package org.pac4j.saml.crypto;
import org.opensaml.saml.saml2.encryption.Decrypter;
import org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
import org.opensaml.security.credential.Credential;
import org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.EncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
import java.util.ArrayList;
import java.util.List;
/**
* Provider returning well configured decrypter instances.
*
* @author Michael Remond
* @since 1.5.0
*/
public class KeyStoreDecryptionProvider implements DecryptionProvider {
private static final ChainingEncryptedKeyResolver encryptedKeyResolver;
private final CredentialProvider credentialProvider;
static {
final List<EncryptedKeyResolver> list = new ArrayList<EncryptedKeyResolver>();
list.add(new InlineEncryptedKeyResolver());
list.add(new EncryptedElementTypeEncryptedKeyResolver());
list.add(new SimpleRetrievalMethodEncryptedKeyResolver());
encryptedKeyResolver = new ChainingEncryptedKeyResolver(list);
}
public KeyStoreDecryptionProvider(final CredentialProvider credentialProvider) {
this.credentialProvider = credentialProvider;
}
@Override
public final Decrypter build() {
final Credential encryptionCredential = this.credentialProvider.getCredential();
final KeyInfoCredentialResolver resolver = new StaticKeyInfoCredentialResolver(encryptionCredential);
final Decrypter decrypter = new Decrypter(null, resolver, encryptedKeyResolver);
decrypter.setRootInNewDocument(true);
return decrypter;
}
}