use of org.apache.xml.security.encryption.EncryptedData in project camel by apache.
the class XMLSecurityDataFormat method embedKeyInfoInEncryptedData.
private void embedKeyInfoInEncryptedData(Document document, XMLCipher keyCipher, XMLCipher xmlCipher, Key dataEncryptionkey, Key keyEncryptionKey) throws XMLEncryptionException {
EncryptedKey encryptedKey = keyCipher.encryptKey(document, dataEncryptionkey, mgfAlgorithm, null);
if (addKeyValueForEncryptedKey && keyEncryptionKey instanceof PublicKey) {
KeyInfo keyInfo = new KeyInfo(document);
keyInfo.add((PublicKey) keyEncryptionKey);
encryptedKey.setKeyInfo(keyInfo);
}
KeyInfo keyInfo = new KeyInfo(document);
keyInfo.add(encryptedKey);
EncryptedData encryptedDataElement = xmlCipher.getEncryptedData();
encryptedDataElement.setKeyInfo(keyInfo);
}
use of org.apache.xml.security.encryption.EncryptedData in project OpenAM by OpenRock.
the class FMEncProvider method getSecretKey.
@Override
public SecretKey getSecretKey(String xmlString, Set<PrivateKey> privateKeys) throws SAML2Exception {
String classMethod = "FMEncProvider.getSecretKey: ";
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message(classMethod + "Entering ...");
}
if (xmlString == null || xmlString.length() == 0 || privateKeys == null) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
}
Document doc = XMLUtils.toDOMDocument(xmlString, SAML2SDKUtils.debug);
if (doc == null) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorObtainingElement"));
}
Element rootElement = doc.getDocumentElement();
if (rootElement == null) {
SAML2SDKUtils.debug.error(classMethod + "Empty document.");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("emptyDoc"));
}
Element firstChild = getNextElementNode(rootElement.getFirstChild());
if (firstChild == null) {
SAML2SDKUtils.debug.error(classMethod + "Missing the EncryptedData element.");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingElementEncryptedData"));
}
Element secondChild = getNextElementNode(firstChild.getNextSibling());
if (secondChild == null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message(classMethod + "looking for encrytion key inside first child.");
}
NodeList nl = firstChild.getElementsByTagNameNS(SAML2Constants.NS_XMLENC, "EncryptedKey");
if ((nl == null) || (nl.getLength() == 0)) {
SAML2SDKUtils.debug.error(classMethod + "Missing the EncryptedKey element.");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingElementEncryptedKey"));
} else {
// use the first EncryptedKey found
secondChild = (Element) nl.item(0);
}
}
XMLCipher cipher = null;
try {
cipher = XMLCipher.getInstance();
} catch (XMLEncryptionException xe1) {
SAML2SDKUtils.debug.error(classMethod + "Unable to get a cipher instance.", xe1);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("noCipher"));
}
try {
cipher.init(XMLCipher.DECRYPT_MODE, null);
} catch (XMLEncryptionException xe2) {
SAML2SDKUtils.debug.error(classMethod + "Failed to initialize cipher for decryption mode", xe2);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedInitCipherForDecrypt"));
}
EncryptedData encryptedData = null;
try {
encryptedData = cipher.loadEncryptedData(doc, firstChild);
} catch (XMLEncryptionException xe3) {
SAML2SDKUtils.debug.error(classMethod + "Failed to load encrypted data", xe3);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedLoadingEncryptedData"));
}
EncryptedKey encryptedKey = null;
try {
encryptedKey = cipher.loadEncryptedKey(doc, secondChild);
} catch (XMLEncryptionException xe4) {
SAML2SDKUtils.debug.error(classMethod + "Failed to load encrypted key", xe4);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedLoadingEncryptedKey"));
}
if ((encryptedKey != null) && (encryptedData != null)) {
XMLCipher keyCipher;
try {
keyCipher = XMLCipher.getInstance();
} catch (XMLEncryptionException xe5) {
SAML2SDKUtils.debug.error(classMethod + "Failed to get a cipher instance for decrypting secret key.", xe5);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("noCipher"));
}
return (SecretKey) getEncryptionKey(keyCipher, privateKeys, encryptedKey, encryptedData.getEncryptionMethod().getAlgorithm());
}
return null;
}
use of org.apache.xml.security.encryption.EncryptedData in project OpenAM by OpenRock.
the class AMEncryptionProvider method encryptAndReplace.
/**
* Encrypts the given XML element in a given XML Context document.
* @param doc the context XML Document.
* @param element Element to be encrypted.
* @param secretKeyAlg Encryption Key Algorithm.
* @param keyStrength Encryption Key Strength.
* @param kek Key Encryption Key.
* @param kekStrength Key Encryption Key Strength,
* @param providerID Provider ID
* @param isEncryptResourceID A flag indicates whether it's to encrypt
* ResourceID or not.
* @return org.w3c.dom.Document EncryptedResourceID XML Document if
* isEncryptResourceID is set. Otherwise, return the XML Document
* replaced with encrypted data for a given XML element.
*/
private org.w3c.dom.Document encryptAndReplace(org.w3c.dom.Document doc, org.w3c.dom.Element element, java.lang.String secretKeyAlg, int keyStrength, java.security.Key kek, int kekStrength, String providerID, boolean isEncryptResourceID) throws EncryptionException {
if (doc == null || element == null || kek == null) {
EncryptionUtils.debug.error("AMEncryptionProvider.encryptAnd" + "Replace: Null values");
throw new EncryptionException(EncryptionUtils.bundle.getString("nullValues"));
}
SecretKey secretKey = null;
String secretKeyAlgShortName = getEncryptionAlgorithmShortName(secretKeyAlg);
if (providerID != null) {
if (keyMap.containsKey(providerID)) {
secretKey = (SecretKey) keyMap.get(providerID);
} else {
secretKey = generateSecretKey(secretKeyAlgShortName, keyStrength);
keyMap.put(providerID, secretKey);
}
} else {
secretKey = generateSecretKey(secretKeyAlgShortName, keyStrength);
}
if (secretKey == null) {
throw new EncryptionException(EncryptionUtils.bundle.getString("generateKeyError"));
}
try {
XMLCipher cipher = null;
String keyEncAlg = kek.getAlgorithm();
if (keyEncAlg.equals(EncryptionConstants.RSA)) {
cipher = XMLCipher.getInstance(XMLCipher.RSA_v1dot5);
} else if (keyEncAlg.equals(EncryptionConstants.TRIPLEDES)) {
cipher = XMLCipher.getInstance(XMLCipher.TRIPLEDES_KeyWrap);
} else if (keyEncAlg.equals(EncryptionConstants.AES)) {
if (kekStrength == 0 || kekStrength == 128) {
cipher = XMLCipher.getInstance(XMLCipher.AES_128_KeyWrap);
} else if (kekStrength == 192) {
cipher = XMLCipher.getInstance(XMLCipher.AES_192_KeyWrap);
} else if (kekStrength == 256) {
cipher = XMLCipher.getInstance(XMLCipher.AES_256_KeyWrap);
} else {
throw new EncryptionException(EncryptionUtils.bundle.getString("invalidKeyStrength"));
}
} else {
throw new EncryptionException(EncryptionUtils.bundle.getString("unsupportedKeyAlg"));
}
// Encrypt the key with key encryption key
cipher.init(XMLCipher.WRAP_MODE, kek);
EncryptedKey encryptedKey = cipher.encryptKey(doc, secretKey);
KeyInfo insideKi = new KeyInfo(doc);
X509Data x509Data = new X509Data(doc);
x509Data.addCertificate((X509Certificate) keyProvider.getCertificate((PublicKey) kek));
insideKi.add(x509Data);
encryptedKey.setKeyInfo(insideKi);
String ekID = null;
if (isEncryptResourceID) {
ekID = com.sun.identity.saml.common.SAMLUtils.generateID();
encryptedKey.setId(ekID);
}
if (EncryptionUtils.debug.messageEnabled()) {
EncryptionUtils.debug.message("AMEncryptionProvider.encrypt" + "AndReplace: Encrypted key = " + toString(cipher.martial(doc, encryptedKey)));
}
String encAlgorithm = getEncryptionAlgorithm(secretKeyAlgShortName, keyStrength);
cipher = XMLCipher.getInstance(encAlgorithm);
cipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
EncryptedData builder = cipher.getEncryptedData();
KeyInfo builderKeyInfo = builder.getKeyInfo();
if (builderKeyInfo == null) {
builderKeyInfo = new KeyInfo(doc);
builder.setKeyInfo(builderKeyInfo);
}
if (isEncryptResourceID) {
builderKeyInfo.addKeyName(providerID);
builderKeyInfo.addRetrievalMethod("#" + ekID, null, "http://www.w3.org/2001/04/xmlenc#EncryptedKey");
} else {
builderKeyInfo.add(encryptedKey);
}
Document result = cipher.doFinal(doc, element);
if (isEncryptResourceID) {
Element ee = (Element) result.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedData").item(0);
Node parentNode = ee.getParentNode();
Element newone = result.createElementNS("urn:liberty:disco:2003-08", "EncryptedResourceID");
parentNode.replaceChild(newone, ee);
newone.appendChild(ee);
Element ek = cipher.martial(doc, encryptedKey);
Element carriedName = doc.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CarriedKeyName");
carriedName.appendChild(doc.createTextNode(providerID));
ek.appendChild(carriedName);
newone.appendChild(ek);
}
return result;
} catch (Exception xe) {
EncryptionUtils.debug.error("AMEncryptionProvider.encryptAnd" + "Replace: XML Encryption error", xe);
throw new EncryptionException(xe);
}
}
use of org.apache.xml.security.encryption.EncryptedData in project testcases by coheigea.
the class EncryptionUtils method encryptUsingDOM.
/**
* Encrypt the document using the DOM API of Apache Santuario - XML Security for Java.
* It encrypts a list of QNames that it finds in the Document via XPath. If a wrappingKey
* is supplied, this is used to encrypt the encryptingKey + place it in an EncryptedKey
* structure.
*/
public static void encryptUsingDOM(Document document, List<QName> namesToEncrypt, String algorithm, Key encryptingKey, String keyTransportAlgorithm, PublicKey wrappingKey, boolean content) throws Exception {
XMLCipher cipher = XMLCipher.getInstance(algorithm);
cipher.init(XMLCipher.ENCRYPT_MODE, encryptingKey);
if (wrappingKey != null) {
XMLCipher newCipher = XMLCipher.getInstance(keyTransportAlgorithm);
newCipher.init(XMLCipher.WRAP_MODE, wrappingKey);
EncryptedKey encryptedKey = newCipher.encryptKey(document, encryptingKey);
// Create a KeyInfo for the EncryptedKey
KeyInfo encryptedKeyKeyInfo = encryptedKey.getKeyInfo();
if (encryptedKeyKeyInfo == null) {
encryptedKeyKeyInfo = new KeyInfo(document);
encryptedKeyKeyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
encryptedKey.setKeyInfo(encryptedKeyKeyInfo);
}
encryptedKeyKeyInfo.add(wrappingKey);
// Create a KeyInfo for the EncryptedData
EncryptedData builder = cipher.getEncryptedData();
KeyInfo builderKeyInfo = builder.getKeyInfo();
if (builderKeyInfo == null) {
builderKeyInfo = new KeyInfo(document);
builderKeyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
builder.setKeyInfo(builderKeyInfo);
}
builderKeyInfo.add(encryptedKey);
}
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
for (QName nameToEncrypt : namesToEncrypt) {
String expression = "//*[local-name()='" + nameToEncrypt.getLocalPart() + "']";
NodeList elementsToEncrypt = (NodeList) xpath.evaluate(expression, document, XPathConstants.NODESET);
for (int i = 0; i < elementsToEncrypt.getLength(); i++) {
Element elementToEncrypt = (Element) elementsToEncrypt.item(i);
Assert.assertNotNull(elementToEncrypt);
document = cipher.doFinal(document, elementToEncrypt, content);
}
}
String expression = "//xenc:EncryptedData[1]";
Element encElement = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
Assert.assertNotNull(encElement);
}
use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.
the class KeyWrapEncryptionCreationTest method decryptUsingDOM.
private Document decryptUsingDOM(Document document, Key keyWrappingKey) throws Exception {
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(), XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart());
Element ee = (Element) nodeList.item(0);
// Need to pre-load the Encrypted Data so we can get the key info
XMLCipher cipher = XMLCipher.getInstance();
cipher.init(XMLCipher.DECRYPT_MODE, null);
EncryptedData encryptedData = cipher.loadEncryptedData(document, ee);
XMLCipher kwCipher = XMLCipher.getInstance();
kwCipher.init(XMLCipher.UNWRAP_MODE, keyWrappingKey);
KeyInfo ki = encryptedData.getKeyInfo();
EncryptedKey encryptedKey = ki.itemEncryptedKey(0);
Key symmetricKey = kwCipher.decryptKey(encryptedKey, encryptedData.getEncryptionMethod().getAlgorithm());
cipher.init(XMLCipher.DECRYPT_MODE, symmetricKey);
return cipher.doFinal(document, ee);
}
Aggregations