Search in sources :

Example 11 with EncryptedData

use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.

the class XMLCipherTest method testAes192ElementCipher.

@org.junit.Test
public void testAes192ElementCipher() throws Exception {
    byte[] bits192 = { (byte) 0x08, (byte) 0x09, (byte) 0x0A, (byte) 0x0B, (byte) 0x0C, (byte) 0x0D, (byte) 0x0E, (byte) 0x0F, (byte) 0x10, (byte) 0x11, (byte) 0x12, (byte) 0x13, (byte) 0x14, (byte) 0x15, (byte) 0x16, (byte) 0x17, (byte) 0x18, (byte) 0x19, (byte) 0x1A, (byte) 0x1B, (byte) 0x1C, (byte) 0x1D, (byte) 0x1E, (byte) 0x1F };
    Key key = new SecretKeySpec(bits192, "AES");
    // source
    Document d = document();
    // target
    Document ed = null;
    // target
    Document dd = null;
    Element e = (Element) d.getElementsByTagName(element()).item(index());
    Element ee = null;
    String source = null;
    String target = null;
    if (haveISOPadding) {
        source = toString(d);
        // encrypt
        cipher = XMLCipher.getInstance(XMLCipher.AES_192);
        cipher.init(XMLCipher.ENCRYPT_MODE, key);
        ed = cipher.doFinal(d, e);
        // decrypt
        cipher = XMLCipher.getInstance(XMLCipher.AES_192);
        cipher.init(XMLCipher.DECRYPT_MODE, key);
        ee = (Element) ed.getElementsByTagName("xenc:EncryptedData").item(0);
        EncryptedData encryptedData = cipher.loadEncryptedData(ed, ee);
        String algorithm = encryptedData.getEncryptionMethod().getAlgorithm();
        assertEquals(XMLCipher.AES_192, algorithm);
        dd = cipher.doFinal(ed, ee);
        target = toString(dd);
        assertEquals(source, target);
    } else {
        LOG.warn("Test testAes192ElementCipher skipped as necessary algorithms not available");
    }
}
Also used : SecretKeySpec(javax.crypto.spec.SecretKeySpec) Element(org.w3c.dom.Element) EncryptedData(org.apache.xml.security.encryption.EncryptedData) Document(org.w3c.dom.Document) PublicKey(java.security.PublicKey) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey)

Example 12 with EncryptedData

use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.

the class KeyResolverTest method testResolvePrivateKey.

/**
 * Encrypt some data, embedded the data encryption key
 * in the message using the key transport algorithm rsa-1_5.
 * Decrypt the data by resolving the Key Encryption Key.
 * This test verifies if a KeyResolver can return a PrivateKey.
 */
@org.junit.Test
public void testResolvePrivateKey() throws Exception {
    // See if AES-128 is available...
    String algorithmId = JCEMapper.translateURItoJCEID(org.apache.xml.security.utils.EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
    boolean haveAES = false;
    if (algorithmId != null) {
        try {
            if (Cipher.getInstance(algorithmId) != null) {
                haveAES = true;
            }
        } catch (NoSuchAlgorithmException nsae) {
        // 
        } catch (NoSuchPaddingException nspe) {
        // 
        }
    }
    if (!haveAES) {
        return;
    }
    // Create a sample XML document
    Document document = XMLUtils.createDocumentBuilder(false).newDocument();
    Element rootElement = document.createElement("root");
    document.appendChild(rootElement);
    Element elem = document.createElement("elem");
    Text text = document.createTextNode("text");
    elem.appendChild(text);
    rootElement.appendChild(elem);
    // Create a data encryption key
    byte[] keyBytes = { 0, 1, 2, 3, 4, 5, 6, 7, 0, 1, 2, 3, 4, 5, 6, 7 };
    SecretKeySpec dataEncryptKey = new SecretKeySpec(keyBytes, "AES");
    // Create public and private keys
    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
    RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger("8710a2bcb2f3fdac177f0ae0461c2dd0ebf72e0d88a5400583a7d8bdabd6" + "ae009d30cfdf6acb5b6a64cdc730bc630a39d946d08babffe62ea20a87e37c93b3b0e8a8e576045b" + "bddfbde83ca9bfa180fe6a5f5eee60661936d728314e809201ef52cd71d9fa3c8ce83f9d30ab5e08" + "1539219e7e45dd6a60be65ac95d2049b8f21", 16), new BigInteger("10001", 16));
    RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(new BigInteger("8710a2bcb2f3fdac177f0ae0461c2dd0ebf72e0d88a5400583a7d8bdabd" + "6ae009d30cfdf6acb5b6a64cdc730bc630a39d946d08babffe62ea20a87e37c93b3b0e8a8e576045" + "bbddfbde83ca9bfa180fe6a5f5eee60661936d728314e809201ef52cd71d9fa3c8ce83f9d30ab5e0" + "81539219e7e45dd6a60be65ac95d2049b8f21", 16), new BigInteger("20c39e569c2aa80cc91e5e6b0d56e49e5bbf78827bf56a546c1d996c597" + "5187cb9a50fa828e5efe51d52f5d112c20bc700b836facadca6e0051afcdfe866841e37d207c0295" + "36ff8674b301e2198b2c56abb0a0313f8ff84c1fcd6fa541aa6e5d9c018fab4784d2940def5dc709" + "ddc714d73b6c23b5d178eaa5933577b8e8ae9", 16));
    RSAPublicKey pubKey = (RSAPublicKey) keyFactory.generatePublic(pubKeySpec);
    RSAPrivateKey privKey = (RSAPrivateKey) keyFactory.generatePrivate(privKeySpec);
    // Encrypt the data encryption key with the key encryption key
    XMLCipher keyCipher = XMLCipher.getInstance(XMLCipher.RSA_v1dot5);
    keyCipher.init(XMLCipher.WRAP_MODE, pubKey);
    EncryptedKey encryptedKey = keyCipher.encryptKey(document, dataEncryptKey);
    String keyName = "testResolvePrivateKey";
    KeyInfo kekInfo = new KeyInfo(document);
    kekInfo.addKeyName(keyName);
    encryptedKey.setKeyInfo(kekInfo);
    // Encrypt the data
    XMLCipher xmlCipher = XMLCipher.getInstance(XMLCipher.AES_128);
    xmlCipher.init(XMLCipher.ENCRYPT_MODE, dataEncryptKey);
    EncryptedData encryptedData = xmlCipher.getEncryptedData();
    KeyInfo keyInfo = new KeyInfo(document);
    keyInfo.add(encryptedKey);
    encryptedData.setKeyInfo(keyInfo);
    xmlCipher.doFinal(document, rootElement, true);
    Element encryptedDataElement = (Element) rootElement.getFirstChild();
    assertEquals("EncryptedData", encryptedDataElement.getLocalName());
    // Decrypt the data by resolving the private key used as the KEK
    // First test with an internal KeyResolver
    MyPrivateKeyResolver.pk = privKey;
    MyPrivateKeyResolver.pkName = keyName;
    decryptDocument(document, new MyPrivateKeyResolver());
    // Now test with a static KeyResolver
    KeyResolver.registerAtStart(MyPrivateKeyResolver.class.getName(), false);
    KeyResolverSpi resolver = KeyResolver.iterator().next();
    assertEquals(MyPrivateKeyResolver.class.getName(), resolver.getClass().getName());
    decryptDocument(document, null);
}
Also used : EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) Element(org.w3c.dom.Element) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) XMLCipher(org.apache.xml.security.encryption.XMLCipher) Text(org.w3c.dom.Text) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) Document(org.w3c.dom.Document) RSAPrivateKeySpec(java.security.spec.RSAPrivateKeySpec) RSAPublicKey(java.security.interfaces.RSAPublicKey) KeyInfo(org.apache.xml.security.keys.KeyInfo) SecretKeySpec(javax.crypto.spec.SecretKeySpec) KeyResolverSpi(org.apache.xml.security.keys.keyresolver.KeyResolverSpi) BigInteger(java.math.BigInteger) EncryptedData(org.apache.xml.security.encryption.EncryptedData) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) KeyFactory(java.security.KeyFactory)

Example 13 with EncryptedData

use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.

the class KeyWrapEncryptionAlgorithmTest method decrypt.

private Document decrypt(Document document, Key keyWrappingKey) throws Exception {
    NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(), XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart());
    Element ee = (Element) nodeList.item(0);
    // Need to pre-load the Encrypted Data so we can get the key info
    XMLCipher cipher = XMLCipher.getInstance();
    cipher.init(XMLCipher.DECRYPT_MODE, null);
    EncryptedData encryptedData = cipher.loadEncryptedData(document, ee);
    XMLCipher kwCipher = XMLCipher.getInstance();
    kwCipher.init(XMLCipher.UNWRAP_MODE, keyWrappingKey);
    KeyInfo ki = encryptedData.getKeyInfo();
    EncryptedKey encryptedKey = ki.itemEncryptedKey(0);
    Key symmetricKey = kwCipher.decryptKey(encryptedKey, encryptedData.getEncryptionMethod().getAlgorithm());
    cipher.init(XMLCipher.DECRYPT_MODE, symmetricKey);
    return cipher.doFinal(document, ee);
}
Also used : KeyInfo(org.apache.xml.security.keys.KeyInfo) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) NodeList(org.w3c.dom.NodeList) Element(org.w3c.dom.Element) XMLCipher(org.apache.xml.security.encryption.XMLCipher) EncryptedData(org.apache.xml.security.encryption.EncryptedData) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) Key(java.security.Key) SecretKey(javax.crypto.SecretKey)

Example 14 with EncryptedData

use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.

the class KeyWrapEncryptionAlgorithmTest method encrypt.

private void encrypt(EncryptedKey encryptedKey, String algorithm, Document document, List<String> localNames, Key encryptingKey) throws Exception {
    XMLCipher cipher = XMLCipher.getInstance(algorithm);
    cipher.init(XMLCipher.ENCRYPT_MODE, encryptingKey);
    XPathFactory xpf = XPathFactory.newInstance();
    XPath xpath = xpf.newXPath();
    xpath.setNamespaceContext(new DSNamespaceContext());
    EncryptedData builder = cipher.getEncryptedData();
    KeyInfo builderKeyInfo = builder.getKeyInfo();
    if (builderKeyInfo == null) {
        builderKeyInfo = new KeyInfo(document);
        builder.setKeyInfo(builderKeyInfo);
    }
    builderKeyInfo.add(encryptedKey);
    for (String localName : localNames) {
        String expression = "//*[local-name()='" + localName + "']";
        Element elementToEncrypt = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
        Assert.assertNotNull(elementToEncrypt);
        document = cipher.doFinal(document, elementToEncrypt, false);
    }
    NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(), XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart());
    Assert.assertTrue(nodeList.getLength() > 0);
}
Also used : XPath(javax.xml.xpath.XPath) XPathFactory(javax.xml.xpath.XPathFactory) KeyInfo(org.apache.xml.security.keys.KeyInfo) DSNamespaceContext(org.apache.xml.security.test.dom.DSNamespaceContext) Element(org.w3c.dom.Element) NodeList(org.w3c.dom.NodeList) XMLCipher(org.apache.xml.security.encryption.XMLCipher) EncryptedData(org.apache.xml.security.encryption.EncryptedData)

Example 15 with EncryptedData

use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.

the class DecryptionTest method encryptUsingDOM.

/**
 * Encrypt the document using DOM APIs and run some tests on the encrypted Document.
 */
private void encryptUsingDOM(String algorithm, SecretKey secretKey, String keyTransportAlgorithm, Key wrappingKey, KeyInfo encryptedKeyKeyInfo, Document document, List<String> localNames, boolean content) throws Exception {
    XMLCipher cipher = XMLCipher.getInstance(algorithm);
    cipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
    if (wrappingKey != null) {
        XMLCipher newCipher = XMLCipher.getInstance(keyTransportAlgorithm);
        newCipher.init(XMLCipher.WRAP_MODE, wrappingKey);
        EncryptedKey encryptedKey = newCipher.encryptKey(document, secretKey);
        if (encryptedKeyKeyInfo != null) {
            encryptedKey.setKeyInfo(encryptedKeyKeyInfo);
        }
        EncryptedData builder = cipher.getEncryptedData();
        KeyInfo builderKeyInfo = builder.getKeyInfo();
        if (builderKeyInfo == null) {
            builderKeyInfo = new KeyInfo(document);
            builderKeyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
            builder.setKeyInfo(builderKeyInfo);
        }
        builderKeyInfo.add(encryptedKey);
    }
    XPathFactory xpf = XPathFactory.newInstance();
    XPath xpath = xpf.newXPath();
    xpath.setNamespaceContext(new DSNamespaceContext());
    for (String localName : localNames) {
        String expression = "//*[local-name()='" + localName + "']";
        Element elementToEncrypt = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
        Assert.assertNotNull(elementToEncrypt);
        document = cipher.doFinal(document, elementToEncrypt, content);
    }
    NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(), XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart());
    Assert.assertTrue(nodeList.getLength() > 0);
}
Also used : XPath(javax.xml.xpath.XPath) XPathFactory(javax.xml.xpath.XPathFactory) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) KeyInfo(org.apache.xml.security.keys.KeyInfo) DSNamespaceContext(org.apache.xml.security.test.dom.DSNamespaceContext) XMLCipher(org.apache.xml.security.encryption.XMLCipher) EncryptedData(org.apache.xml.security.encryption.EncryptedData)

Aggregations

EncryptedData (org.apache.xml.security.encryption.EncryptedData)30 Element (org.w3c.dom.Element)26 EncryptedKey (org.apache.xml.security.encryption.EncryptedKey)24 XMLCipher (org.apache.xml.security.encryption.XMLCipher)21 Document (org.w3c.dom.Document)21 SecretKey (javax.crypto.SecretKey)20 KeyInfo (org.apache.xml.security.keys.KeyInfo)18 Key (java.security.Key)17 PrivateKey (java.security.PrivateKey)15 PublicKey (java.security.PublicKey)12 NodeList (org.w3c.dom.NodeList)10 SecretKeySpec (javax.crypto.spec.SecretKeySpec)7 XPath (javax.xml.xpath.XPath)5 XPathFactory (javax.xml.xpath.XPathFactory)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 KeyGenerator (javax.crypto.KeyGenerator)4 DSNamespaceContext (org.apache.xml.security.test.dom.DSNamespaceContext)4 SecretKeyFactory (javax.crypto.SecretKeyFactory)3 DESedeKeySpec (javax.crypto.spec.DESedeKeySpec)3 DocumentBuilder (javax.xml.parsers.DocumentBuilder)3