Examples with CTCertificateKeyEncryptor com.microsoft.schemas.office.x2006.keyEncryptor.certificate.CTCertificateKeyEncryptor used on opensource projects

Example 1 with CTCertificateKeyEncryptor

use of com.microsoft.schemas.office.x2006.keyEncryptor.certificate.CTCertificateKeyEncryptor in project poi by apache.

the class AgileEncryptor method createEncryptionDocument.

protected EncryptionDocument createEncryptionDocument() {
    AgileEncryptionVerifier ver = (AgileEncryptionVerifier) getEncryptionInfo().getVerifier();
    AgileEncryptionHeader header = (AgileEncryptionHeader) getEncryptionInfo().getHeader();
    EncryptionDocument ed = EncryptionDocument.Factory.newInstance();
    CTEncryption edRoot = ed.addNewEncryption();
    CTKeyData keyData = edRoot.addNewKeyData();
    CTKeyEncryptors keyEncList = edRoot.addNewKeyEncryptors();
    CTKeyEncryptor keyEnc = keyEncList.addNewKeyEncryptor();
    keyEnc.setUri(passwordUri);
    CTPasswordKeyEncryptor keyPass = keyEnc.addNewEncryptedPasswordKey();
    keyPass.setSpinCount(ver.getSpinCount());
    keyData.setSaltSize(header.getBlockSize());
    keyPass.setSaltSize(ver.getBlockSize());
    keyData.setBlockSize(header.getBlockSize());
    keyPass.setBlockSize(ver.getBlockSize());
    keyData.setKeyBits(header.getKeySize());
    keyPass.setKeyBits(ver.getKeySize());
    keyData.setHashSize(header.getHashAlgorithm().hashSize);
    keyPass.setHashSize(ver.getHashAlgorithm().hashSize);
    // header and verifier have to have the same cipher algorithm
    if (!header.getCipherAlgorithm().xmlId.equals(ver.getCipherAlgorithm().xmlId)) {
        throw new EncryptedDocumentException("Cipher algorithm of header and verifier have to match");
    }
    STCipherAlgorithm.Enum xmlCipherAlgo = STCipherAlgorithm.Enum.forString(header.getCipherAlgorithm().xmlId);
    if (xmlCipherAlgo == null) {
        throw new EncryptedDocumentException("CipherAlgorithm " + header.getCipherAlgorithm() + " not supported.");
    }
    keyData.setCipherAlgorithm(xmlCipherAlgo);
    keyPass.setCipherAlgorithm(xmlCipherAlgo);
    switch(header.getChainingMode()) {
        case cbc:
            keyData.setCipherChaining(STCipherChaining.CHAINING_MODE_CBC);
            keyPass.setCipherChaining(STCipherChaining.CHAINING_MODE_CBC);
            break;
        case cfb:
            keyData.setCipherChaining(STCipherChaining.CHAINING_MODE_CFB);
            keyPass.setCipherChaining(STCipherChaining.CHAINING_MODE_CFB);
            break;
        default:
            throw new EncryptedDocumentException("ChainingMode " + header.getChainingMode() + " not supported.");
    }
    keyData.setHashAlgorithm(mapHashAlgorithm(header.getHashAlgorithm()));
    keyPass.setHashAlgorithm(mapHashAlgorithm(ver.getHashAlgorithm()));
    keyData.setSaltValue(header.getKeySalt());
    keyPass.setSaltValue(ver.getSalt());
    keyPass.setEncryptedVerifierHashInput(ver.getEncryptedVerifier());
    keyPass.setEncryptedVerifierHashValue(ver.getEncryptedVerifierHash());
    keyPass.setEncryptedKeyValue(ver.getEncryptedKey());
    CTDataIntegrity hmacData = edRoot.addNewDataIntegrity();
    hmacData.setEncryptedHmacKey(header.getEncryptedHmacKey());
    hmacData.setEncryptedHmacValue(header.getEncryptedHmacValue());
    for (AgileCertificateEntry ace : ver.getCertificates()) {
        keyEnc = keyEncList.addNewKeyEncryptor();
        keyEnc.setUri(certificateUri);
        CTCertificateKeyEncryptor certData = keyEnc.addNewEncryptedCertificateKey();
        try {
            certData.setX509Certificate(ace.x509.getEncoded());
        } catch (CertificateEncodingException e) {
            throw new EncryptedDocumentException(e);
        }
        certData.setEncryptedKeyValue(ace.encryptedKey);
        certData.setCertVerifier(ace.certVerifier);
    }
    return ed;
}