Package org.opensaml.saml.saml2.encryption

Class Encrypter

java.lang.Object
org.opensaml.xmlsec.encryption.support.Encrypter
org.opensaml.saml.saml2.encryption.Encrypter
public class Encrypter extends Encrypter
Encrypter for SAML 2 SAMLObjects which has specific options for generating instances of subtypes of EncryptedElementType.

Overloaded methods are provided for encrypting various SAML 2 elements to their corresponding encrypted element variant of EncryptedElementType.

Support is also provided for differing placement options for any associated EncryptedKeys that may be generated. The options are:

  • INLINE: EncryptedKeys will placed inside the KeyInfo element of the EncryptedData element
  • PEER: EncryptedKeys will be placed as peer elements of the EncryptedData inside the EncryptedElementType element

The default placement is PEER.

The EncryptedKey forward and back referencing behavior associated with these key placement options is intended to be consistent with the guidelines detailed in SAML 2 Errata E43. See that document for further information.

For information on other parameters and options, and general XML Encryption issues, see Encrypter.

  • Field Details

  • Constructor Details

  • Method Details

    • init

      private void init()
      Helper method for constructors.

    • setIDGenerator

      public void setIDGenerator(@Nonnull IdentifierGenerationStrategy newIDGenerator)
      Set the generator to use when creating XML ID attribute values.
      Parameters:
      newIDGenerator - the new IdentifierGenerator to use

    • getKeyPlacement

      @Nonnull public Encrypter.KeyPlacement getKeyPlacement()
      Get the current key placement option.
      Returns:
      returns the key placement option.

    • setKeyPlacement

      public void setKeyPlacement(@Nonnull Encrypter.KeyPlacement newKeyPlacement)
      Set the key placement option.
      Parameters:
      newKeyPlacement - The new key placement option to set

    • encrypt

      @Nonnull public EncryptedAssertion encrypt(@Nonnull Assertion assertion) throws EncryptionException
      Encrypt the specified Assertion.
      Parameters:
      assertion - the Assertion to encrypt
      Returns:
      an EncryptedAssertion
      Throws:
      EncryptionException - thrown when encryption generates an error

    • encryptAsID

      @Nonnull public EncryptedID encryptAsID(@Nonnull Assertion assertion) throws EncryptionException
      Encrypt the specified Assertion, treating as an identifier and returning an EncryptedID.
      Parameters:
      assertion - the Assertion to encrypt
      Returns:
      an EncryptedID
      Throws:
      EncryptionException - thrown when encryption generates an error

    • encrypt

      @Nonnull public EncryptedAttribute encrypt(@Nonnull Attribute attribute) throws EncryptionException
      Encrypt the specified Attribute.
      Parameters:
      attribute - the Attribute to encrypt
      Returns:
      an EncryptedAttribute
      Throws:
      EncryptionException - thrown when encryption generates an error

    • encrypt

      @Nonnull public EncryptedID encrypt(@Nonnull NameID nameID) throws EncryptionException
      Encrypt the specified NameID.
      Parameters:
      nameID - the NameID to encrypt
      Returns:
      an EncryptedID
      Throws:
      EncryptionException - thrown when encryption generates an error

    • encrypt

      @Nonnull public EncryptedID encrypt(@Nonnull BaseID baseID) throws EncryptionException
      Encrypt the specified BaseID.
      Parameters:
      baseID - the BaseID to encrypt
      Returns:
      an EncryptedID
      Throws:
      EncryptionException - thrown when encryption generates an error

    • encrypt

      @Nonnull public NewEncryptedID encrypt(@Nonnull NewID newID) throws EncryptionException
      Encrypt the specified NewID.
      Parameters:
      newID - the NewID to encrypt
      Returns:
      a NewEncryptedID
      Throws:
      EncryptionException - thrown when encryption generates an error

    • logPreEncryption

      private void logPreEncryption(@Nonnull XMLObject xmlObject, @Nonnull String objectType)
      Log the target object prior to encryption.
      Parameters:
      xmlObject - the XMLObject to encrypt
      objectType - String description of the type of object to encrypt

    • encrypt

      @Nonnull private EncryptedElementType encrypt(@Nonnull XMLObject xmlObject, @Nonnull QName encElementName) throws EncryptionException
      Encrypt the specified XMLObject, and return it as an instance of the specified QName, which should be one of the types derived from EncryptedElementType.
      Parameters:
      xmlObject - the XMLObject to encrypt
      encElementName - the QName of the specialization of EncryptedElementType to return
      Returns:
      a specialization of EncryptedElementType
      Throws:
      EncryptionException - thrown when encryption generates an error

    • processElements

      @Nonnull protected EncryptedElementType processElements(@Nonnull EncryptedElementType encElement, @Nonnull EncryptedData encData, @Nonnull List<EncryptedKey> encKeys) throws EncryptionException
      Handle post-processing of generated EncryptedData and EncryptedKey(s) and storage in the appropriate EncryptedElementType instance.
      Parameters:
      encElement - the EncryptedElementType instance which will hold the encrypted data and keys
      encData - the EncryptedData object
      encKeys - the list of EncryptedKey objects
      Returns:
      the processed EncryptedElementType instance
      Throws:
      EncryptionException - thrown when processing encounters an error

    • placeKeysInline

      @Nonnull protected EncryptedElementType placeKeysInline(@Nonnull EncryptedElementType encElement, @Nonnull EncryptedData encData, @Nonnull List<EncryptedKey> encKeys)
      Place the EncryptedKey elements inside the KeyInfo element within the EncryptedData element. Although operationally trivial, this method is provided so that subclasses may override or augment as desired.
      Parameters:
      encElement - the EncryptedElementType instance which will hold the encrypted data and keys
      encData - the EncryptedData object
      encKeys - the list of EncryptedKey objects
      Returns:
      the processed EncryptedElementType instance

    • placeKeysAsPeers

      @Nonnull protected EncryptedElementType placeKeysAsPeers(@Nonnull EncryptedElementType encElement, @Nonnull EncryptedData encData, @Nonnull List<EncryptedKey> encKeys)
      Store the specified EncryptedData and EncryptedKey(s) in the specified instance of EncryptedElementType as peer elements, following SAML 2 Errata E43 guidelines for forward and back referencing between the EncryptedData and EncryptedKey(s).
      Parameters:
      encElement - a specialization of EncryptedElementType to store the encrypted data and keys
      encData - the EncryptedData to store
      encKeys - the EncryptedKey(s) to store
      Returns:
      the resulting specialization of EncryptedElementType

    • linkSinglePeerKey

      protected void linkSinglePeerKey(@Nonnull EncryptedData encData, @Nonnull EncryptedKey encKey)
      Link a single EncryptedKey to the EncryptedData according to guidelines in SAML Errata E43.
      Parameters:
      encData - the EncryptedData
      encKey - the EncryptedKey

    • linkMultiplePeerKeys

      protected void linkMultiplePeerKeys(@Nonnull EncryptedData encData, @Nonnull List<EncryptedKey> encKeys)
      Link multiple "multicast" EncryptedKeys to the EncryptedData according to guidelines in SAML Errata E43.
      Parameters:
      encData - the EncryptedData
      encKeys - the list of EncryptedKeys