Package org.opensaml.saml.saml2.encryption

Class Encrypter

java.lang.Object
org.opensaml.xmlsec.encryption.support.Encrypter
org.opensaml.saml.saml2.encryption.Encrypter
public class Encrypter
extends Encrypter
Encrypter for SAML 2 SAMLObjects which has specific options for generating instances of subtypes of EncryptedElementType.

Overloaded methods are provided for encrypting various SAML 2 elements to their corresponding encrypted element variant of EncryptedElementType.

Support is also provided for differing placement options for any associated EncryptedKeys that may be generated. The options are:

  • INLINE: EncryptedKeys will placed inside the KeyInfo element of the EncryptedData element
  • PEER: EncryptedKeys will be placed as peer elements of the EncryptedData inside the EncryptedElementType element

The default placement is PEER.

The EncryptedKey forward and back referencing behavior associated with these key placement options is intended to be consistent with the guidelines detailed in SAML 2 Errata E43. See that document for further information.

For information on other parameters and options, and general XML Encryption issues, see Encrypter.

  • Field Details

  • Constructor Details

  • Method Details

    • init

      private void init()
      Helper method for constructors.

    • setIDGenerator

      public void setIDGenerator​(IdentifierGenerationStrategy newIDGenerator)
      Set the generator to use when creating XML ID attribute values.
      Parameters:
      newIDGenerator - the new IdentifierGenerator to use

    • getKeyPlacement

      public Encrypter.KeyPlacement getKeyPlacement()
      Get the current key placement option.
      Returns:
      returns the key placement option.

    • setKeyPlacement

      public void setKeyPlacement​(Encrypter.KeyPlacement newKeyPlacement)
      Set the key placement option.
      Parameters:
      newKeyPlacement - The new key placement option to set

    • encrypt

      public EncryptedAssertion encrypt​(Assertion assertion) throws EncryptionException
      Encrypt the specified Assertion.
      Parameters:
      assertion - the Assertion to encrypt
      Returns:
      an EncryptedAssertion
      Throws:
      EncryptionException - thrown when encryption generates an error

    • encryptAsID

      public EncryptedID encryptAsID​(Assertion assertion) throws EncryptionException
      Encrypt the specified Assertion, treating as an identifier and returning an EncryptedID.
      Parameters:
      assertion - the Assertion to encrypt
      Returns:
      an EncryptedID
      Throws:
      EncryptionException - thrown when encryption generates an error

    • encrypt

      public EncryptedAttribute encrypt​(Attribute attribute) throws EncryptionException
      Encrypt the specified Attribute.
      Parameters:
      attribute - the Attribute to encrypt
      Returns:
      an EncryptedAttribute
      Throws:
      EncryptionException - thrown when encryption generates an error

    • encrypt

      public EncryptedID encrypt​(NameID nameID) throws EncryptionException
      Encrypt the specified NameID.
      Parameters:
      nameID - the NameID to encrypt
      Returns:
      an EncryptedID
      Throws:
      EncryptionException - thrown when encryption generates an error

    • encrypt

      public EncryptedID encrypt​(BaseID baseID) throws EncryptionException
      Encrypt the specified BaseID.
      Parameters:
      baseID - the BaseID to encrypt
      Returns:
      an EncryptedID
      Throws:
      EncryptionException - thrown when encryption generates an error

    • encrypt

      public NewEncryptedID encrypt​(NewID newID) throws EncryptionException
      Encrypt the specified NewID.
      Parameters:
      newID - the NewID to encrypt
      Returns:
      a NewEncryptedID
      Throws:
      EncryptionException - thrown when encryption generates an error

    • logPreEncryption

      private void logPreEncryption​(XMLObject xmlObject, String objectType)
      Log the target object prior to encryption.
      Parameters:
      xmlObject - the XMLObject to encrypt
      objectType - String description of the type of object to encrypt

    • encrypt

      private EncryptedElementType encrypt​(XMLObject xmlObject, QName encElementName) throws EncryptionException
      Encrypt the specified XMLObject, and return it as an instance of the specified QName, which should be one of the types derived from EncryptedElementType.
      Parameters:
      xmlObject - the XMLObject to encrypt
      encElementName - the QName of the specialization of EncryptedElementType to return
      Returns:
      a specialization of EncryptedElementType
      Throws:
      EncryptionException - thrown when encryption generates an error

    • processElements

      protected EncryptedElementType processElements​(EncryptedElementType encElement, EncryptedData encData, List<EncryptedKey> encKeys) throws EncryptionException
      Handle post-processing of generated EncryptedData and EncryptedKey(s) and storage in the appropriate EncryptedElementType instance.
      Parameters:
      encElement - the EncryptedElementType instance which will hold the encrypted data and keys
      encData - the EncryptedData object
      encKeys - the list of EncryptedKey objects
      Returns:
      the processed EncryptedElementType instance
      Throws:
      EncryptionException - thrown when processing encounters an error

    • placeKeysInline

      protected EncryptedElementType placeKeysInline​(EncryptedElementType encElement, EncryptedData encData, List<EncryptedKey> encKeys)
      Place the EncryptedKey elements inside the KeyInfo element within the EncryptedData element. Although operationally trivial, this method is provided so that subclasses may override or augment as desired.
      Parameters:
      encElement - the EncryptedElementType instance which will hold the encrypted data and keys
      encData - the EncryptedData object
      encKeys - the list of EncryptedKey objects
      Returns:
      the processed EncryptedElementType instance

    • placeKeysAsPeers

      protected EncryptedElementType placeKeysAsPeers​(EncryptedElementType encElement, EncryptedData encData, List<EncryptedKey> encKeys)
      Store the specified EncryptedData and EncryptedKey(s) in the specified instance of EncryptedElementType as peer elements, following SAML 2 Errata E43 guidelines for forward and back referencing between the EncryptedData and EncryptedKey(s).
      Parameters:
      encElement - a specialization of EncryptedElementType to store the encrypted data and keys
      encData - the EncryptedData to store
      encKeys - the EncryptedKey(s) to store
      Returns:
      the resulting specialization of EncryptedElementType

    • linkSinglePeerKey

      protected void linkSinglePeerKey​(EncryptedData encData, EncryptedKey encKey)
      Link a single EncryptedKey to the EncryptedData according to guidelines in SAML Errata E43.
      Parameters:
      encData - the EncryptedData
      encKey - the EncryptedKey

    • linkMultiplePeerKeys

      protected void linkMultiplePeerKeys​(EncryptedData encData, List<EncryptedKey> encKeys)
      Link multiple "multicast" EncryptedKeys to the EncryptedData according to guidelines in SAML Errata E43.
      Parameters:
      encData - the EncryptedData
      encKeys - the list of EncryptedKeys