Search in sources :

Example 1 with KeyInfo

use of com.sun.org.apache.xml.internal.security.keys.KeyInfo in project jdk8u_jdk by JetBrains.

the class XMLSignature method getKeyInfo.

/**
     * Returns the KeyInfo child. If we are in signing mode and the KeyInfo
     * does not exist yet, it is created on demand and added to the Signature.
     * <br>
     * This allows to add arbitrary content to the KeyInfo during signing.
     *
     * @return the KeyInfo object
     */
public KeyInfo getKeyInfo() {
    // check to see if we are signing and if we have to create a keyinfo
    if (this.state == MODE_SIGN && this.keyInfo == null) {
        // create the KeyInfo
        this.keyInfo = new KeyInfo(this.doc);
        // get the Element from KeyInfo
        Element keyInfoElement = this.keyInfo.getElement();
        Element firstObject = XMLUtils.selectDsNode(this.constructionElement.getFirstChild(), Constants._TAG_OBJECT, 0);
        if (firstObject != null) {
            // add it before the object
            this.constructionElement.insertBefore(keyInfoElement, firstObject);
            XMLUtils.addReturnBeforeChild(this.constructionElement, firstObject);
        } else {
            // add it as the last element to the signature
            this.constructionElement.appendChild(keyInfoElement);
            XMLUtils.addReturnToElement(this.constructionElement);
        }
    }
    return this.keyInfo;
}
Also used : KeyInfo(com.sun.org.apache.xml.internal.security.keys.KeyInfo) Element(org.w3c.dom.Element)

Example 2 with KeyInfo

use of com.sun.org.apache.xml.internal.security.keys.KeyInfo in project jdk8u_jdk by JetBrains.

the class XMLCipher method decryptToByteArray.

/**
     * Decrypt an EncryptedData element to a byte array.
     *
     * When passed in an EncryptedData node, returns the decryption
     * as a byte array.
     *
     * Does not modify the source document.
     * @param element
     * @return the bytes resulting from the decryption
     * @throws XMLEncryptionException
     */
public byte[] decryptToByteArray(Element element) throws XMLEncryptionException {
    if (log.isLoggable(java.util.logging.Level.FINE)) {
        log.log(java.util.logging.Level.FINE, "Decrypting to ByteArray...");
    }
    if (cipherMode != DECRYPT_MODE) {
        log.log(java.util.logging.Level.SEVERE, "XMLCipher unexpectedly not in DECRYPT_MODE...");
    }
    EncryptedData encryptedData = factory.newEncryptedData(element);
    if (key == null) {
        KeyInfo ki = encryptedData.getKeyInfo();
        if (ki != null) {
            try {
                // Add an EncryptedKey resolver
                String encMethodAlgorithm = encryptedData.getEncryptionMethod().getAlgorithm();
                EncryptedKeyResolver resolver = new EncryptedKeyResolver(encMethodAlgorithm, kek);
                if (internalKeyResolvers != null) {
                    int size = internalKeyResolvers.size();
                    for (int i = 0; i < size; i++) {
                        resolver.registerInternalKeyResolver(internalKeyResolvers.get(i));
                    }
                }
                ki.registerInternalKeyResolver(resolver);
                ki.setSecureValidation(secureValidation);
                key = ki.getSecretKey();
            } catch (KeyResolverException kre) {
                if (log.isLoggable(java.util.logging.Level.FINE)) {
                    log.log(java.util.logging.Level.FINE, kre.getMessage(), kre);
                }
            }
        }
        if (key == null) {
            log.log(java.util.logging.Level.SEVERE, "XMLCipher::decryptElement called without a key and unable to resolve");
            throw new XMLEncryptionException("encryption.nokey");
        }
    }
    // Obtain the encrypted octets
    XMLCipherInput cipherInput = new XMLCipherInput(encryptedData);
    cipherInput.setSecureValidation(secureValidation);
    byte[] encryptedBytes = cipherInput.getBytes();
    // Now create the working cipher
    String jceAlgorithm = JCEMapper.translateURItoJCEID(encryptedData.getEncryptionMethod().getAlgorithm());
    if (log.isLoggable(java.util.logging.Level.FINE)) {
        log.log(java.util.logging.Level.FINE, "JCE Algorithm = " + jceAlgorithm);
    }
    Cipher c;
    try {
        if (requestedJCEProvider == null) {
            c = Cipher.getInstance(jceAlgorithm);
        } else {
            c = Cipher.getInstance(jceAlgorithm, requestedJCEProvider);
        }
    } catch (NoSuchAlgorithmException nsae) {
        throw new XMLEncryptionException("empty", nsae);
    } catch (NoSuchProviderException nspre) {
        throw new XMLEncryptionException("empty", nspre);
    } catch (NoSuchPaddingException nspae) {
        throw new XMLEncryptionException("empty", nspae);
    }
    // Calculate the IV length and copy out
    // For now, we only work with Block ciphers, so this will work.
    // This should probably be put into the JCE mapper.
    int ivLen = c.getBlockSize();
    String alg = encryptedData.getEncryptionMethod().getAlgorithm();
    if (AES_128_GCM.equals(alg) || AES_192_GCM.equals(alg) || AES_256_GCM.equals(alg)) {
        ivLen = 12;
    }
    byte[] ivBytes = new byte[ivLen];
    // You may be able to pass the entire piece in to IvParameterSpec
    // and it will only take the first x bytes, but no way to be certain
    // that this will work for every JCE provider, so lets copy the
    // necessary bytes into a dedicated array.
    System.arraycopy(encryptedBytes, 0, ivBytes, 0, ivLen);
    IvParameterSpec iv = new IvParameterSpec(ivBytes);
    try {
        c.init(cipherMode, key, iv);
    } catch (InvalidKeyException ike) {
        throw new XMLEncryptionException("empty", ike);
    } catch (InvalidAlgorithmParameterException iape) {
        throw new XMLEncryptionException("empty", iape);
    }
    try {
        return c.doFinal(encryptedBytes, ivLen, encryptedBytes.length - ivLen);
    } catch (IllegalBlockSizeException ibse) {
        throw new XMLEncryptionException("empty", ibse);
    } catch (BadPaddingException bpe) {
        throw new XMLEncryptionException("empty", bpe);
    }
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) BadPaddingException(javax.crypto.BadPaddingException) InvalidKeyException(java.security.InvalidKeyException) KeyInfo(com.sun.org.apache.xml.internal.security.keys.KeyInfo) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) NoSuchProviderException(java.security.NoSuchProviderException) EncryptedKeyResolver(com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.EncryptedKeyResolver)

Example 3 with KeyInfo

use of com.sun.org.apache.xml.internal.security.keys.KeyInfo in project jdk8u_jdk by JetBrains.

the class XMLCipher method decryptKey.

/**
     * Decrypt a key from a passed in EncryptedKey structure
     *
     * @param encryptedKey Previously loaded EncryptedKey that needs
     * to be decrypted.
     * @param algorithm Algorithm for the decryption
     * @return a key corresponding to the given type
     * @throws XMLEncryptionException
     */
public Key decryptKey(EncryptedKey encryptedKey, String algorithm) throws XMLEncryptionException {
    if (log.isLoggable(java.util.logging.Level.FINE)) {
        log.log(java.util.logging.Level.FINE, "Decrypting key from previously loaded EncryptedKey...");
    }
    if (cipherMode != UNWRAP_MODE && log.isLoggable(java.util.logging.Level.FINE)) {
        log.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in UNWRAP_MODE...");
    }
    if (algorithm == null) {
        throw new XMLEncryptionException("Cannot decrypt a key without knowing the algorithm");
    }
    if (key == null) {
        if (log.isLoggable(java.util.logging.Level.FINE)) {
            log.log(java.util.logging.Level.FINE, "Trying to find a KEK via key resolvers");
        }
        KeyInfo ki = encryptedKey.getKeyInfo();
        if (ki != null) {
            ki.setSecureValidation(secureValidation);
            try {
                String keyWrapAlg = encryptedKey.getEncryptionMethod().getAlgorithm();
                String keyType = JCEMapper.getJCEKeyAlgorithmFromURI(keyWrapAlg);
                if ("RSA".equals(keyType)) {
                    key = ki.getPrivateKey();
                } else {
                    key = ki.getSecretKey();
                }
            } catch (Exception e) {
                if (log.isLoggable(java.util.logging.Level.FINE)) {
                    log.log(java.util.logging.Level.FINE, e.getMessage(), e);
                }
            }
        }
        if (key == null) {
            log.log(java.util.logging.Level.SEVERE, "XMLCipher::decryptKey called without a KEK and cannot resolve");
            throw new XMLEncryptionException("Unable to decrypt without a KEK");
        }
    }
    // Obtain the encrypted octets
    XMLCipherInput cipherInput = new XMLCipherInput(encryptedKey);
    cipherInput.setSecureValidation(secureValidation);
    byte[] encryptedBytes = cipherInput.getBytes();
    String jceKeyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(algorithm);
    if (log.isLoggable(java.util.logging.Level.FINE)) {
        log.log(java.util.logging.Level.FINE, "JCE Key Algorithm: " + jceKeyAlgorithm);
    }
    Cipher c;
    if (contextCipher == null) {
        // Now create the working cipher
        c = constructCipher(encryptedKey.getEncryptionMethod().getAlgorithm(), encryptedKey.getEncryptionMethod().getDigestAlgorithm());
    } else {
        c = contextCipher;
    }
    Key ret;
    try {
        EncryptionMethod encMethod = encryptedKey.getEncryptionMethod();
        OAEPParameterSpec oaepParameters = constructOAEPParameters(encMethod.getAlgorithm(), encMethod.getDigestAlgorithm(), encMethod.getMGFAlgorithm(), encMethod.getOAEPparams());
        if (oaepParameters == null) {
            c.init(Cipher.UNWRAP_MODE, key);
        } else {
            c.init(Cipher.UNWRAP_MODE, key, oaepParameters);
        }
        ret = c.unwrap(encryptedBytes, jceKeyAlgorithm, Cipher.SECRET_KEY);
    } catch (InvalidKeyException ike) {
        throw new XMLEncryptionException("empty", ike);
    } catch (NoSuchAlgorithmException nsae) {
        throw new XMLEncryptionException("empty", nsae);
    } catch (InvalidAlgorithmParameterException e) {
        throw new XMLEncryptionException("empty", e);
    }
    if (log.isLoggable(java.util.logging.Level.FINE)) {
        log.log(java.util.logging.Level.FINE, "Decryption of key type " + algorithm + " OK");
    }
    return ret;
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) URISyntaxException(java.net.URISyntaxException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) Base64DecodingException(com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) InvalidCanonicalizerException(com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException) InvalidTransformException(com.sun.org.apache.xml.internal.security.transforms.InvalidTransformException) XMLSignatureException(com.sun.org.apache.xml.internal.security.signature.XMLSignatureException) BadPaddingException(javax.crypto.BadPaddingException) KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) TransformationException(com.sun.org.apache.xml.internal.security.transforms.TransformationException) XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) NoSuchProviderException(java.security.NoSuchProviderException) OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec) KeyInfo(com.sun.org.apache.xml.internal.security.keys.KeyInfo) Cipher(javax.crypto.Cipher) Key(java.security.Key)

Example 4 with KeyInfo

use of com.sun.org.apache.xml.internal.security.keys.KeyInfo in project jdk8u_jdk by JetBrains.

the class KeyInfoReferenceResolver method resolveReferentKeyInfo.

/**
     * Resolve the KeyInfoReference Element's URI attribute into a KeyInfo instance.
     *
     * @param element
     * @param baseURI
     * @param storage
     * @return the KeyInfo which is referred to by this KeyInfoReference, or null if can not be resolved
     * @throws XMLSecurityException
     */
private KeyInfo resolveReferentKeyInfo(Element element, String baseURI, StorageResolver storage) throws XMLSecurityException {
    KeyInfoReference reference = new KeyInfoReference(element, baseURI);
    Attr uriAttr = reference.getURIAttr();
    XMLSignatureInput resource = resolveInput(uriAttr, baseURI, secureValidation);
    Element referentElement = null;
    try {
        referentElement = obtainReferenceElement(resource);
    } catch (Exception e) {
        if (log.isLoggable(java.util.logging.Level.FINE)) {
            log.log(java.util.logging.Level.FINE, "XMLSecurityException", e);
        }
        return null;
    }
    if (referentElement == null) {
        log.log(java.util.logging.Level.FINE, "De-reference of KeyInfoReference URI returned null: " + uriAttr.getValue());
        return null;
    }
    validateReference(referentElement);
    KeyInfo referent = new KeyInfo(referentElement, baseURI);
    referent.addStorageResolver(storage);
    return referent;
}
Also used : KeyInfo(com.sun.org.apache.xml.internal.security.keys.KeyInfo) Element(org.w3c.dom.Element) KeyInfoReference(com.sun.org.apache.xml.internal.security.keys.content.KeyInfoReference) XMLSignatureInput(com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput) Attr(org.w3c.dom.Attr) IOException(java.io.IOException) CanonicalizationException(com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException) KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) SAXException(org.xml.sax.SAXException) XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)

Aggregations

KeyInfo (com.sun.org.apache.xml.internal.security.keys.KeyInfo)4 KeyResolverException (com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)3 XMLSecurityException (com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)2 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)2 InvalidKeyException (java.security.InvalidKeyException)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 NoSuchProviderException (java.security.NoSuchProviderException)2 BadPaddingException (javax.crypto.BadPaddingException)2 Cipher (javax.crypto.Cipher)2 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)2 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)2 Element (org.w3c.dom.Element)2 CanonicalizationException (com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException)1 InvalidCanonicalizerException (com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException)1 Base64DecodingException (com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException)1 KeyInfoReference (com.sun.org.apache.xml.internal.security.keys.content.KeyInfoReference)1 EncryptedKeyResolver (com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.EncryptedKeyResolver)1 XMLSignatureException (com.sun.org.apache.xml.internal.security.signature.XMLSignatureException)1 XMLSignatureInput (com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput)1 InvalidTransformException (com.sun.org.apache.xml.internal.security.transforms.InvalidTransformException)1