se.litsec.swedisheid.opensaml.saml2.signservice

Class SignMessageFactory

java.lang.Object

se.litsec.swedisheid.opensaml.saml2.signservice.SignMessageFactory

public class SignMessageFactory
extends Object

A builder for an easy way to create and encrypt messages for SignMessage.

Author:

Martin Lindström (martin.lindstrom@litsec.se)

Constructor Summary

Constructors

Constructor and Description
SignMessageFactory(se.litsec.opensaml.saml2.metadata.provider.MetadataProvider federationMetadataProvider) Constructor.

Method Summary

Modifier and Type	Method and Description
SignMessage	create(String message, SignMessageMimeTypeEnum mimeType, Boolean mustShow, String displayEntity, boolean encrypt) Creates a SignMessage object.
EncryptedMessage	encrypt(Message message, Credential credential) Given a Message object and key encryption credentials the method encrypts the message into a EncryptedMessage object.
Credential	getKeyEncryptionCredential(String idpEntityID) Locates a encryption credential for the given IdP from the federaion metadata.
void	setEncryptionAlgorithmId(String encryptionAlgorithmId) Assigns the encryption algorithm to use when encrypting messages.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SignMessageFactory

public SignMessageFactory(se.litsec.opensaml.saml2.metadata.provider.MetadataProvider federationMetadataProvider)

Constructor.

Parameters:

federationMetadataProvider - the federation metadata that is used for locating IdP encryption keys

Method Detail

create

public SignMessage create(String message,
                          SignMessageMimeTypeEnum mimeType,
                          Boolean mustShow,
                          String displayEntity,
                          boolean encrypt)
                   throws ResolverException,
                          EncryptionException

Creates a SignMessage object.

Parameters:

message - the message to include (in cleartext)

mimeType - the MIME type of the message

mustShow - when this parameter is set to true then the requested signature MUST NOT be created unless this message has been displayed and accepted by the signer

displayEntity - the entityID of the entity responsible for displaying the sign message to the signer. When the sign message is encrypted, then this entity is also the holder of the private decryption key necessary to decrypt the sign message

encrypt - should the message be encryped?

Returns:

a SignMessage object

Throws:

ResolverException - for metadata related errors

EncryptionException - for encryption errors

getKeyEncryptionCredential

public Credential getKeyEncryptionCredential(String idpEntityID)

Locates a encryption credential for the given IdP from the federaion metadata.

Parameters:

idpEntityID - the IdP entityID

Returns:

an encryption credential, or null if none is found

encrypt

public EncryptedMessage encrypt(Message message,
                                Credential credential)
                         throws EncryptionException

Given a Message object and key encryption credentials the method encrypts the message into a EncryptedMessage object.

Parameters:

message - the message to encrypt

credential - the key encryption credential (IdP public key/certificate)

Returns:

an EncryptedMessage object

Throws:

EncryptionException - for encryption errors

setEncryptionAlgorithmId

public void setEncryptionAlgorithmId(String encryptionAlgorithmId)

Assigns the encryption algorithm to use when encrypting messages.

The default is EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128.

Note that if an algorithm that uses larger keys is required the JCE unlimited strength policy files must be installed. For Java 8, download it from http://www.oracle.com/ technetwork/java/javase/downloads/jce8-download-2133166.html.

Parameters:

encryptionAlgorithmId - the algorithm to assign