Package se.litsec.opensaml.xmlsec

Class SAMLObjectDecrypter

    • Constructor Detail

      • SAMLObjectDecrypter

        public SAMLObjectDecrypter​(Credential decryptionCredential)
        Constructor given the credential to use to decrypt the messages (certificate or key pair).
        Parameters:
        decryptionCredential - decryption credential

      • SAMLObjectDecrypter

        public SAMLObjectDecrypter​(List<Credential> decryptionCredentials)
        Constructor accepting several credentials (certificates or key pairs) to be used when decrypting. This may be useful after a key rollover.
        Parameters:
        decryptionCredentials - decryption credentials

    • Method Detail

      • decrypt

        public <T extends XMLObject,​E extends EncryptedElementType> T decrypt​(E encryptedObject,
                                                                            Class<T> destinationClass)
                                                                     throws DecryptionException
        Decrypts the supplied encrypted object into an object of the given type.
        Type Parameters:
        T - the type of the destination object
        E - the type of the encrypted object
        Parameters:
        encryptedObject - the encrypted object
        destinationClass - the class of the destination object
        Returns:
        the decrypted element of object T
        Throws:
        DecryptionException - for decryption errors

      • decrypt

        public <T extends XMLObject> T decrypt​(EncryptedData encryptedData,
                                       Class<T> destinationClass)
                                throws DecryptionException
        Decrypts the supplied encrypted object into an object of the given type.
        Type Parameters:
        T - the type of the destination object
        Parameters:
        encryptedData - the encrypted data
        destinationClass - the class of the destination object
        Returns:
        the decrypted element of object T
        Throws:
        DecryptionException - for decryption errors

      • setBlacklistedAlgorithms

        public void setBlacklistedAlgorithms​(Collection<String> blacklistedAlgorithms)
        Assigns a list of black listed algorithms
        Parameters:
        blacklistedAlgorithms - non allowed algorithms

      • setWhitelistedAlgorithms

        public void setWhitelistedAlgorithms​(Collection<String> whitelistedAlgorithms)
        Assigns a list of white listed algorithms
        Parameters:
        whitelistedAlgorithms - white listed algorithms

      • setPkcs11Workaround

        public void setPkcs11Workaround​(boolean pkcs11Workaround)
        If using a HSM it is likely that the SunPKCS11 crypto provider is used. This provider does not have support for OAEP padding. This is used commonly for XML encryption since http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p is the default algorithm to use for key encryption. This class has a workaround for this limitation that is enabled by setting the pkcs11Workaround flag.
        Parameters:
        pkcs11Workaround - whether to run in PKCS11 workaround mode

      • setPkcs11testMode

        public void setPkcs11testMode​(boolean pkcs11testMode)
        For internal testing only.
        Parameters:
        pkcs11testMode - test flag