use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.
the class XMLCipherTest method testAes192ElementCipher.
@org.junit.Test
public void testAes192ElementCipher() throws Exception {
byte[] bits192 = { (byte) 0x08, (byte) 0x09, (byte) 0x0A, (byte) 0x0B, (byte) 0x0C, (byte) 0x0D, (byte) 0x0E, (byte) 0x0F, (byte) 0x10, (byte) 0x11, (byte) 0x12, (byte) 0x13, (byte) 0x14, (byte) 0x15, (byte) 0x16, (byte) 0x17, (byte) 0x18, (byte) 0x19, (byte) 0x1A, (byte) 0x1B, (byte) 0x1C, (byte) 0x1D, (byte) 0x1E, (byte) 0x1F };
Key key = new SecretKeySpec(bits192, "AES");
// source
Document d = document();
// target
Document ed = null;
// target
Document dd = null;
Element e = (Element) d.getElementsByTagName(element()).item(index());
Element ee = null;
String source = null;
String target = null;
if (haveISOPadding) {
source = toString(d);
// encrypt
cipher = XMLCipher.getInstance(XMLCipher.AES_192);
cipher.init(XMLCipher.ENCRYPT_MODE, key);
ed = cipher.doFinal(d, e);
// decrypt
cipher = XMLCipher.getInstance(XMLCipher.AES_192);
cipher.init(XMLCipher.DECRYPT_MODE, key);
ee = (Element) ed.getElementsByTagName("xenc:EncryptedData").item(0);
EncryptedData encryptedData = cipher.loadEncryptedData(ed, ee);
String algorithm = encryptedData.getEncryptionMethod().getAlgorithm();
assertEquals(XMLCipher.AES_192, algorithm);
dd = cipher.doFinal(ed, ee);
target = toString(dd);
assertEquals(source, target);
} else {
LOG.warn("Test testAes192ElementCipher skipped as necessary algorithms not available");
}
}
use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.
the class KeyResolverTest method testResolvePrivateKey.
/**
* Encrypt some data, embedded the data encryption key
* in the message using the key transport algorithm rsa-1_5.
* Decrypt the data by resolving the Key Encryption Key.
* This test verifies if a KeyResolver can return a PrivateKey.
*/
@org.junit.Test
public void testResolvePrivateKey() throws Exception {
// See if AES-128 is available...
String algorithmId = JCEMapper.translateURItoJCEID(org.apache.xml.security.utils.EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
boolean haveAES = false;
if (algorithmId != null) {
try {
if (Cipher.getInstance(algorithmId) != null) {
haveAES = true;
}
} catch (NoSuchAlgorithmException nsae) {
//
} catch (NoSuchPaddingException nspe) {
//
}
}
if (!haveAES) {
return;
}
// Create a sample XML document
Document document = XMLUtils.createDocumentBuilder(false).newDocument();
Element rootElement = document.createElement("root");
document.appendChild(rootElement);
Element elem = document.createElement("elem");
Text text = document.createTextNode("text");
elem.appendChild(text);
rootElement.appendChild(elem);
// Create a data encryption key
byte[] keyBytes = { 0, 1, 2, 3, 4, 5, 6, 7, 0, 1, 2, 3, 4, 5, 6, 7 };
SecretKeySpec dataEncryptKey = new SecretKeySpec(keyBytes, "AES");
// Create public and private keys
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger("8710a2bcb2f3fdac177f0ae0461c2dd0ebf72e0d88a5400583a7d8bdabd6" + "ae009d30cfdf6acb5b6a64cdc730bc630a39d946d08babffe62ea20a87e37c93b3b0e8a8e576045b" + "bddfbde83ca9bfa180fe6a5f5eee60661936d728314e809201ef52cd71d9fa3c8ce83f9d30ab5e08" + "1539219e7e45dd6a60be65ac95d2049b8f21", 16), new BigInteger("10001", 16));
RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(new BigInteger("8710a2bcb2f3fdac177f0ae0461c2dd0ebf72e0d88a5400583a7d8bdabd" + "6ae009d30cfdf6acb5b6a64cdc730bc630a39d946d08babffe62ea20a87e37c93b3b0e8a8e576045" + "bbddfbde83ca9bfa180fe6a5f5eee60661936d728314e809201ef52cd71d9fa3c8ce83f9d30ab5e0" + "81539219e7e45dd6a60be65ac95d2049b8f21", 16), new BigInteger("20c39e569c2aa80cc91e5e6b0d56e49e5bbf78827bf56a546c1d996c597" + "5187cb9a50fa828e5efe51d52f5d112c20bc700b836facadca6e0051afcdfe866841e37d207c0295" + "36ff8674b301e2198b2c56abb0a0313f8ff84c1fcd6fa541aa6e5d9c018fab4784d2940def5dc709" + "ddc714d73b6c23b5d178eaa5933577b8e8ae9", 16));
RSAPublicKey pubKey = (RSAPublicKey) keyFactory.generatePublic(pubKeySpec);
RSAPrivateKey privKey = (RSAPrivateKey) keyFactory.generatePrivate(privKeySpec);
// Encrypt the data encryption key with the key encryption key
XMLCipher keyCipher = XMLCipher.getInstance(XMLCipher.RSA_v1dot5);
keyCipher.init(XMLCipher.WRAP_MODE, pubKey);
EncryptedKey encryptedKey = keyCipher.encryptKey(document, dataEncryptKey);
String keyName = "testResolvePrivateKey";
KeyInfo kekInfo = new KeyInfo(document);
kekInfo.addKeyName(keyName);
encryptedKey.setKeyInfo(kekInfo);
// Encrypt the data
XMLCipher xmlCipher = XMLCipher.getInstance(XMLCipher.AES_128);
xmlCipher.init(XMLCipher.ENCRYPT_MODE, dataEncryptKey);
EncryptedData encryptedData = xmlCipher.getEncryptedData();
KeyInfo keyInfo = new KeyInfo(document);
keyInfo.add(encryptedKey);
encryptedData.setKeyInfo(keyInfo);
xmlCipher.doFinal(document, rootElement, true);
Element encryptedDataElement = (Element) rootElement.getFirstChild();
assertEquals("EncryptedData", encryptedDataElement.getLocalName());
// Decrypt the data by resolving the private key used as the KEK
// First test with an internal KeyResolver
MyPrivateKeyResolver.pk = privKey;
MyPrivateKeyResolver.pkName = keyName;
decryptDocument(document, new MyPrivateKeyResolver());
// Now test with a static KeyResolver
KeyResolver.registerAtStart(MyPrivateKeyResolver.class.getName(), false);
KeyResolverSpi resolver = KeyResolver.iterator().next();
assertEquals(MyPrivateKeyResolver.class.getName(), resolver.getClass().getName());
decryptDocument(document, null);
}
use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.
the class KeyWrapEncryptionAlgorithmTest method decrypt.
private Document decrypt(Document document, Key keyWrappingKey) throws Exception {
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(), XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart());
Element ee = (Element) nodeList.item(0);
// Need to pre-load the Encrypted Data so we can get the key info
XMLCipher cipher = XMLCipher.getInstance();
cipher.init(XMLCipher.DECRYPT_MODE, null);
EncryptedData encryptedData = cipher.loadEncryptedData(document, ee);
XMLCipher kwCipher = XMLCipher.getInstance();
kwCipher.init(XMLCipher.UNWRAP_MODE, keyWrappingKey);
KeyInfo ki = encryptedData.getKeyInfo();
EncryptedKey encryptedKey = ki.itemEncryptedKey(0);
Key symmetricKey = kwCipher.decryptKey(encryptedKey, encryptedData.getEncryptionMethod().getAlgorithm());
cipher.init(XMLCipher.DECRYPT_MODE, symmetricKey);
return cipher.doFinal(document, ee);
}
use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.
the class KeyWrapEncryptionAlgorithmTest method encrypt.
private void encrypt(EncryptedKey encryptedKey, String algorithm, Document document, List<String> localNames, Key encryptingKey) throws Exception {
XMLCipher cipher = XMLCipher.getInstance(algorithm);
cipher.init(XMLCipher.ENCRYPT_MODE, encryptingKey);
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
EncryptedData builder = cipher.getEncryptedData();
KeyInfo builderKeyInfo = builder.getKeyInfo();
if (builderKeyInfo == null) {
builderKeyInfo = new KeyInfo(document);
builder.setKeyInfo(builderKeyInfo);
}
builderKeyInfo.add(encryptedKey);
for (String localName : localNames) {
String expression = "//*[local-name()='" + localName + "']";
Element elementToEncrypt = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
Assert.assertNotNull(elementToEncrypt);
document = cipher.doFinal(document, elementToEncrypt, false);
}
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(), XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart());
Assert.assertTrue(nodeList.getLength() > 0);
}
use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.
the class DecryptionTest method encryptUsingDOM.
/**
* Encrypt the document using DOM APIs and run some tests on the encrypted Document.
*/
private void encryptUsingDOM(String algorithm, SecretKey secretKey, String keyTransportAlgorithm, Key wrappingKey, KeyInfo encryptedKeyKeyInfo, Document document, List<String> localNames, boolean content) throws Exception {
XMLCipher cipher = XMLCipher.getInstance(algorithm);
cipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
if (wrappingKey != null) {
XMLCipher newCipher = XMLCipher.getInstance(keyTransportAlgorithm);
newCipher.init(XMLCipher.WRAP_MODE, wrappingKey);
EncryptedKey encryptedKey = newCipher.encryptKey(document, secretKey);
if (encryptedKeyKeyInfo != null) {
encryptedKey.setKeyInfo(encryptedKeyKeyInfo);
}
EncryptedData builder = cipher.getEncryptedData();
KeyInfo builderKeyInfo = builder.getKeyInfo();
if (builderKeyInfo == null) {
builderKeyInfo = new KeyInfo(document);
builderKeyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
builder.setKeyInfo(builderKeyInfo);
}
builderKeyInfo.add(encryptedKey);
}
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
for (String localName : localNames) {
String expression = "//*[local-name()='" + localName + "']";
Element elementToEncrypt = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
Assert.assertNotNull(elementToEncrypt);
document = cipher.doFinal(document, elementToEncrypt, content);
}
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(), XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart());
Assert.assertTrue(nodeList.getLength() > 0);
}
Aggregations