Code to encrypt assertions
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Wed, 14 Nov 2007 19:16:06 +0000 (19:16 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Wed, 14 Nov 2007 19:16:06 +0000 (19:16 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2469 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java

index 7448e61..18c445b 100644 (file)
@@ -217,12 +217,30 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
         Response samlResponse = responseBuilder.buildObject();
         samlResponse.setIssueInstant(issueInstant);
         populateStatusResponse(requestContext, samlResponse);
         Response samlResponse = responseBuilder.buildObject();
         samlResponse.setIssueInstant(issueInstant);
         populateStatusResponse(requestContext, samlResponse);
-
-        samlResponse.getAssertions().add(assertion);
-
+        
         // sign the assertion if it should be signed
         signAssertion(requestContext, assertion);
 
         // sign the assertion if it should be signed
         signAssertion(requestContext, assertion);
 
+        if(requestContext.getProfileConfiguration().getEncryptAssertion()){
+            log.debug("Attempting to encrypt assertion to relying party {}", requestContext.getInboundMessageIssuer());
+            try {
+                Encrypter encrypter = getEncrypter(requestContext.getInboundMessageIssuer());
+                samlResponse.getEncryptedAssertions().add(encrypter.encrypt(assertion));
+            } catch (SecurityException e) {
+                log.error("Unable to construct encrypter", e);
+                requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
+                        "Unable to encrypt assertion"));
+                throw new ProfileException("Unable to construct encrypter", e);
+            } catch (EncryptionException e) {
+                log.error("Unable to encrypt assertion", e);
+                requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
+                        "Unable to encrypt assertion"));
+                throw new ProfileException("Unable to encrypt assertion", e);
+            }
+        }else{
+            samlResponse.getAssertions().add(assertion);
+        }
+
         Status status = buildStatus(StatusCode.SUCCESS_URI, null, null);
         samlResponse.setStatus(status);
 
         Status status = buildStatus(StatusCode.SUCCESS_URI, null, null);
         samlResponse.setStatus(status);