
125
126
127
128
129
130
131
132 private SAMLObject decryptData(EncryptedElementType encElement) throws DecryptionException {
133
134 if (encElement.getEncryptedData() == null) {
135 throw new DecryptionException("Element had no EncryptedData child");
136 }
137
138 XMLObject xmlObject = null;
139 try {
140 xmlObject = decryptData(encElement.getEncryptedData(), isRootInNewDocument());
141 } catch (DecryptionException e) {
142 log.error("SAML Decrypter encountered an error decrypting element content", e);
143 throw e;
144 }
145
146 if (! (xmlObject instanceof SAMLObject)) {
147 throw new DecryptionException("Decrypted XMLObject was not an instance of SAMLObject");
148 }
149
150 return (SAMLObject) xmlObject;
151 }
152
153 }