使用公钥进行SAML2断言加密(opensaml)

时间:2012-05-15 09:41:56

标签: encryption public-key-encryption assertion saml-2.0 opensaml

我最近尝试使用中继方服务公钥加密Saml2断言。不幸的是,我甚至无法完成测试阶段

这是我的代码

public class EncryptionTest {

public static void main(String args[]){
    try {

    // The Assertion to be encrypted
        FileInputStream fis;
        DataInputStream in, in2;

        File f = new File("src/main/resources/AssertionTest");
        byte[] buffer = new byte[(int) f.length()];
        in = new DataInputStream(new FileInputStream(f));
        in.readFully(buffer);
        in.close();

        //Assertion = DataInputStream.readUTF(in);
        String in_assert = new String(buffer);  

        System.out.println(in_assert);

    org.apache.axiom.om.OMElement OMElementAssertion = org.apache.axiom.om.util.AXIOMUtil.stringToOM(in_assert);
    Assertion assertion = convertOMElementToAssertion2(OMElementAssertion);

    // Assume this contains a recipient's RSA public key
    Credential keyEncryptionCredential;

    keyEncryptionCredential = getCredentialFromFilePath("src/main/resources/cert.pem");


    EncryptionParameters encParams = new EncryptionParameters();
    encParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);

    KeyEncryptionParameters kekParams = new KeyEncryptionParameters();
    kekParams.setEncryptionCredential(keyEncryptionCredential);
    kekParams.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
    KeyInfoGeneratorFactory kigf =
        Configuration.getGlobalSecurityConfiguration()
        .getKeyInfoGeneratorManager().getDefaultManager()
        .getFactory(keyEncryptionCredential);
    kekParams.setKeyInfoGenerator(kigf.newInstance());

    Encrypter samlEncrypter = new Encrypter(encParams, kekParams);
    samlEncrypter.setKeyPlacement(KeyPlacement.PEER);

    EncryptedAssertion encryptedAssertion = samlEncrypter.encrypt(assertion);

     System.out.println(encryptedAssertion);

    } catch (EncryptionException e) {
        e.printStackTrace();
    } catch (CertificateException e1) {
        // TODO Auto-generated catch block
        e1.printStackTrace();
    } catch (KeyException e1) {
        // TODO Auto-generated catch block
        e1.printStackTrace();
    } catch (IOException e1) {
        // TODO Auto-generated catch block
        e1.printStackTrace();
    } catch (XMLStreamException e2) {
        // TODO Auto-generated catch block
        e2.printStackTrace();
    }


}

  public static Credential getCredentialFromFilePath(String certPath) throws IOException, CertificateException, KeyException {
      InputStream inStream = new FileInputStream(certPath);
      CertificateFactory cf = CertificateFactory.getInstance("X.509");
      Certificate cert =  cf.generateCertificate(inStream);
      inStream.close();

      //"Show yourself!"
      System.out.println(cert.toString());

      BasicX509Credential cred = new BasicX509Credential();
      cred.setEntityCertificate((java.security.cert.X509Certificate) cert);
      cred.setPrivateKey(null);

      //System.out.println(cred.toString());

       return cred;

      //return (Credential) org.opensaml.xml.security.SecurityHelper.getSimpleCredential( (X509Certificate) cert, privatekey);
  }

  public static Assertion convertOMElementToAssertion2(OMElement element) {

        Element assertionSAMLDOOM = (Element) new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(), element.getXMLStreamReader()).getDocumentElement();
        try {
          UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
          Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(Assertion.DEFAULT_ELEMENT_NAME);

         return (Assertion) unmarshaller.unmarshall(assertionSAMLDOOM);      
        } catch (Exception e1) {
            System.out.println("error: " + e1.toString());
        }
        return null;
      }



}

我不断在

中重现Null指针异常
    KeyInfoGeneratorFactory kigf =
        Configuration.getGlobalSecurityConfiguration()
        .getKeyInfoGeneratorManager().getDefaultManager()
        .getFactory(keyEncryptionCredential);
    kekParams.setKeyInfoGenerator(kigf.newInstance());

如何设置GlobalSecurityConfiguration,或者是否有不同的加密Assertion的方法?

1 个答案:

答案 0 :(得分:8)

这个问题已经开放了很长时间。问题是OpenSaml的初始化。 简单

DefaultBootstrap.bootstrap();

帮助并解决了问题。