3 files changed, 51 insertions, 4 deletions

diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index 21d146b4d..57ed9a760 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -713,6 +713,16 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
     <td>password</td>
     <td>Passwort des Schl&uuml;ssels mit dem die PVP 2.1 Assertion durch MOA-ID-Auth unterschieben wird</td>
   </tr>
+  <tr>
+    <td>protocols.pvp2.sp.ks.assertion.encryption.alias</td>
+    <td>pvp_encryption</td>
+    <td>Name des Schl&uuml;ssels mit dem PVP 2.1 Assertion f&uuml;r MOA-ID-Auth als Service Provider durch einen weiteren IDP Verschl&uuml;sselt werden sollen (siehe Kapitel <a href="./../interfederation/interfederation.html">Interfederation</a>)</td>
+  </tr>
+  <tr>
+    <td>protocols.pvp2.sp.ks.assertion.encryption.keypassword</td>
+    <td>password</td>
+    <td>Passwort des Schl&uuml;ssels mit dem PVP 2.1 Assertion f&uuml;r MOA-ID-Auth als Service Provider durch einen weiteren IDP Verschl&uuml;sselt werden sollen (siehe Kapitel <a href="./../interfederation/interfederation.html">Interfederation</a>)</td>
+  </tr>
 </table>
 <p>&nbsp;</p>
 <h5><a name="basisconfig_moa_id_auth_param_protocol_openid" id="uebersicht_bekanntmachung11"></a>2.2.2.3.2 OpenID Connect</h5>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 9f2ad2e1b..c189d44a6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -69,9 +69,9 @@ public class PVPConfiguration {
 		return instance;
 	}
 
-	public static final String PVP2_METADATA = "/pvp2/metadata";
-	public static final String PVP2_REDIRECT = "/pvp2/redirect";
-	public static final String PVP2_POST = "/pvp2/post";
+	public static final String PVP2_METADATA = 	"/pvp2/metadata";
+	public static final String PVP2_REDIRECT = 	"/pvp2/redirect";
+	public static final String PVP2_POST = 		"/pvp2/post";
 	
 	public static final String PVP_CONFIG_FILE = "pvp2config.properties";
 	
@@ -84,6 +84,9 @@ public class PVPConfiguration {
 	public static final String IDP_KEYALIASASSERTION = "idp.ks.assertion.sign.alias";	
 	public static final String IDP_KEY_PASSASSERTION = "idp.ks.assertion.sign.keypassword";
 
+	public static final String IDP_KEYALIASENCRYTPION = "sp.ks.assertion.encryption.alias";	
+	public static final String IDP_KEY_PASSENCRYTPION = "sp.ks.assertion.encryption.keypassword";
+	
 	public static final String IDP_ISSUER_NAME = "idp.issuer.name";
 
 	public static final String METADATA_FILE = "md.dir";
@@ -173,6 +176,14 @@ public class PVPConfiguration {
 		return props.getProperty(IDP_KEY_PASSASSERTION);
 	}
 
+	public String getIDPKeyAliasAssertionEncryption() {
+		return props.getProperty(IDP_KEYALIASASSERTION);
+	}
+
+	public String getIDPKeyPasswordAssertionEncryption() {
+		return props.getProperty(IDP_KEY_PASSASSERTION);
+	}
+	
 	public String getIDPIssuerName() throws ConfigurationException {
 		
 		if (moaIDVersion == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
index d95e21a0e..48e435777 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.KeyStoreUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 public class CredentialProvider {
 	
@@ -86,7 +87,32 @@ public class CredentialProvider {
 			throw new CredentialsNotAvailableException(e.getMessage(), null);
 		}
 	}
-		
+	
+	public static X509Credential getIDPAssertionEncryptionCredential()
+			throws CredentialsNotAvailableException {
+		PVPConfiguration config = PVPConfiguration.getInstance();
+		try {
+			if (keyStore == null)
+				keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(), 
+						config.getIDPKeyStorePassword());
+
+			//if no encryption key is configured return null
+			if (MiscUtil.isEmpty(config.getIDPKeyAliasAssertionEncryption()))
+				return null;
+			
+			MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
+					keyStore, config.getIDPKeyAliasAssertionEncryption(), config
+							.getIDPKeyPasswordAssertionEncryption().toCharArray());
+			
+			credentials.setUsageType(UsageType.ENCRYPTION);
+			return (X509Credential) credentials;
+		} catch (Exception e) {
+			Logger.error("Failed to generate IDP Assertion Encryption credentials");
+			e.printStackTrace();
+			throw new CredentialsNotAvailableException(e.getMessage(), null);
+		}
+	}
+	
 	public static Signature getIDPSignature(Credential credentials) {
 		
 		PrivateKey privatekey = credentials.getPrivateKey();