解密从 IDP 发送的断言时出错
Error while decrypting assertion sent from IDP
我正在尝试解密 IDP 在工件解析中发送的加密断言。但是我得到一个错误:
17:01:55.734 [http-8443-2] ERROR o.o.x.e.Decrypter - Error decrypting the encrypted data element
org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size
at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1756) ~[xmlsec-1.5.4.jar:1.5.4]
at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:585) [xmltooling-1.4.0.jar:na]
at org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:774) [xmltooling-1.4.0.jar:na]
at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:524) [xmltooling-1.4.0.jar:na]
at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:442) [xmltooling-1.4.0.jar:na]
at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:403) [xmltooling-1.4.0.jar:na]
at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141) [opensaml-2.6.0.jar:na]
at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69) [opensaml-2.6.0.jar:na]
at opensamlbook.sp.ConsumerServlet.decryptAssertion(ConsumerServlet.java:119) [ConsumerServlet.class:na]
at opensamlbook.sp.ConsumerServlet.doGet(ConsumerServlet.java:85) [ConsumerServlet.class:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) [servlet-api.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) [servlet-api.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina.jar:6.0.44]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.44]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) [catalina.jar:6.0.44]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [catalina.jar:6.0.44]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563) [catalina.jar:6.0.44]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [catalina.jar:6.0.44]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) [catalina.jar:6.0.44]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [catalina.jar:6.0.44]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) [catalina.jar:6.0.44]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861) [tomcat-coyote.jar:6.0.44]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:620) [tomcat-coyote.jar:6.0.44]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) [tomcat-coyote.jar:6.0.44]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_55]
Caused by: java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1024) ~[na:1.7.0_51]
at javax.crypto.Cipher.init(Cipher.java:1345) ~[na:1.7.0_51]
at javax.crypto.Cipher.init(Cipher.java:1282) ~[na:1.7.0_51]
at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1754) ~[xmlsec-1.5.4.jar:1.5.4]
... 24 common frames omitted
17:01:55.734 [http-8443-2] ERROR o.o.x.e.Decrypter - Failed to decrypt EncryptedData using either EncryptedData KeyInfoCredentialResolver or EncryptedKeyResolver + EncryptedKey KeyInfoCredentialResolver
17:01:55.734 [http-8443-2] ERROR o.o.s.e.Decrypter - SAML Decrypter encountered an error decrypting element content
org.opensaml.xml.encryption.DecryptionException: Failed to decrypt EncryptedData
at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:535) ~[xmltooling-1.4.0.jar:na]
at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:442) ~[xmltooling-1.4.0.jar:na]
at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:403) ~[xmltooling-1.4.0.jar:na]
at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141) [opensaml-2.6.0.jar:na]
at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69) [opensaml-2.6.0.jar:na]
at opensamlbook.sp.ConsumerServlet.decryptAssertion(ConsumerServlet.java:119) [ConsumerServlet.class:na]
at opensamlbook.sp.ConsumerServlet.doGet(ConsumerServlet.java:85) [ConsumerServlet.class:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) [servlet-api.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) [servlet-api.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina.jar:6.0.44]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.44]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) [catalina.jar:6.0.44]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [catalina.jar:6.0.44]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563) [catalina.jar:6.0.44]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [catalina.jar:6.0.44]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) [catalina.jar:6.0.44]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [catalina.jar:6.0.44]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) [catalina.jar:6.0.44]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861) [tomcat-coyote.jar:6.0.44]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:620) [tomcat-coyote.jar:6.0.44]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) [tomcat-coyote.jar:6.0.44]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_55]
断言解密代码:
private Assertion decryptAssertion(EncryptedAssertion encryptedAssertion) {
StaticKeyInfoCredentialResolver keyInfoCredentialResolver = new StaticKeyInfoCredentialResolver(SPCredentials.getCredential());
Decrypter decrypter = new Decrypter(null, keyInfoCredentialResolver, new InlineEncryptedKeyResolver());
decrypter.setRootInNewDocument(true);
try {
return decrypter.decrypt(encryptedAssertion);
} catch (DecryptionException e) {
throw new RuntimeException(e);
}
}
我在以下行遇到错误:
return decrypter.decrypt(encryptedAssertion);
请大家帮我解决这个问题。过去 3 天我一直被这个错误困住。
发生这种情况是由于 Java 运行时环境的默认分发中的加密强度限制。
下载 Java 加密扩展 (JCE) 无限强度管辖政策文件 (for Java 7) (for Java 8)
解压缩 zip 存档并找到 local_policy.jar 和 US_export_policy.jar。
用下载的文件替换 $JAVA_HOME/jre{version_number}/lib/security/ 下这些文件的 JRE 版本。
重新启动 JRE 进程,如果有的话 运行。现在您可以使用更长的密钥了。
我正在尝试解密 IDP 在工件解析中发送的加密断言。但是我得到一个错误:
17:01:55.734 [http-8443-2] ERROR o.o.x.e.Decrypter - Error decrypting the encrypted data element
org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size
at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1756) ~[xmlsec-1.5.4.jar:1.5.4]
at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:585) [xmltooling-1.4.0.jar:na]
at org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:774) [xmltooling-1.4.0.jar:na]
at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:524) [xmltooling-1.4.0.jar:na]
at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:442) [xmltooling-1.4.0.jar:na]
at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:403) [xmltooling-1.4.0.jar:na]
at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141) [opensaml-2.6.0.jar:na]
at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69) [opensaml-2.6.0.jar:na]
at opensamlbook.sp.ConsumerServlet.decryptAssertion(ConsumerServlet.java:119) [ConsumerServlet.class:na]
at opensamlbook.sp.ConsumerServlet.doGet(ConsumerServlet.java:85) [ConsumerServlet.class:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) [servlet-api.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) [servlet-api.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina.jar:6.0.44]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.44]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) [catalina.jar:6.0.44]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [catalina.jar:6.0.44]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563) [catalina.jar:6.0.44]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [catalina.jar:6.0.44]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) [catalina.jar:6.0.44]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [catalina.jar:6.0.44]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) [catalina.jar:6.0.44]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861) [tomcat-coyote.jar:6.0.44]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:620) [tomcat-coyote.jar:6.0.44]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) [tomcat-coyote.jar:6.0.44]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_55]
Caused by: java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1024) ~[na:1.7.0_51]
at javax.crypto.Cipher.init(Cipher.java:1345) ~[na:1.7.0_51]
at javax.crypto.Cipher.init(Cipher.java:1282) ~[na:1.7.0_51]
at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1754) ~[xmlsec-1.5.4.jar:1.5.4]
... 24 common frames omitted
17:01:55.734 [http-8443-2] ERROR o.o.x.e.Decrypter - Failed to decrypt EncryptedData using either EncryptedData KeyInfoCredentialResolver or EncryptedKeyResolver + EncryptedKey KeyInfoCredentialResolver
17:01:55.734 [http-8443-2] ERROR o.o.s.e.Decrypter - SAML Decrypter encountered an error decrypting element content
org.opensaml.xml.encryption.DecryptionException: Failed to decrypt EncryptedData
at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:535) ~[xmltooling-1.4.0.jar:na]
at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:442) ~[xmltooling-1.4.0.jar:na]
at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:403) ~[xmltooling-1.4.0.jar:na]
at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141) [opensaml-2.6.0.jar:na]
at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69) [opensaml-2.6.0.jar:na]
at opensamlbook.sp.ConsumerServlet.decryptAssertion(ConsumerServlet.java:119) [ConsumerServlet.class:na]
at opensamlbook.sp.ConsumerServlet.doGet(ConsumerServlet.java:85) [ConsumerServlet.class:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) [servlet-api.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) [servlet-api.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina.jar:6.0.44]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.44]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) [catalina.jar:6.0.44]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [catalina.jar:6.0.44]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563) [catalina.jar:6.0.44]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [catalina.jar:6.0.44]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) [catalina.jar:6.0.44]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [catalina.jar:6.0.44]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) [catalina.jar:6.0.44]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861) [tomcat-coyote.jar:6.0.44]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:620) [tomcat-coyote.jar:6.0.44]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) [tomcat-coyote.jar:6.0.44]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_55]
断言解密代码:
private Assertion decryptAssertion(EncryptedAssertion encryptedAssertion) {
StaticKeyInfoCredentialResolver keyInfoCredentialResolver = new StaticKeyInfoCredentialResolver(SPCredentials.getCredential());
Decrypter decrypter = new Decrypter(null, keyInfoCredentialResolver, new InlineEncryptedKeyResolver());
decrypter.setRootInNewDocument(true);
try {
return decrypter.decrypt(encryptedAssertion);
} catch (DecryptionException e) {
throw new RuntimeException(e);
}
}
我在以下行遇到错误:
return decrypter.decrypt(encryptedAssertion);
请大家帮我解决这个问题。过去 3 天我一直被这个错误困住。
发生这种情况是由于 Java 运行时环境的默认分发中的加密强度限制。
下载 Java 加密扩展 (JCE) 无限强度管辖政策文件 (for Java 7) (for Java 8)
解压缩 zip 存档并找到
local_policy.jar和US_export_policy.jar。用下载的文件替换 $JAVA_HOME/jre{version_number}/lib/security/ 下这些文件的 JRE 版本。
重新启动 JRE 进程,如果有的话 运行。现在您可以使用更长的密钥了。