From: Ray Lee Date: Fri, 17 Nov 2023 20:01:47 +0000 (-0500) Subject: Add decryption-x509-credentials to SAML relying party config. X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=499350065f6b24f1c083d4ea518a83e0ea02017d;p=tmp%2Fjakarta-migration.git Add decryption-x509-credentials to SAML relying party config. --- diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java index 46ac92944..d2858b44d 100644 --- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java +++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java @@ -923,6 +923,22 @@ public class SecurityConfig { }); } + if (relyingPartyConfig.getDecryptionX509Credentials() != null) { + registrationBuilder.decryptionX509Credentials(new Consumer>() { + @Override + public void accept(Collection credentials) { + for (X509CredentialType credentialConfig : relyingPartyConfig.getDecryptionX509Credentials().getX509Credential()) { + PrivateKey privateKey = privateKeyFromUrl(credentialConfig.getPrivateKey().getLocation()); + X509Certificate certificate = certificateFromConfig(credentialConfig.getX509Certificate()); + + if (certificate != null) { + credentials.add(Saml2X509Credential.decryption(privateKey, certificate)); + } + } + } + }); + } + registrations.add(registrationBuilder.build()); } } diff --git a/services/config/src/main/resources/service-config.xsd b/services/config/src/main/resources/service-config.xsd index 9598ba0fd..7161e0c01 100644 --- a/services/config/src/main/resources/service-config.xsd +++ b/services/config/src/main/resources/service-config.xsd @@ -261,6 +261,15 @@ + + + + The credentials used to encrypt/decrypt responses from the IdP. Required if + the IdP requires assertions to be signed. + + + +