se.litsec.opensaml.xmlsec

Class ExtendedDecrypter

java.lang.Object

org.opensaml.xmlsec.encryption.support.Decrypter

se.litsec.opensaml.xmlsec.ExtendedDecrypter

public class ExtendedDecrypter
extends Decrypter

An extension of OpenSAML:s Decrypter implementation that handles the problem that when using the SunPKCS11 crypto provider the OAEPPadding does not work. This implementation supplies an workaround for this problem.

See this post on Stack overflow.

Author:

Martin Lindström (martin.lindstrom@litsec.se)

Constructor Summary

Constructors

Constructor and Description
ExtendedDecrypter(DecryptionParameters params) Constructor.
ExtendedDecrypter(KeyInfoCredentialResolver newResolver, KeyInfoCredentialResolver newKEKResolver, EncryptedKeyResolver newEncKeyResolver) Constructor.
ExtendedDecrypter(KeyInfoCredentialResolver newResolver, KeyInfoCredentialResolver newKEKResolver, EncryptedKeyResolver newEncKeyResolver, Collection<String> whitelistAlgos, Collection<String> blacklistAlgos) Constructor.

Method Summary

Modifier and Type	Method and Description
Key	decryptKey(EncryptedKey encryptedKey, String algorithm, Key kek) Overrides the Decrypter.decryptKey(EncryptedKey, String, Key) so that we may handle the unsupported features of the SunPKCS11 provider.
void	init() Init method for setting key size ...
void	setTestMode(boolean testMode) Should we run this class in test mode?

Methods inherited from class org.opensaml.xmlsec.encryption.support.Decrypter

buildParserPool, checkAndMarshall, decryptData, decryptData, decryptDataToDOM, decryptDataToDOM, decryptDataToList, decryptDataToList, decryptKey, getJCAProviderName, getKEKResolverCriteria, getKeyResolverCriteria, isRootInNewDocument, preProcessEncryptedKey, setJCAProviderName, setKEKResolverCriteria, setKeyResolverCriteria, setRootInNewDocument, validateAlgorithms, validateAlgorithms, validateAlgorithmURI

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ExtendedDecrypter

public ExtendedDecrypter(DecryptionParameters params)

Constructor.

Parameters:

params - decryption parameters to use

ExtendedDecrypter

public ExtendedDecrypter(KeyInfoCredentialResolver newResolver,
                         KeyInfoCredentialResolver newKEKResolver,
                         EncryptedKeyResolver newEncKeyResolver)

Constructor.

Parameters:

newResolver - resolver for data encryption keys.

newKEKResolver - resolver for key encryption keys.

newEncKeyResolver - resolver for EncryptedKey elements

ExtendedDecrypter

public ExtendedDecrypter(KeyInfoCredentialResolver newResolver,
                         KeyInfoCredentialResolver newKEKResolver,
                         EncryptedKeyResolver newEncKeyResolver,
                         Collection<String> whitelistAlgos,
                         Collection<String> blacklistAlgos)

Constructor.

Parameters:

newResolver - resolver for data encryption keys.

newKEKResolver - resolver for key encryption keys.

newEncKeyResolver - resolver for EncryptedKey elements

whitelistAlgos - collection of whitelisted algorithm URIs

blacklistAlgos - collection of blacklisted algorithm URIs

Method Detail

init

public void init()

Init method for setting key size ...

decryptKey

public Key decryptKey(EncryptedKey encryptedKey,
                      String algorithm,
                      Key kek)
               throws DecryptionException

Overrides the Decrypter.decryptKey(EncryptedKey, String, Key) so that we may handle the unsupported features of the SunPKCS11 provider.

Overrides:

decryptKey in class Decrypter

Throws:

DecryptionException

setTestMode

public void setTestMode(boolean testMode)

Should we run this class in test mode?

Parameters:

testMode - test mode flag