]> git.aero2k.de Git - tmp/jakarta-migration.git/commitdiff
projects / tmp / jakarta-migration.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 90a62ce)
Add decryption-x509-credentials to SAML relying party config.
authorRay Lee <ray.lee@lyrasis.org>
Fri, 17 Nov 2023 20:01:47 +0000 (15:01 -0500)
committerRay Lee <ray.lee@lyrasis.org>
Fri, 17 Nov 2023 20:01:47 +0000 (15:01 -0500)
services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java patch | blob | history
services/config/src/main/resources/service-config.xsd patch | blob | history

diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java
index 46ac92944871366cc1e04b431929c3e05704f1e9..d2858b44df3e293f0a663dcb2b05cec1b7dac982 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java
@@ -923,6 +923,22 @@ public class SecurityConfig {
                                        });
                                }
 
+                               if (relyingPartyConfig.getDecryptionX509Credentials() != null) {
+                                       registrationBuilder.decryptionX509Credentials(new Consumer<Collection<Saml2X509Credential>>() {
+                                               @Override
+                                               public void accept(Collection<Saml2X509Credential> credentials) {
+                                                       for (X509CredentialType credentialConfig : relyingPartyConfig.getDecryptionX509Credentials().getX509Credential()) {
+                                                               PrivateKey privateKey = privateKeyFromUrl(credentialConfig.getPrivateKey().getLocation());
+                                                               X509Certificate certificate = certificateFromConfig(credentialConfig.getX509Certificate());
+
+                                                               if (certificate != null) {
+                                                                       credentials.add(Saml2X509Credential.decryption(privateKey, certificate));
+                                                               }
+                                                       }
+                                               }
+                                       });
+                               }
+
                                registrations.add(registrationBuilder.build());
                        }
                }
diff --git a/services/config/src/main/resources/service-config.xsd b/services/config/src/main/resources/service-config.xsd
index 9598ba0fdc560848d44900b3200b85f9aefa01f1..7161e0c012a90bc08030c95568ee3e9d97dbfe0c 100644 (file)
--- a/services/config/src/main/resources/service-config.xsd
+++ b/services/config/src/main/resources/service-config.xsd
@@ -261,6 +261,15 @@
                 </xs:annotation>
             </xs:element>
 
+            <xs:element name="decryption-x509-credentials" type="X509CredentialsType" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>
+                        The credentials used to encrypt/decrypt responses from the IdP. Required if
+                        the IdP requires assertions to be signed.
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
+
             <xs:element name="assertion-username-probes" type="AssertionProbesType" minOccurs="0" maxOccurs="1">
                 <xs:annotation>
                     <xs:documentation>