Search in sources :

Example 16 with EncryptedData

use of org.apache.xml.security.encryption.EncryptedData in project camel by apache.

the class XMLSecurityDataFormat method embedKeyInfoInEncryptedData.

private void embedKeyInfoInEncryptedData(Document document, XMLCipher keyCipher, XMLCipher xmlCipher, Key dataEncryptionkey, Key keyEncryptionKey) throws XMLEncryptionException {
    EncryptedKey encryptedKey = keyCipher.encryptKey(document, dataEncryptionkey, mgfAlgorithm, null);
    if (addKeyValueForEncryptedKey && keyEncryptionKey instanceof PublicKey) {
        KeyInfo keyInfo = new KeyInfo(document);
        keyInfo.add((PublicKey) keyEncryptionKey);
        encryptedKey.setKeyInfo(keyInfo);
    }
    KeyInfo keyInfo = new KeyInfo(document);
    keyInfo.add(encryptedKey);
    EncryptedData encryptedDataElement = xmlCipher.getEncryptedData();
    encryptedDataElement.setKeyInfo(keyInfo);
}
Also used : EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) KeyInfo(org.apache.xml.security.keys.KeyInfo) PublicKey(java.security.PublicKey) EncryptedData(org.apache.xml.security.encryption.EncryptedData)

Example 17 with EncryptedData

use of org.apache.xml.security.encryption.EncryptedData in project OpenAM by OpenRock.

the class FMEncProvider method getSecretKey.

@Override
public SecretKey getSecretKey(String xmlString, Set<PrivateKey> privateKeys) throws SAML2Exception {
    String classMethod = "FMEncProvider.getSecretKey: ";
    if (SAML2SDKUtils.debug.messageEnabled()) {
        SAML2SDKUtils.debug.message(classMethod + "Entering ...");
    }
    if (xmlString == null || xmlString.length() == 0 || privateKeys == null) {
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
    }
    Document doc = XMLUtils.toDOMDocument(xmlString, SAML2SDKUtils.debug);
    if (doc == null) {
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorObtainingElement"));
    }
    Element rootElement = doc.getDocumentElement();
    if (rootElement == null) {
        SAML2SDKUtils.debug.error(classMethod + "Empty document.");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("emptyDoc"));
    }
    Element firstChild = getNextElementNode(rootElement.getFirstChild());
    if (firstChild == null) {
        SAML2SDKUtils.debug.error(classMethod + "Missing the EncryptedData element.");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingElementEncryptedData"));
    }
    Element secondChild = getNextElementNode(firstChild.getNextSibling());
    if (secondChild == null) {
        if (SAML2SDKUtils.debug.messageEnabled()) {
            SAML2SDKUtils.debug.message(classMethod + "looking for encrytion key inside first child.");
        }
        NodeList nl = firstChild.getElementsByTagNameNS(SAML2Constants.NS_XMLENC, "EncryptedKey");
        if ((nl == null) || (nl.getLength() == 0)) {
            SAML2SDKUtils.debug.error(classMethod + "Missing the EncryptedKey element.");
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingElementEncryptedKey"));
        } else {
            // use the first EncryptedKey found
            secondChild = (Element) nl.item(0);
        }
    }
    XMLCipher cipher = null;
    try {
        cipher = XMLCipher.getInstance();
    } catch (XMLEncryptionException xe1) {
        SAML2SDKUtils.debug.error(classMethod + "Unable to get a cipher instance.", xe1);
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("noCipher"));
    }
    try {
        cipher.init(XMLCipher.DECRYPT_MODE, null);
    } catch (XMLEncryptionException xe2) {
        SAML2SDKUtils.debug.error(classMethod + "Failed to initialize cipher for decryption mode", xe2);
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedInitCipherForDecrypt"));
    }
    EncryptedData encryptedData = null;
    try {
        encryptedData = cipher.loadEncryptedData(doc, firstChild);
    } catch (XMLEncryptionException xe3) {
        SAML2SDKUtils.debug.error(classMethod + "Failed to load encrypted data", xe3);
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedLoadingEncryptedData"));
    }
    EncryptedKey encryptedKey = null;
    try {
        encryptedKey = cipher.loadEncryptedKey(doc, secondChild);
    } catch (XMLEncryptionException xe4) {
        SAML2SDKUtils.debug.error(classMethod + "Failed to load encrypted key", xe4);
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedLoadingEncryptedKey"));
    }
    if ((encryptedKey != null) && (encryptedData != null)) {
        XMLCipher keyCipher;
        try {
            keyCipher = XMLCipher.getInstance();
        } catch (XMLEncryptionException xe5) {
            SAML2SDKUtils.debug.error(classMethod + "Failed to get a cipher instance for decrypting secret key.", xe5);
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("noCipher"));
        }
        return (SecretKey) getEncryptionKey(keyCipher, privateKeys, encryptedKey, encryptedData.getEncryptionMethod().getAlgorithm());
    }
    return null;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SecretKey(javax.crypto.SecretKey) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) Element(org.w3c.dom.Element) NodeList(org.w3c.dom.NodeList) XMLCipher(org.apache.xml.security.encryption.XMLCipher) EncryptedData(org.apache.xml.security.encryption.EncryptedData) Document(org.w3c.dom.Document) XMLEncryptionException(org.apache.xml.security.encryption.XMLEncryptionException)

Example 18 with EncryptedData

use of org.apache.xml.security.encryption.EncryptedData in project OpenAM by OpenRock.

the class AMEncryptionProvider method encryptAndReplace.

/**
     * Encrypts the given XML element in a given XML Context document.
     * @param doc the context XML Document.
     * @param element Element to be encrypted.
     * @param secretKeyAlg Encryption Key Algorithm.
     * @param keyStrength Encryption Key Strength.
     * @param kek Key Encryption Key.
     * @param kekStrength Key Encryption Key Strength,
     * @param providerID Provider ID
     * @param isEncryptResourceID A flag indicates whether it's to encrypt
     * 		ResourceID or not.
     * @return org.w3c.dom.Document EncryptedResourceID XML Document if
     * 		isEncryptResourceID is set. Otherwise, return the XML Document
     *		replaced with encrypted data for a given XML element.
     */
private org.w3c.dom.Document encryptAndReplace(org.w3c.dom.Document doc, org.w3c.dom.Element element, java.lang.String secretKeyAlg, int keyStrength, java.security.Key kek, int kekStrength, String providerID, boolean isEncryptResourceID) throws EncryptionException {
    if (doc == null || element == null || kek == null) {
        EncryptionUtils.debug.error("AMEncryptionProvider.encryptAnd" + "Replace: Null values");
        throw new EncryptionException(EncryptionUtils.bundle.getString("nullValues"));
    }
    SecretKey secretKey = null;
    String secretKeyAlgShortName = getEncryptionAlgorithmShortName(secretKeyAlg);
    if (providerID != null) {
        if (keyMap.containsKey(providerID)) {
            secretKey = (SecretKey) keyMap.get(providerID);
        } else {
            secretKey = generateSecretKey(secretKeyAlgShortName, keyStrength);
            keyMap.put(providerID, secretKey);
        }
    } else {
        secretKey = generateSecretKey(secretKeyAlgShortName, keyStrength);
    }
    if (secretKey == null) {
        throw new EncryptionException(EncryptionUtils.bundle.getString("generateKeyError"));
    }
    try {
        XMLCipher cipher = null;
        String keyEncAlg = kek.getAlgorithm();
        if (keyEncAlg.equals(EncryptionConstants.RSA)) {
            cipher = XMLCipher.getInstance(XMLCipher.RSA_v1dot5);
        } else if (keyEncAlg.equals(EncryptionConstants.TRIPLEDES)) {
            cipher = XMLCipher.getInstance(XMLCipher.TRIPLEDES_KeyWrap);
        } else if (keyEncAlg.equals(EncryptionConstants.AES)) {
            if (kekStrength == 0 || kekStrength == 128) {
                cipher = XMLCipher.getInstance(XMLCipher.AES_128_KeyWrap);
            } else if (kekStrength == 192) {
                cipher = XMLCipher.getInstance(XMLCipher.AES_192_KeyWrap);
            } else if (kekStrength == 256) {
                cipher = XMLCipher.getInstance(XMLCipher.AES_256_KeyWrap);
            } else {
                throw new EncryptionException(EncryptionUtils.bundle.getString("invalidKeyStrength"));
            }
        } else {
            throw new EncryptionException(EncryptionUtils.bundle.getString("unsupportedKeyAlg"));
        }
        // Encrypt the key with key encryption key
        cipher.init(XMLCipher.WRAP_MODE, kek);
        EncryptedKey encryptedKey = cipher.encryptKey(doc, secretKey);
        KeyInfo insideKi = new KeyInfo(doc);
        X509Data x509Data = new X509Data(doc);
        x509Data.addCertificate((X509Certificate) keyProvider.getCertificate((PublicKey) kek));
        insideKi.add(x509Data);
        encryptedKey.setKeyInfo(insideKi);
        String ekID = null;
        if (isEncryptResourceID) {
            ekID = com.sun.identity.saml.common.SAMLUtils.generateID();
            encryptedKey.setId(ekID);
        }
        if (EncryptionUtils.debug.messageEnabled()) {
            EncryptionUtils.debug.message("AMEncryptionProvider.encrypt" + "AndReplace: Encrypted key = " + toString(cipher.martial(doc, encryptedKey)));
        }
        String encAlgorithm = getEncryptionAlgorithm(secretKeyAlgShortName, keyStrength);
        cipher = XMLCipher.getInstance(encAlgorithm);
        cipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
        EncryptedData builder = cipher.getEncryptedData();
        KeyInfo builderKeyInfo = builder.getKeyInfo();
        if (builderKeyInfo == null) {
            builderKeyInfo = new KeyInfo(doc);
            builder.setKeyInfo(builderKeyInfo);
        }
        if (isEncryptResourceID) {
            builderKeyInfo.addKeyName(providerID);
            builderKeyInfo.addRetrievalMethod("#" + ekID, null, "http://www.w3.org/2001/04/xmlenc#EncryptedKey");
        } else {
            builderKeyInfo.add(encryptedKey);
        }
        Document result = cipher.doFinal(doc, element);
        if (isEncryptResourceID) {
            Element ee = (Element) result.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedData").item(0);
            Node parentNode = ee.getParentNode();
            Element newone = result.createElementNS("urn:liberty:disco:2003-08", "EncryptedResourceID");
            parentNode.replaceChild(newone, ee);
            newone.appendChild(ee);
            Element ek = cipher.martial(doc, encryptedKey);
            Element carriedName = doc.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CarriedKeyName");
            carriedName.appendChild(doc.createTextNode(providerID));
            ek.appendChild(carriedName);
            newone.appendChild(ek);
        }
        return result;
    } catch (Exception xe) {
        EncryptionUtils.debug.error("AMEncryptionProvider.encryptAnd" + "Replace: XML Encryption error", xe);
        throw new EncryptionException(xe);
    }
}
Also used : SecretKey(javax.crypto.SecretKey) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) KeyInfo(org.apache.xml.security.keys.KeyInfo) Element(org.w3c.dom.Element) Node(org.w3c.dom.Node) XMLCipher(org.apache.xml.security.encryption.XMLCipher) EncryptedData(org.apache.xml.security.encryption.EncryptedData) Document(org.w3c.dom.Document) X509Data(org.apache.xml.security.keys.content.X509Data) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Example 19 with EncryptedData

use of org.apache.xml.security.encryption.EncryptedData in project testcases by coheigea.

the class EncryptionUtils method encryptUsingDOM.

/**
 * Encrypt the document using the DOM API of Apache Santuario - XML Security for Java.
 * It encrypts a list of QNames that it finds in the Document via XPath. If a wrappingKey
 * is supplied, this is used to encrypt the encryptingKey + place it in an EncryptedKey
 * structure.
 */
public static void encryptUsingDOM(Document document, List<QName> namesToEncrypt, String algorithm, Key encryptingKey, String keyTransportAlgorithm, PublicKey wrappingKey, boolean content) throws Exception {
    XMLCipher cipher = XMLCipher.getInstance(algorithm);
    cipher.init(XMLCipher.ENCRYPT_MODE, encryptingKey);
    if (wrappingKey != null) {
        XMLCipher newCipher = XMLCipher.getInstance(keyTransportAlgorithm);
        newCipher.init(XMLCipher.WRAP_MODE, wrappingKey);
        EncryptedKey encryptedKey = newCipher.encryptKey(document, encryptingKey);
        // Create a KeyInfo for the EncryptedKey
        KeyInfo encryptedKeyKeyInfo = encryptedKey.getKeyInfo();
        if (encryptedKeyKeyInfo == null) {
            encryptedKeyKeyInfo = new KeyInfo(document);
            encryptedKeyKeyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
            encryptedKey.setKeyInfo(encryptedKeyKeyInfo);
        }
        encryptedKeyKeyInfo.add(wrappingKey);
        // Create a KeyInfo for the EncryptedData
        EncryptedData builder = cipher.getEncryptedData();
        KeyInfo builderKeyInfo = builder.getKeyInfo();
        if (builderKeyInfo == null) {
            builderKeyInfo = new KeyInfo(document);
            builderKeyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
            builder.setKeyInfo(builderKeyInfo);
        }
        builderKeyInfo.add(encryptedKey);
    }
    XPathFactory xpf = XPathFactory.newInstance();
    XPath xpath = xpf.newXPath();
    xpath.setNamespaceContext(new DSNamespaceContext());
    for (QName nameToEncrypt : namesToEncrypt) {
        String expression = "//*[local-name()='" + nameToEncrypt.getLocalPart() + "']";
        NodeList elementsToEncrypt = (NodeList) xpath.evaluate(expression, document, XPathConstants.NODESET);
        for (int i = 0; i < elementsToEncrypt.getLength(); i++) {
            Element elementToEncrypt = (Element) elementsToEncrypt.item(i);
            Assert.assertNotNull(elementToEncrypt);
            document = cipher.doFinal(document, elementToEncrypt, content);
        }
    }
    String expression = "//xenc:EncryptedData[1]";
    Element encElement = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
    Assert.assertNotNull(encElement);
}
Also used : XPath(javax.xml.xpath.XPath) XPathFactory(javax.xml.xpath.XPathFactory) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) KeyInfo(org.apache.xml.security.keys.KeyInfo) QName(javax.xml.namespace.QName) NodeList(org.w3c.dom.NodeList) Element(org.w3c.dom.Element) XMLCipher(org.apache.xml.security.encryption.XMLCipher) EncryptedData(org.apache.xml.security.encryption.EncryptedData)

Example 20 with EncryptedData

use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.

the class KeyWrapEncryptionCreationTest method decryptUsingDOM.

private Document decryptUsingDOM(Document document, Key keyWrappingKey) throws Exception {
    NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(), XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart());
    Element ee = (Element) nodeList.item(0);
    // Need to pre-load the Encrypted Data so we can get the key info
    XMLCipher cipher = XMLCipher.getInstance();
    cipher.init(XMLCipher.DECRYPT_MODE, null);
    EncryptedData encryptedData = cipher.loadEncryptedData(document, ee);
    XMLCipher kwCipher = XMLCipher.getInstance();
    kwCipher.init(XMLCipher.UNWRAP_MODE, keyWrappingKey);
    KeyInfo ki = encryptedData.getKeyInfo();
    EncryptedKey encryptedKey = ki.itemEncryptedKey(0);
    Key symmetricKey = kwCipher.decryptKey(encryptedKey, encryptedData.getEncryptionMethod().getAlgorithm());
    cipher.init(XMLCipher.DECRYPT_MODE, symmetricKey);
    return cipher.doFinal(document, ee);
}
Also used : KeyInfo(org.apache.xml.security.keys.KeyInfo) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) NodeList(org.w3c.dom.NodeList) Element(org.w3c.dom.Element) XMLCipher(org.apache.xml.security.encryption.XMLCipher) EncryptedData(org.apache.xml.security.encryption.EncryptedData) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) Key(java.security.Key) SecretKey(javax.crypto.SecretKey)

Aggregations

EncryptedData (org.apache.xml.security.encryption.EncryptedData)30 Element (org.w3c.dom.Element)26 EncryptedKey (org.apache.xml.security.encryption.EncryptedKey)24 XMLCipher (org.apache.xml.security.encryption.XMLCipher)21 Document (org.w3c.dom.Document)21 SecretKey (javax.crypto.SecretKey)20 KeyInfo (org.apache.xml.security.keys.KeyInfo)18 Key (java.security.Key)17 PrivateKey (java.security.PrivateKey)15 PublicKey (java.security.PublicKey)12 NodeList (org.w3c.dom.NodeList)10 SecretKeySpec (javax.crypto.spec.SecretKeySpec)7 XPath (javax.xml.xpath.XPath)5 XPathFactory (javax.xml.xpath.XPathFactory)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 KeyGenerator (javax.crypto.KeyGenerator)4 DSNamespaceContext (org.apache.xml.security.test.dom.DSNamespaceContext)4 SecretKeyFactory (javax.crypto.SecretKeyFactory)3 DESedeKeySpec (javax.crypto.spec.DESedeKeySpec)3 DocumentBuilder (javax.xml.parsers.DocumentBuilder)3