Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SAML2 assertion encryption using public key (opensaml)

I've recently tried to encrypt Saml2 assertion using relaying-party service public key. Unfortunately I can't finalise even the test phase

here is my code

public class EncryptionTest {

public static void main(String args[]){
    try {

    // The Assertion to be encrypted
        FileInputStream fis;
        DataInputStream in, in2;

        File f = new File("src/main/resources/AssertionTest");
        byte[] buffer = new byte[(int) f.length()];
        in = new DataInputStream(new FileInputStream(f));
        in.readFully(buffer);
        in.close();

        //Assertion = DataInputStream.readUTF(in);
        String in_assert = new String(buffer);  

        System.out.println(in_assert);

    org.apache.axiom.om.OMElement OMElementAssertion = org.apache.axiom.om.util.AXIOMUtil.stringToOM(in_assert);
    Assertion assertion = convertOMElementToAssertion2(OMElementAssertion);

    // Assume this contains a recipient's RSA public key
    Credential keyEncryptionCredential;

    keyEncryptionCredential = getCredentialFromFilePath("src/main/resources/cert.pem");


    EncryptionParameters encParams = new EncryptionParameters();
    encParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);

    KeyEncryptionParameters kekParams = new KeyEncryptionParameters();
    kekParams.setEncryptionCredential(keyEncryptionCredential);
    kekParams.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
    KeyInfoGeneratorFactory kigf =
        Configuration.getGlobalSecurityConfiguration()
        .getKeyInfoGeneratorManager().getDefaultManager()
        .getFactory(keyEncryptionCredential);
    kekParams.setKeyInfoGenerator(kigf.newInstance());

    Encrypter samlEncrypter = new Encrypter(encParams, kekParams);
    samlEncrypter.setKeyPlacement(KeyPlacement.PEER);

    EncryptedAssertion encryptedAssertion = samlEncrypter.encrypt(assertion);

     System.out.println(encryptedAssertion);

    } catch (EncryptionException e) {
        e.printStackTrace();
    } catch (CertificateException e1) {
        // TODO Auto-generated catch block
        e1.printStackTrace();
    } catch (KeyException e1) {
        // TODO Auto-generated catch block
        e1.printStackTrace();
    } catch (IOException e1) {
        // TODO Auto-generated catch block
        e1.printStackTrace();
    } catch (XMLStreamException e2) {
        // TODO Auto-generated catch block
        e2.printStackTrace();
    }


}

  public static Credential getCredentialFromFilePath(String certPath) throws IOException, CertificateException, KeyException {
      InputStream inStream = new FileInputStream(certPath);
      CertificateFactory cf = CertificateFactory.getInstance("X.509");
      Certificate cert =  cf.generateCertificate(inStream);
      inStream.close();

      //"Show yourself!"
      System.out.println(cert.toString());

      BasicX509Credential cred = new BasicX509Credential();
      cred.setEntityCertificate((java.security.cert.X509Certificate) cert);
      cred.setPrivateKey(null);

      //System.out.println(cred.toString());

       return cred;

      //return (Credential) org.opensaml.xml.security.SecurityHelper.getSimpleCredential( (X509Certificate) cert, privatekey);
  }

  public static Assertion convertOMElementToAssertion2(OMElement element) {

        Element assertionSAMLDOOM = (Element) new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(), element.getXMLStreamReader()).getDocumentElement();
        try {
          UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
          Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(Assertion.DEFAULT_ELEMENT_NAME);

         return (Assertion) unmarshaller.unmarshall(assertionSAMLDOOM);      
        } catch (Exception e1) {
            System.out.println("error: " + e1.toString());
        }
        return null;
      }



}

I constantly recive Null pointer exception in

    KeyInfoGeneratorFactory kigf =
        Configuration.getGlobalSecurityConfiguration()
        .getKeyInfoGeneratorManager().getDefaultManager()
        .getFactory(keyEncryptionCredential);
    kekParams.setKeyInfoGenerator(kigf.newInstance());

How can I set GlobalSecurityConfiguration or is there different approach of encrypting Assertion which will work?

like image 815
Erwin Avatar asked Jan 17 '23 16:01

Erwin


1 Answers

This question was laying open for too long. The problem was initialization of OpenSaml. Simple

DefaultBootstrap.bootstrap();

helped and solved problem.

like image 163
Erwin Avatar answered Jan 19 '23 05:01

Erwin