Example 1 with KeyInfo
use of com.sun.org.apache.xml.internal.security.keys.KeyInfo in project jdk8u_jdk by JetBrains.
the class XMLSignature method getKeyInfo.
/**
* Returns the KeyInfo child. If we are in signing mode and the KeyInfo
* does not exist yet, it is created on demand and added to the Signature.
* <br>
* This allows to add arbitrary content to the KeyInfo during signing.
*
* @return the KeyInfo object
*/
public KeyInfo getKeyInfo() {
// check to see if we are signing and if we have to create a keyinfo
if (this.state == MODE_SIGN && this.keyInfo == null) {
// create the KeyInfo
this.keyInfo = new KeyInfo(this.doc);
// get the Element from KeyInfo
Element keyInfoElement = this.keyInfo.getElement();
Element firstObject = XMLUtils.selectDsNode(this.constructionElement.getFirstChild(), Constants._TAG_OBJECT, 0);
if (firstObject != null) {
// add it before the object
this.constructionElement.insertBefore(keyInfoElement, firstObject);
XMLUtils.addReturnBeforeChild(this.constructionElement, firstObject);
} else {
// add it as the last element to the signature
this.constructionElement.appendChild(keyInfoElement);
XMLUtils.addReturnToElement(this.constructionElement);
}
}
return this.keyInfo;
}Example 2 with KeyInfo
use of com.sun.org.apache.xml.internal.security.keys.KeyInfo in project jdk8u_jdk by JetBrains.
the class XMLCipher method decryptToByteArray.
/**
* Decrypt an EncryptedData element to a byte array.
*
* When passed in an EncryptedData node, returns the decryption
* as a byte array.
*
* Does not modify the source document.
* @param element
* @return the bytes resulting from the decryption
* @throws XMLEncryptionException
*/
public byte[] decryptToByteArray(Element element) throws XMLEncryptionException {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Decrypting to ByteArray...");
}
if (cipherMode != DECRYPT_MODE) {
log.log(java.util.logging.Level.SEVERE, "XMLCipher unexpectedly not in DECRYPT_MODE...");
}
EncryptedData encryptedData = factory.newEncryptedData(element);
if (key == null) {
KeyInfo ki = encryptedData.getKeyInfo();
if (ki != null) {
try {
// Add an EncryptedKey resolver
String encMethodAlgorithm = encryptedData.getEncryptionMethod().getAlgorithm();
EncryptedKeyResolver resolver = new EncryptedKeyResolver(encMethodAlgorithm, kek);
if (internalKeyResolvers != null) {
int size = internalKeyResolvers.size();
for (int i = 0; i < size; i++) {
resolver.registerInternalKeyResolver(internalKeyResolvers.get(i));
}
}
ki.registerInternalKeyResolver(resolver);
ki.setSecureValidation(secureValidation);
key = ki.getSecretKey();
} catch (KeyResolverException kre) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, kre.getMessage(), kre);
}
}
}
if (key == null) {
log.log(java.util.logging.Level.SEVERE, "XMLCipher::decryptElement called without a key and unable to resolve");
throw new XMLEncryptionException("encryption.nokey");
}
}
// Obtain the encrypted octets
XMLCipherInput cipherInput = new XMLCipherInput(encryptedData);
cipherInput.setSecureValidation(secureValidation);
byte[] encryptedBytes = cipherInput.getBytes();
// Now create the working cipher
String jceAlgorithm = JCEMapper.translateURItoJCEID(encryptedData.getEncryptionMethod().getAlgorithm());
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "JCE Algorithm = " + jceAlgorithm);
}
Cipher c;
try {
if (requestedJCEProvider == null) {
c = Cipher.getInstance(jceAlgorithm);
} else {
c = Cipher.getInstance(jceAlgorithm, requestedJCEProvider);
}
} catch (NoSuchAlgorithmException nsae) {
throw new XMLEncryptionException("empty", nsae);
} catch (NoSuchProviderException nspre) {
throw new XMLEncryptionException("empty", nspre);
} catch (NoSuchPaddingException nspae) {
throw new XMLEncryptionException("empty", nspae);
}
// Calculate the IV length and copy out
// For now, we only work with Block ciphers, so this will work.
// This should probably be put into the JCE mapper.
int ivLen = c.getBlockSize();
String alg = encryptedData.getEncryptionMethod().getAlgorithm();
if (AES_128_GCM.equals(alg) || AES_192_GCM.equals(alg) || AES_256_GCM.equals(alg)) {
ivLen = 12;
}
byte[] ivBytes = new byte[ivLen];
// You may be able to pass the entire piece in to IvParameterSpec
// and it will only take the first x bytes, but no way to be certain
// that this will work for every JCE provider, so lets copy the
// necessary bytes into a dedicated array.
System.arraycopy(encryptedBytes, 0, ivBytes, 0, ivLen);
IvParameterSpec iv = new IvParameterSpec(ivBytes);
try {
c.init(cipherMode, key, iv);
} catch (InvalidKeyException ike) {
throw new XMLEncryptionException("empty", ike);
} catch (InvalidAlgorithmParameterException iape) {
throw new XMLEncryptionException("empty", iape);
}
try {
return c.doFinal(encryptedBytes, ivLen, encryptedBytes.length - ivLen);
} catch (IllegalBlockSizeException ibse) {
throw new XMLEncryptionException("empty", ibse);
} catch (BadPaddingException bpe) {
throw new XMLEncryptionException("empty", bpe);
}
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
BadPaddingException(javax.crypto.BadPaddingException)
InvalidKeyException(java.security.InvalidKeyException)
KeyInfo(com.sun.org.apache.xml.internal.security.keys.KeyInfo)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
NoSuchProviderException(java.security.NoSuchProviderException)
EncryptedKeyResolver(com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.EncryptedKeyResolver)
Example 3 with KeyInfo
use of com.sun.org.apache.xml.internal.security.keys.KeyInfo in project jdk8u_jdk by JetBrains.
the class XMLCipher method decryptKey.
/**
* Decrypt a key from a passed in EncryptedKey structure
*
* @param encryptedKey Previously loaded EncryptedKey that needs
* to be decrypted.
* @param algorithm Algorithm for the decryption
* @return a key corresponding to the given type
* @throws XMLEncryptionException
*/
public Key decryptKey(EncryptedKey encryptedKey, String algorithm) throws XMLEncryptionException {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Decrypting key from previously loaded EncryptedKey...");
}
if (cipherMode != UNWRAP_MODE && log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in UNWRAP_MODE...");
}
if (algorithm == null) {
throw new XMLEncryptionException("Cannot decrypt a key without knowing the algorithm");
}
if (key == null) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Trying to find a KEK via key resolvers");
}
KeyInfo ki = encryptedKey.getKeyInfo();
if (ki != null) {
ki.setSecureValidation(secureValidation);
try {
String keyWrapAlg = encryptedKey.getEncryptionMethod().getAlgorithm();
String keyType = JCEMapper.getJCEKeyAlgorithmFromURI(keyWrapAlg);
if ("RSA".equals(keyType)) {
key = ki.getPrivateKey();
} else {
key = ki.getSecretKey();
}
} catch (Exception e) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, e.getMessage(), e);
}
}
}
if (key == null) {
log.log(java.util.logging.Level.SEVERE, "XMLCipher::decryptKey called without a KEK and cannot resolve");
throw new XMLEncryptionException("Unable to decrypt without a KEK");
}
}
// Obtain the encrypted octets
XMLCipherInput cipherInput = new XMLCipherInput(encryptedKey);
cipherInput.setSecureValidation(secureValidation);
byte[] encryptedBytes = cipherInput.getBytes();
String jceKeyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(algorithm);
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "JCE Key Algorithm: " + jceKeyAlgorithm);
}
Cipher c;
if (contextCipher == null) {
// Now create the working cipher
c = constructCipher(encryptedKey.getEncryptionMethod().getAlgorithm(), encryptedKey.getEncryptionMethod().getDigestAlgorithm());
} else {
c = contextCipher;
}
Key ret;
try {
EncryptionMethod encMethod = encryptedKey.getEncryptionMethod();
OAEPParameterSpec oaepParameters = constructOAEPParameters(encMethod.getAlgorithm(), encMethod.getDigestAlgorithm(), encMethod.getMGFAlgorithm(), encMethod.getOAEPparams());
if (oaepParameters == null) {
c.init(Cipher.UNWRAP_MODE, key);
} else {
c.init(Cipher.UNWRAP_MODE, key, oaepParameters);
}
ret = c.unwrap(encryptedBytes, jceKeyAlgorithm, Cipher.SECRET_KEY);
} catch (InvalidKeyException ike) {
throw new XMLEncryptionException("empty", ike);
} catch (NoSuchAlgorithmException nsae) {
throw new XMLEncryptionException("empty", nsae);
} catch (InvalidAlgorithmParameterException e) {
throw new XMLEncryptionException("empty", e);
}
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Decryption of key type " + algorithm + " OK");
}
return ret;
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
URISyntaxException(java.net.URISyntaxException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
Base64DecodingException(com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
InvalidCanonicalizerException(com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException)
InvalidTransformException(com.sun.org.apache.xml.internal.security.transforms.InvalidTransformException)
XMLSignatureException(com.sun.org.apache.xml.internal.security.signature.XMLSignatureException)
BadPaddingException(javax.crypto.BadPaddingException)
KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
TransformationException(com.sun.org.apache.xml.internal.security.transforms.TransformationException)
XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
NoSuchProviderException(java.security.NoSuchProviderException)
OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)
KeyInfo(com.sun.org.apache.xml.internal.security.keys.KeyInfo)
Cipher(javax.crypto.Cipher)
Key(java.security.Key)
Example 4 with KeyInfo
use of com.sun.org.apache.xml.internal.security.keys.KeyInfo in project jdk8u_jdk by JetBrains.
the class KeyInfoReferenceResolver method resolveReferentKeyInfo.
/**
* Resolve the KeyInfoReference Element's URI attribute into a KeyInfo instance.
*
* @param element
* @param baseURI
* @param storage
* @return the KeyInfo which is referred to by this KeyInfoReference, or null if can not be resolved
* @throws XMLSecurityException
*/
private KeyInfo resolveReferentKeyInfo(Element element, String baseURI, StorageResolver storage) throws XMLSecurityException {
KeyInfoReference reference = new KeyInfoReference(element, baseURI);
Attr uriAttr = reference.getURIAttr();
XMLSignatureInput resource = resolveInput(uriAttr, baseURI, secureValidation);
Element referentElement = null;
try {
referentElement = obtainReferenceElement(resource);
} catch (Exception e) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "XMLSecurityException", e);
}
return null;
}
if (referentElement == null) {
log.log(java.util.logging.Level.FINE, "De-reference of KeyInfoReference URI returned null: " + uriAttr.getValue());
return null;
}
validateReference(referentElement);
KeyInfo referent = new KeyInfo(referentElement, baseURI);
referent.addStorageResolver(storage);
return referent;
}
Also used :
KeyInfo(com.sun.org.apache.xml.internal.security.keys.KeyInfo)
Element(org.w3c.dom.Element)
KeyInfoReference(com.sun.org.apache.xml.internal.security.keys.content.KeyInfoReference)
XMLSignatureInput(com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput)
Attr(org.w3c.dom.Attr)
IOException(java.io.IOException)
CanonicalizationException(com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException)
KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
SAXException(org.xml.sax.SAXException)
XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)
Aggregations
KeyInfo (com.sun.org.apache.xml.internal.security.keys.KeyInfo)4
KeyResolverException (com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)3
XMLSecurityException (com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)2
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)2
InvalidKeyException (java.security.InvalidKeyException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
NoSuchProviderException (java.security.NoSuchProviderException)2
BadPaddingException (javax.crypto.BadPaddingException)2
Cipher (javax.crypto.Cipher)2
IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)2
NoSuchPaddingException (javax.crypto.NoSuchPaddingException)2
Element (org.w3c.dom.Element)2
CanonicalizationException (com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException)1
InvalidCanonicalizerException (com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException)1
Base64DecodingException (com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException)1
KeyInfoReference (com.sun.org.apache.xml.internal.security.keys.content.KeyInfoReference)1
EncryptedKeyResolver (com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.EncryptedKeyResolver)1
XMLSignatureException (com.sun.org.apache.xml.internal.security.signature.XMLSignatureException)1
XMLSignatureInput (com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput)1
InvalidTransformException (com.sun.org.apache.xml.internal.security.transforms.InvalidTransformException)1
