diff options
author | Thomas <> | 2023-01-18 13:46:22 +0100 |
---|---|---|
committer | Thomas <> | 2023-01-18 13:46:22 +0100 |
commit | 19a717e5684ea7cac8a39d24263cde0825c95968 (patch) | |
tree | 8d31979c0cebd5c8f841a739c6c6b3ad05650582 /eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz | |
parent | 4a6a9f69d15d4a517af075b31e06ae73a1aa3262 (diff) | |
download | EAAF-Components-19a717e5684ea7cac8a39d24263cde0825c95968.tar.gz EAAF-Components-19a717e5684ea7cac8a39d24263cde0825c95968.tar.bz2 EAAF-Components-19a717e5684ea7cac8a39d24263cde0825c95968.zip |
fix(saml2): support XML decryption by using key from HSM-Facade
Details: openSAML4 uses org.apache.xml.security.algorithms.JCEMapper to
define JCE cryptoprovider for openSAML crypto. operations. However, this
JCEMapper is not used for openSAML Decrypter, so it must be set manually.
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz')
-rw-r--r-- | eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java index 60800eb2..6cace5cb 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java @@ -30,6 +30,7 @@ import javax.xml.validation.Schema; import javax.xml.validation.Validator; import org.apache.commons.lang3.StringUtils; +import org.apache.xml.security.algorithms.JCEMapper; import org.joda.time.DateTime; import org.opensaml.core.criterion.EntityIdCriterion; import org.opensaml.core.xml.io.MarshallingException; @@ -375,7 +376,8 @@ public class SamlVerificationEngine { final Decrypter samlDecrypter = new Decrypter(null, new StaticKeyInfoCredentialResolver(assertionDecryption), new ChainingEncryptedKeyResolver(listOfKeyResolvers)); - + samlDecrypter.setJCAProviderName(JCEMapper.getProviderId()); + for (final EncryptedAssertion encAssertion : encryAssertionList) { saml2assertions.add(samlDecrypter.decrypt(encAssertion)); |