a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: EncryptedNameIdentifier.java,v 1.4 2008/06/25 05:46:46 qcheng Exp $
f948ca04a28ccfeed9633bf4b0fb0d2c59c37478David Luna * Portions Copyrighted 2014 ForgeRock AS
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.federation.message.common;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.IFSConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.NameIdentifier;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLException;
f948ca04a28ccfeed9633bf4b0fb0d2c59c37478David Lunaimport com.sun.identity.xmlenc.EncryptionException;
f948ca04a28ccfeed9633bf4b0fb0d2c59c37478David Lunaimport com.sun.identity.xmlenc.XMLEncryptionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This class <code>EncryptedNameIdentifier</code> represents a
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>EncryptableNameIdentifier</code> in an encrypted form.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.all.api
f948ca04a28ccfeed9633bf4b0fb0d2c59c37478David Luna * @deprecated since 12.0.0
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the encryptable XML document element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param eni the <code>EncrytableNameIdentifier</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>EncryptedNameIdentifier</code> XML Document.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static Document getEncryptableDocument(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String NS = IFSConstants.LIB_12_NAMESPACE_STRING;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xml.append("<").append(appendNS).append("EncryptedNameIdentifier")
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append(" ").append(NS).append(">").append(eni.toString())
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append("EncryptedNameIdentifier").append(">");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("EncryptedNameIdentifier.getEncryptable" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return XMLUtils.toDOMDocument(xml.toString(), FSUtils.debug);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the <code>EncryptedNameIdentifier</code> for a given name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * identifier and the provider ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param ni the <code>NameIdentifier</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param providerID the remote provider identifier.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>NameIdentifier</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSException on error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static NameIdentifier getEncryptedNameIdentifier(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster NameIdentifier ni, String realm, String providerID)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("EncryptedNameIdentifier.construct: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "nullInputParameter");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSException("nullInputParameter", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster providerDesc = metaManager.getSPDescriptor(realm, providerID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("EncryptedNameIdentifier.construct: Could" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "not retrieve the meta for provider" + providerID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EncInfo encInfo = KeyUtil.getEncInfo(providerDesc, providerID, false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return getEncryptedNameIdentifier(ni, providerID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster encInfo.getWrappingKey(), encInfo.getDataEncAlgorithm(),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Gets then Encrypted NameIdentifier for a given name identifier
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * and the provider ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param ni NameIdentifier.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param providerID Remote Provider ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param enckey Key Encryption Key
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param dataEncAlgorithm Data encryption algorithm
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param dataEncStrength Data encryption key size
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return NameIdentifier EncryptedNameIdentifier.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception FSException for failure.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static NameIdentifier getEncryptedNameIdentifier(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster NameIdentifier ni, String providerID, Key enckey,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String dataEncAlgorithm, int dataEncStrength) throws FSException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("EncryptedNameIdentifier.construct: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "nullInputParameter");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSException("nullInputParameter", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EncryptableNameIdentifier eni = new EncryptableNameIdentifier(ni);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Document encryptableDoc = getEncryptableDocument(eni);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Element encryptElement = (Element)encryptableDoc.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getElementsByTagNameNS(IFSConstants.FF_12_XML_NS,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XMLEncryptionManager manager = XMLEncryptionManager.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster 0, // TODO: should we pick it up from extended meta?
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("EncryptedNameIdentifier.construct: Unable" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSException("EncryptionFailed", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return new NameIdentifier(encodedStr, ni.getNameQualifier(),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the decrypted <code>NameIdentifier</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param encNI the <code>EncryptedNameIdentifier</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param providerID the Hosted Provider Identifer.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>NameIdentifier</code> object,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the decrypted <code>NameIdentifier</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSException on error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static NameIdentifier getDecryptedNameIdentifier(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster NameIdentifier encNI, String realm, String providerID)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("EncryptedNameIdentifier.getDecryptedName" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Identifier: null values");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSException("nullInputParameter", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("EncryptedNameIdentifier.getDecryptedName" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("EncryptedNameIdentifier.getDecryptedName" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Identifier: Unable to find provider " + providerID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSException("noProviderFound", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Gets the decrypted NameIdentifier.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param encNI EncryptedNameIdentifier.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param decKey decryption key.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return NameIdentifier Decrypted NameIdentifier.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception FSException for failures
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static NameIdentifier getDecryptedNameIdentifier(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster NameIdentifier encNI, PrivateKey decKey) throws FSException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String decodeStr = SAMLUtils.byteArrayToString(Base64.decode(name));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XMLUtils.toDOMDocument(decodeStr, FSUtils.debug);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XMLEncryptionManager manager = XMLEncryptionManager.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Document doc = manager.decryptAndReplace(encryptedDoc, decKey);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Element element = (Element)doc.getElementsByTagNameNS(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return new NameIdentifier(eni.getName(), eni.getNameQualifier(),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("EncryptedNameIdentifier.getDecryptedName" +