RetrievalMethodEncryptedKeyResolver.java
4.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
/*
* Decompiled with CFR 0_118.
*
* Could not load the following classes:
* org.apache.xml.security.encryption.EncryptedKey
* org.apache.xml.security.encryption.XMLCipher
* org.apache.xml.security.encryption.XMLEncryptionException
* org.apache.xml.security.keys.keyresolver.KeyResolverException
* org.apache.xml.security.keys.keyresolver.KeyResolverSpi
* org.apache.xml.security.keys.storage.StorageResolver
* org.slf4j.Logger
* org.slf4j.LoggerFactory
*/
package com.adobe.granite.auth.saml.util;
import java.security.Key;
import java.util.HashMap;
import java.util.Iterator;
import javax.crypto.SecretKey;
import javax.xml.namespace.NamespaceContext;
import javax.xml.namespace.QName;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.xml.security.encryption.EncryptedKey;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.keys.keyresolver.KeyResolverException;
import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
import org.apache.xml.security.keys.storage.StorageResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
public class RetrievalMethodEncryptedKeyResolver
extends KeyResolverSpi {
private static Logger log = LoggerFactory.getLogger(RetrievalMethodEncryptedKeyResolver.class);
private static final String ATTR_RETRIEVAL_METHOD = "ds:RetrievalMethod";
private static final String TYPE_ENCRYPTED_KEY = "http://www.w3.org/2001/04/xmlenc#EncryptedKey";
private static final String NS_PREFIX_XENC = "xenc";
private static final String NS_URI_XENC = "http://www.w3.org/2001/04/xmlenc#";
private final String algorithm;
private Key decryptionKey;
public RetrievalMethodEncryptedKeyResolver(String algorithm, Key decryptionKey) {
this.algorithm = algorithm;
this.decryptionKey = decryptionKey;
}
public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
return "ds:RetrievalMethod".equals(element.getLocalName()) && "http://www.w3.org/2001/04/xmlenc#EncryptedKey".equals(element.getAttributeNS(null, "Type"));
}
public SecretKey engineLookupAndResolveSecretKey(Element element, String baseURI, StorageResolver storage) throws KeyResolverException {
log.debug("Lookup and resolve secret key: ", (Object)element, (Object)baseURI);
String refURI = element.getAttributeNS(null, "URI");
if (refURI != null && !refURI.isEmpty()) {
XPath xpath = XPathFactory.newInstance().newXPath();
xpath.setNamespaceContext(new NamespaceContext(){
HashMap<String, String> namespaceMap;
HashMap<String, String> prefixMap;
@Override
public String getNamespaceURI(String prefix) {
return this.namespaceMap.get(prefix);
}
@Override
public String getPrefix(String namespaceURI) {
return this.prefixMap.get(namespaceURI);
}
@Override
public Iterator getPrefixes(String namespaceURI) {
return null;
}
});
try {
Element result = (Element)xpath.evaluate("//xenc:EncryptedKey[@Id='" + refURI.substring(1) + "']", element.getOwnerDocument(), XPathConstants.NODE);
XMLCipher cipher = XMLCipher.getInstance();
cipher.init(4, this.decryptionKey);
EncryptedKey ek = cipher.loadEncryptedKey(result);
SecretKey secretKey = (SecretKey)cipher.decryptKey(ek, this.algorithm);
log.debug("Got secret key: " + secretKey);
return secretKey;
}
catch (XPathExpressionException e) {
log.error("Error retrieving secret key: ", (Throwable)e);
}
catch (XMLEncryptionException e) {
e.printStackTrace();
}
}
return null;
}
}