use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.
the class XMLCipherTest method testAES192Element3DESKWCipher.
/**
* Test encryption using a generated AES 192 bit key that is
* encrypted using a 3DES key. Then reverse by decrypting
* EncryptedKey by hand
*/
@org.junit.Test
public void testAES192Element3DESKWCipher() throws Exception {
// source
Document d = document();
Document ed = null;
Document dd = null;
Element e = (Element) d.getElementsByTagName(element()).item(index());
Element ee = null;
String source = null;
String target = null;
if (haveISOPadding && haveKeyWraps) {
source = toString(d);
// Set up a Key Encryption Key
byte[] bits192 = "abcdefghijklmnopqrstuvwx".getBytes();
DESedeKeySpec keySpec = new DESedeKeySpec(bits192);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
Key kek = keyFactory.generateSecret(keySpec);
// Generate a traffic key
KeyGenerator keygen = KeyGenerator.getInstance("AES");
keygen.init(192);
Key key = keygen.generateKey();
cipher = XMLCipher.getInstance(XMLCipher.TRIPLEDES_KeyWrap);
cipher.init(XMLCipher.WRAP_MODE, kek);
EncryptedKey encryptedKey = cipher.encryptKey(d, key);
// encrypt
cipher = XMLCipher.getInstance(XMLCipher.AES_192);
cipher.init(XMLCipher.ENCRYPT_MODE, key);
EncryptedData builder = cipher.getEncryptedData();
KeyInfo builderKeyInfo = builder.getKeyInfo();
if (builderKeyInfo == null) {
builderKeyInfo = new KeyInfo(d);
builder.setKeyInfo(builderKeyInfo);
}
builderKeyInfo.add(encryptedKey);
ed = cipher.doFinal(d, e);
// decrypt
key = null;
ee = (Element) ed.getElementsByTagName("xenc:EncryptedData").item(0);
cipher = XMLCipher.getInstance();
cipher.init(XMLCipher.DECRYPT_MODE, null);
EncryptedData encryptedData = cipher.loadEncryptedData(ed, ee);
if (encryptedData == null) {
System.out.println("ed is null");
} else if (encryptedData.getKeyInfo() == null) {
System.out.println("ki is null");
}
EncryptedKey ek = encryptedData.getKeyInfo().itemEncryptedKey(0);
if (ek != null) {
XMLCipher keyCipher = XMLCipher.getInstance();
keyCipher.init(XMLCipher.UNWRAP_MODE, kek);
key = keyCipher.decryptKey(ek, encryptedData.getEncryptionMethod().getAlgorithm());
}
// Create a new cipher just to be paranoid
XMLCipher cipher3 = XMLCipher.getInstance();
cipher3.init(XMLCipher.DECRYPT_MODE, key);
dd = cipher3.doFinal(ed, ee);
target = toString(dd);
assertEquals(source, target);
} else {
LOG.warn("Test testAES192Element3DESKWCipher skipped as " + "necessary algorithms not available");
}
}
use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.
the class XMLEncryption11Test method decryptElement.
/**
* Method decryptElement
*
* Take a key, encryption type and a document, find an encrypted element
* decrypt it and return the resulting document
*
* @param filename File to decrypt from
* @param key The Key to use for decryption
*/
private Document decryptElement(Document doc, Key rsaKey, X509Certificate rsaCert) throws Exception {
// Create the XMLCipher element
XMLCipher cipher = XMLCipher.getInstance();
// Need to pre-load the Encrypted Data so we can get the key info
Element ee = (Element) doc.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedData").item(0);
cipher.init(XMLCipher.DECRYPT_MODE, null);
EncryptedData encryptedData = cipher.loadEncryptedData(doc, ee);
KeyInfo ki = encryptedData.getKeyInfo();
EncryptedKey encryptedKey = ki.itemEncryptedKey(0);
KeyInfo kiek = encryptedKey.getKeyInfo();
X509Data certData = kiek.itemX509Data(0);
XMLX509Certificate xcert = certData.itemCertificate(0);
X509Certificate cert = xcert.getX509Certificate();
assertTrue(rsaCert.equals(cert));
XMLCipher cipher2 = XMLCipher.getInstance();
cipher2.init(XMLCipher.UNWRAP_MODE, rsaKey);
Key key = cipher2.decryptKey(encryptedKey, encryptedData.getEncryptionMethod().getAlgorithm());
cipher.init(XMLCipher.DECRYPT_MODE, key);
Document dd = cipher.doFinal(doc, ee);
return dd;
}
use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.
the class BaltimoreEncTest method decryptElement.
/**
* Method decryptElement
*
* Take a key, encryption type and a file, find an encrypted element
* decrypt it and return the resulting document
*
* @param filename File to decrypt from
*/
private Document decryptElement(String filename) throws Exception {
XMLCipher cipher;
// Parse the document in question
String basedir = System.getProperty("basedir");
if (basedir != null && !"".equals(basedir)) {
filename = basedir + "/" + filename;
}
File f = new File(filename);
DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
Document doc = db.parse(new java.io.FileInputStream(f));
// Now we have the document, lets build the XMLCipher element
Element ee = null;
// Create the XMLCipher element
cipher = XMLCipher.getInstance();
// Need to pre-load the Encrypted Data so we can get the key info
ee = (Element) doc.getElementsByTagName("EncryptedData").item(0);
cipher.init(XMLCipher.DECRYPT_MODE, null);
EncryptedData encryptedData = cipher.loadEncryptedData(doc, ee);
Key key = findKey(encryptedData);
cipher.init(XMLCipher.DECRYPT_MODE, key);
Document dd = cipher.doFinal(doc, ee);
return dd;
}
use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.
the class BaltimoreEncTest method decryptData.
/**
* Method decryptData
*
* Take a file, find an encrypted element decrypt it and return the
* resulting byte array
*
* @param filename File to decrypt from
*/
private byte[] decryptData(String filename) throws Exception {
XMLCipher cipher;
// Parse the document in question
String basedir = System.getProperty("basedir");
if (basedir != null && !"".equals(basedir)) {
filename = basedir + "/" + filename;
}
File f = new File(filename);
DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
Document doc = db.parse(new java.io.FileInputStream(f));
// Now we have the document, lets build the XMLCipher element
Element ee = null;
// Create the XMLCipher element
cipher = XMLCipher.getInstance();
// Need to pre-load the Encrypted Data so we can get the key info
ee = (Element) doc.getElementsByTagName("EncryptedData").item(0);
cipher.init(XMLCipher.DECRYPT_MODE, null);
EncryptedData encryptedData = cipher.loadEncryptedData(doc, ee);
Key key = findKey(encryptedData);
cipher.init(XMLCipher.DECRYPT_MODE, key);
return cipher.decryptToByteArray(ee);
}
use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.
the class EncryptContentTest method testMultipleKeyInfoElements.
/**
* See SANTUARIO-301:
* https://issues.apache.org/jira/browse/SANTUARIO-301
*/
@org.junit.Test
public void testMultipleKeyInfoElements() throws Exception {
if (!haveISOPadding) {
LOG.warn("Test testMultipleKeyInfoElements skipped as necessary algorithms not available");
return;
}
Document doc = null;
try (InputStream is = new ByteArrayInputStream(MULTIPLE_USER_DATA.getBytes(StandardCharsets.UTF_8))) {
doc = db.parse(is);
}
NodeList dataToEncrypt = doc.getElementsByTagName("user");
XMLCipher dataCipher = XMLCipher.getInstance(XMLCipher.TRIPLEDES);
dataCipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
KeyInfo keyInfo = new KeyInfo(doc);
keyInfo.addKeyName("mykey");
EncryptedData encryptedData = dataCipher.getEncryptedData();
encryptedData.setKeyInfo(keyInfo);
for (int i = 0; i < dataToEncrypt.getLength(); i++) {
dataCipher.doFinal(doc, (Element) dataToEncrypt.item(i), true);
}
NodeList keyInfoList = doc.getElementsByTagNameNS(Constants.SignatureSpecNS, "KeyInfo");
assertEquals(keyInfoList.getLength(), 2);
}
Aggregations