Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

java解密SAML2断言

1 年,4 月 Questions & Answers

我需要解密和验证以下SAML响应

<saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
    <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-13b5261b-6429-4fc6-9df4-00ba4c956df4" Type="http://www.w3.org/2001/04/xmlenc#Element">
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <xenc:EncryptedKey Id="EK-cde830f3-5741-440c-a6a3-03d7fc29bec7">
                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                </xenc:EncryptionMethod>
                <ds:KeyInfo>
                    <wsse:SecurityTokenReference
                            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                        <ds:X509Data>
                            <ds:X509IssuerSerial>
                                <ds:X509IssuerName>CN=Foo,OU=Ba,O=Foobaa,C=AU
                                </ds:X509IssuerName>
                                <ds:X509SerialNumber>161...39233</ds:X509SerialNumber>
                            </ds:X509IssuerSerial>
                        </ds:X509Data>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
                <xenc:CipherData>
                    <xenc:CipherValue>
                        OrjesuK...lOQ==
                    </xenc:CipherValue>
                </xenc:CipherData>
            </xenc:EncryptedKey>
        </ds:KeyInfo>
        <xenc:CipherData>
            <xenc:CipherValue>
                RHkpDrgRX0AJprMr...k62Q==
            </xenc:CipherValue>
        </xenc:CipherData>
    </xenc:EncryptedData>
</saml:EncryptedAssertion>

我可以访问加密中使用的公钥和私钥,目前我正在尝试使用以下代码对其进行解密:

// Given here a EncryptedAssertion type populated from the above xml

// Open and initialise the Keystore
KeyStore ks = KeyStore.getInstance("PKCS12");
try (FileInputStream fileInputStream = new FileInputStream("keystoreUrl")) {
    ks.load(fileInputStream, config.getBAMKeystorePassword().toCharArray());
}
PrivateKey certificate= (PrivateKey) ks.getKey("privateKeyAlias", null);

// Decrypt the encrypted assertion
BasicX509Credential cred = new BasicX509Credential();
cred.setPrivateKey(certificate);
StaticKeyInfoCredentialResolver resolver = new StaticKeyInfoCredentialResolver(cred);
Decrypter decrypter = new Decrypter(resolver, resolver, new InlineEncryptedKeyResolver());
decrypter.setRootInNewDocument(true);
Assertion decrypted = decrypter.decrypt(encryptedAssertion);

但是,以下情况除外:

java.lang.IllegalArgumentException: Data decryption key may not be null

我尝试了几种不同的组合加载密钥,但找不到错误。有人能帮我进步吗


共 (0) 个答案