java解密SAML2断言
我需要解密和验证以下SAML响应
<saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-13b5261b-6429-4fc6-9df4-00ba4c956df4" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey Id="EK-cde830f3-5741-440c-a6a3-03d7fc29bec7">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=Foo,OU=Ba,O=Foobaa,C=AU
</ds:X509IssuerName>
<ds:X509SerialNumber>161...39233</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
OrjesuK...lOQ==
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
RHkpDrgRX0AJprMr...k62Q==
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</saml:EncryptedAssertion>
我可以访问加密中使用的公钥和私钥,目前我正在尝试使用以下代码对其进行解密:
// Given here a EncryptedAssertion type populated from the above xml
// Open and initialise the Keystore
KeyStore ks = KeyStore.getInstance("PKCS12");
try (FileInputStream fileInputStream = new FileInputStream("keystoreUrl")) {
ks.load(fileInputStream, config.getBAMKeystorePassword().toCharArray());
}
PrivateKey certificate= (PrivateKey) ks.getKey("privateKeyAlias", null);
// Decrypt the encrypted assertion
BasicX509Credential cred = new BasicX509Credential();
cred.setPrivateKey(certificate);
StaticKeyInfoCredentialResolver resolver = new StaticKeyInfoCredentialResolver(cred);
Decrypter decrypter = new Decrypter(resolver, resolver, new InlineEncryptedKeyResolver());
decrypter.setRootInNewDocument(true);
Assertion decrypted = decrypter.decrypt(encryptedAssertion);
但是,以下情况除外:
java.lang.IllegalArgumentException: Data decryption key may not be null
我尝试了几种不同的组合加载密钥,但找不到错误。有人能帮我进步吗
共 (0) 个答案