解密从IDP发送的断言时出错

时间:2015-08-13 11:37:38

标签: java encryption rsa

我正在尝试解密IDP在工件解析中发送的加密断言。但我得到一个错误:

17:01:55.734 [http-8443-2] ERROR o.o.x.e.Decrypter - Error decrypting the encrypted data element
org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size
    at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1756) ~[xmlsec-1.5.4.jar:1.5.4]
    at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:585) [xmltooling-1.4.0.jar:na]
    at org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:774) [xmltooling-1.4.0.jar:na]
    at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:524) [xmltooling-1.4.0.jar:na]
    at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:442) [xmltooling-1.4.0.jar:na]
    at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:403) [xmltooling-1.4.0.jar:na]
    at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141) [opensaml-2.6.0.jar:na]
    at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69) [opensaml-2.6.0.jar:na]
    at opensamlbook.sp.ConsumerServlet.decryptAssertion(ConsumerServlet.java:119) [ConsumerServlet.class:na]
    at opensamlbook.sp.ConsumerServlet.doGet(ConsumerServlet.java:85) [ConsumerServlet.class:na]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) [servlet-api.jar:na]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) [servlet-api.jar:na]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina.jar:6.0.44]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.44]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) [catalina.jar:6.0.44]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [catalina.jar:6.0.44]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563) [catalina.jar:6.0.44]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [catalina.jar:6.0.44]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) [catalina.jar:6.0.44]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [catalina.jar:6.0.44]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) [catalina.jar:6.0.44]
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861) [tomcat-coyote.jar:6.0.44]
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:620) [tomcat-coyote.jar:6.0.44]
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) [tomcat-coyote.jar:6.0.44]
    at java.lang.Thread.run(Thread.java:745) [na:1.7.0_55]
Caused by: java.security.InvalidKeyException: Illegal key size
    at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1024) ~[na:1.7.0_51]
    at javax.crypto.Cipher.init(Cipher.java:1345) ~[na:1.7.0_51]
    at javax.crypto.Cipher.init(Cipher.java:1282) ~[na:1.7.0_51]
    at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1754) ~[xmlsec-1.5.4.jar:1.5.4]
    ... 24 common frames omitted
17:01:55.734 [http-8443-2] ERROR o.o.x.e.Decrypter - Failed to decrypt EncryptedData using either EncryptedData KeyInfoCredentialResolver or EncryptedKeyResolver + EncryptedKey KeyInfoCredentialResolver
17:01:55.734 [http-8443-2] ERROR o.o.s.e.Decrypter - SAML Decrypter encountered an error decrypting element content
org.opensaml.xml.encryption.DecryptionException: Failed to decrypt EncryptedData
    at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:535) ~[xmltooling-1.4.0.jar:na]
    at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:442) ~[xmltooling-1.4.0.jar:na]
    at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:403) ~[xmltooling-1.4.0.jar:na]
    at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141) [opensaml-2.6.0.jar:na]
    at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69) [opensaml-2.6.0.jar:na]
    at opensamlbook.sp.ConsumerServlet.decryptAssertion(ConsumerServlet.java:119) [ConsumerServlet.class:na]
    at opensamlbook.sp.ConsumerServlet.doGet(ConsumerServlet.java:85) [ConsumerServlet.class:na]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) [servlet-api.jar:na]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) [servlet-api.jar:na]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina.jar:6.0.44]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.44]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) [catalina.jar:6.0.44]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [catalina.jar:6.0.44]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563) [catalina.jar:6.0.44]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [catalina.jar:6.0.44]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) [catalina.jar:6.0.44]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [catalina.jar:6.0.44]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) [catalina.jar:6.0.44]
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861) [tomcat-coyote.jar:6.0.44]
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:620) [tomcat-coyote.jar:6.0.44]
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) [tomcat-coyote.jar:6.0.44]
    at java.lang.Thread.run(Thread.java:745) [na:1.7.0_55]

解密断言代码:

private Assertion decryptAssertion(EncryptedAssertion encryptedAssertion) {
        StaticKeyInfoCredentialResolver keyInfoCredentialResolver = new StaticKeyInfoCredentialResolver(SPCredentials.getCredential());
        Decrypter decrypter = new Decrypter(null, keyInfoCredentialResolver, new InlineEncryptedKeyResolver());
        decrypter.setRootInNewDocument(true);
        try {
            return decrypter.decrypt(encryptedAssertion);
        } catch (DecryptionException e) {
            throw new RuntimeException(e);
        }
    }

我收到了错误:

 return decrypter.decrypt(encryptedAssertion);

伙计们,请帮我解决这个问题。这个错误让我在过去3天内陷入困境。

1 个答案:

答案 0 :(得分:10)

这是由于Java Runtime Environment的默认分发中的加密强度限制而发生的。

  1. 下载Java密码术扩展(JCE)无限强度管辖权政策文件(for Java 7)(for Java 8

  2. 解压zip档案并找到local_policy.jarUS_export_policy.jar

  3. 将$ JAVA_HOME / jre {version_number} / lib / security /下的这些文件的JRE版本替换为已下载的文件。

  4. 重新启动JRE进程(如果有)。现在你可以使用更长的键。

相关问题
最新问题