Search in sources :

Example 26 with EncryptedData

use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.

the class XMLCipherTest method testAES192Element3DESKWCipher.

/**
 * Test encryption using a generated AES 192 bit key that is
 * encrypted using a 3DES key.  Then reverse by decrypting
 * EncryptedKey by hand
 */
@org.junit.Test
public void testAES192Element3DESKWCipher() throws Exception {
    // source
    Document d = document();
    Document ed = null;
    Document dd = null;
    Element e = (Element) d.getElementsByTagName(element()).item(index());
    Element ee = null;
    String source = null;
    String target = null;
    if (haveISOPadding && haveKeyWraps) {
        source = toString(d);
        // Set up a Key Encryption Key
        byte[] bits192 = "abcdefghijklmnopqrstuvwx".getBytes();
        DESedeKeySpec keySpec = new DESedeKeySpec(bits192);
        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
        Key kek = keyFactory.generateSecret(keySpec);
        // Generate a traffic key
        KeyGenerator keygen = KeyGenerator.getInstance("AES");
        keygen.init(192);
        Key key = keygen.generateKey();
        cipher = XMLCipher.getInstance(XMLCipher.TRIPLEDES_KeyWrap);
        cipher.init(XMLCipher.WRAP_MODE, kek);
        EncryptedKey encryptedKey = cipher.encryptKey(d, key);
        // encrypt
        cipher = XMLCipher.getInstance(XMLCipher.AES_192);
        cipher.init(XMLCipher.ENCRYPT_MODE, key);
        EncryptedData builder = cipher.getEncryptedData();
        KeyInfo builderKeyInfo = builder.getKeyInfo();
        if (builderKeyInfo == null) {
            builderKeyInfo = new KeyInfo(d);
            builder.setKeyInfo(builderKeyInfo);
        }
        builderKeyInfo.add(encryptedKey);
        ed = cipher.doFinal(d, e);
        // decrypt
        key = null;
        ee = (Element) ed.getElementsByTagName("xenc:EncryptedData").item(0);
        cipher = XMLCipher.getInstance();
        cipher.init(XMLCipher.DECRYPT_MODE, null);
        EncryptedData encryptedData = cipher.loadEncryptedData(ed, ee);
        if (encryptedData == null) {
            System.out.println("ed is null");
        } else if (encryptedData.getKeyInfo() == null) {
            System.out.println("ki is null");
        }
        EncryptedKey ek = encryptedData.getKeyInfo().itemEncryptedKey(0);
        if (ek != null) {
            XMLCipher keyCipher = XMLCipher.getInstance();
            keyCipher.init(XMLCipher.UNWRAP_MODE, kek);
            key = keyCipher.decryptKey(ek, encryptedData.getEncryptionMethod().getAlgorithm());
        }
        // Create a new cipher just to be paranoid
        XMLCipher cipher3 = XMLCipher.getInstance();
        cipher3.init(XMLCipher.DECRYPT_MODE, key);
        dd = cipher3.doFinal(ed, ee);
        target = toString(dd);
        assertEquals(source, target);
    } else {
        LOG.warn("Test testAES192Element3DESKWCipher skipped as " + "necessary algorithms not available");
    }
}
Also used : EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) KeyInfo(org.apache.xml.security.keys.KeyInfo) Element(org.w3c.dom.Element) DESedeKeySpec(javax.crypto.spec.DESedeKeySpec) XMLCipher(org.apache.xml.security.encryption.XMLCipher) EncryptedData(org.apache.xml.security.encryption.EncryptedData) Document(org.w3c.dom.Document) SecretKeyFactory(javax.crypto.SecretKeyFactory) KeyGenerator(javax.crypto.KeyGenerator) PublicKey(java.security.PublicKey) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey)

Example 27 with EncryptedData

use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.

the class XMLEncryption11Test method decryptElement.

/**
 * Method decryptElement
 *
 * Take a key, encryption type and a document, find an encrypted element
 * decrypt it and return the resulting document
 *
 * @param filename File to decrypt from
 * @param key The Key to use for decryption
 */
private Document decryptElement(Document doc, Key rsaKey, X509Certificate rsaCert) throws Exception {
    // Create the XMLCipher element
    XMLCipher cipher = XMLCipher.getInstance();
    // Need to pre-load the Encrypted Data so we can get the key info
    Element ee = (Element) doc.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedData").item(0);
    cipher.init(XMLCipher.DECRYPT_MODE, null);
    EncryptedData encryptedData = cipher.loadEncryptedData(doc, ee);
    KeyInfo ki = encryptedData.getKeyInfo();
    EncryptedKey encryptedKey = ki.itemEncryptedKey(0);
    KeyInfo kiek = encryptedKey.getKeyInfo();
    X509Data certData = kiek.itemX509Data(0);
    XMLX509Certificate xcert = certData.itemCertificate(0);
    X509Certificate cert = xcert.getX509Certificate();
    assertTrue(rsaCert.equals(cert));
    XMLCipher cipher2 = XMLCipher.getInstance();
    cipher2.init(XMLCipher.UNWRAP_MODE, rsaKey);
    Key key = cipher2.decryptKey(encryptedKey, encryptedData.getEncryptionMethod().getAlgorithm());
    cipher.init(XMLCipher.DECRYPT_MODE, key);
    Document dd = cipher.doFinal(doc, ee);
    return dd;
}
Also used : XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate) KeyInfo(org.apache.xml.security.keys.KeyInfo) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) Element(org.w3c.dom.Element) XMLCipher(org.apache.xml.security.encryption.XMLCipher) EncryptedData(org.apache.xml.security.encryption.EncryptedData) Document(org.w3c.dom.Document) X509Data(org.apache.xml.security.keys.content.X509Data) X509Certificate(java.security.cert.X509Certificate) XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey)

Example 28 with EncryptedData

use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.

the class BaltimoreEncTest method decryptElement.

/**
 * Method decryptElement
 *
 * Take a key, encryption type and a file, find an encrypted element
 * decrypt it and return the resulting document
 *
 * @param filename File to decrypt from
 */
private Document decryptElement(String filename) throws Exception {
    XMLCipher cipher;
    // Parse the document in question
    String basedir = System.getProperty("basedir");
    if (basedir != null && !"".equals(basedir)) {
        filename = basedir + "/" + filename;
    }
    File f = new File(filename);
    DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
    Document doc = db.parse(new java.io.FileInputStream(f));
    // Now we have the document, lets build the XMLCipher element
    Element ee = null;
    // Create the XMLCipher element
    cipher = XMLCipher.getInstance();
    // Need to pre-load the Encrypted Data so we can get the key info
    ee = (Element) doc.getElementsByTagName("EncryptedData").item(0);
    cipher.init(XMLCipher.DECRYPT_MODE, null);
    EncryptedData encryptedData = cipher.loadEncryptedData(doc, ee);
    Key key = findKey(encryptedData);
    cipher.init(XMLCipher.DECRYPT_MODE, key);
    Document dd = cipher.doFinal(doc, ee);
    return dd;
}
Also used : DocumentBuilder(javax.xml.parsers.DocumentBuilder) Element(org.w3c.dom.Element) XMLCipher(org.apache.xml.security.encryption.XMLCipher) EncryptedData(org.apache.xml.security.encryption.EncryptedData) Document(org.w3c.dom.Document) File(java.io.File) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey)

Example 29 with EncryptedData

use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.

the class BaltimoreEncTest method decryptData.

/**
 * Method decryptData
 *
 * Take a file, find an encrypted element decrypt it and return the
 * resulting byte array
 *
 * @param filename File to decrypt from
 */
private byte[] decryptData(String filename) throws Exception {
    XMLCipher cipher;
    // Parse the document in question
    String basedir = System.getProperty("basedir");
    if (basedir != null && !"".equals(basedir)) {
        filename = basedir + "/" + filename;
    }
    File f = new File(filename);
    DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
    Document doc = db.parse(new java.io.FileInputStream(f));
    // Now we have the document, lets build the XMLCipher element
    Element ee = null;
    // Create the XMLCipher element
    cipher = XMLCipher.getInstance();
    // Need to pre-load the Encrypted Data so we can get the key info
    ee = (Element) doc.getElementsByTagName("EncryptedData").item(0);
    cipher.init(XMLCipher.DECRYPT_MODE, null);
    EncryptedData encryptedData = cipher.loadEncryptedData(doc, ee);
    Key key = findKey(encryptedData);
    cipher.init(XMLCipher.DECRYPT_MODE, key);
    return cipher.decryptToByteArray(ee);
}
Also used : DocumentBuilder(javax.xml.parsers.DocumentBuilder) Element(org.w3c.dom.Element) XMLCipher(org.apache.xml.security.encryption.XMLCipher) EncryptedData(org.apache.xml.security.encryption.EncryptedData) Document(org.w3c.dom.Document) File(java.io.File) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey)

Example 30 with EncryptedData

use of org.apache.xml.security.encryption.EncryptedData in project santuario-java by apache.

the class EncryptContentTest method testMultipleKeyInfoElements.

/**
 * See SANTUARIO-301:
 * https://issues.apache.org/jira/browse/SANTUARIO-301
 */
@org.junit.Test
public void testMultipleKeyInfoElements() throws Exception {
    if (!haveISOPadding) {
        LOG.warn("Test testMultipleKeyInfoElements skipped as necessary algorithms not available");
        return;
    }
    Document doc = null;
    try (InputStream is = new ByteArrayInputStream(MULTIPLE_USER_DATA.getBytes(StandardCharsets.UTF_8))) {
        doc = db.parse(is);
    }
    NodeList dataToEncrypt = doc.getElementsByTagName("user");
    XMLCipher dataCipher = XMLCipher.getInstance(XMLCipher.TRIPLEDES);
    dataCipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
    KeyInfo keyInfo = new KeyInfo(doc);
    keyInfo.addKeyName("mykey");
    EncryptedData encryptedData = dataCipher.getEncryptedData();
    encryptedData.setKeyInfo(keyInfo);
    for (int i = 0; i < dataToEncrypt.getLength(); i++) {
        dataCipher.doFinal(doc, (Element) dataToEncrypt.item(i), true);
    }
    NodeList keyInfoList = doc.getElementsByTagNameNS(Constants.SignatureSpecNS, "KeyInfo");
    assertEquals(keyInfoList.getLength(), 2);
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) KeyInfo(org.apache.xml.security.keys.KeyInfo) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) NodeList(org.w3c.dom.NodeList) XMLCipher(org.apache.xml.security.encryption.XMLCipher) EncryptedData(org.apache.xml.security.encryption.EncryptedData) Document(org.w3c.dom.Document)

Aggregations

EncryptedData (org.apache.xml.security.encryption.EncryptedData)30 Element (org.w3c.dom.Element)26 EncryptedKey (org.apache.xml.security.encryption.EncryptedKey)24 XMLCipher (org.apache.xml.security.encryption.XMLCipher)21 Document (org.w3c.dom.Document)21 SecretKey (javax.crypto.SecretKey)20 KeyInfo (org.apache.xml.security.keys.KeyInfo)18 Key (java.security.Key)17 PrivateKey (java.security.PrivateKey)15 PublicKey (java.security.PublicKey)12 NodeList (org.w3c.dom.NodeList)10 SecretKeySpec (javax.crypto.spec.SecretKeySpec)7 XPath (javax.xml.xpath.XPath)5 XPathFactory (javax.xml.xpath.XPathFactory)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 KeyGenerator (javax.crypto.KeyGenerator)4 DSNamespaceContext (org.apache.xml.security.test.dom.DSNamespaceContext)4 SecretKeyFactory (javax.crypto.SecretKeyFactory)3 DESedeKeySpec (javax.crypto.spec.DESedeKeySpec)3 DocumentBuilder (javax.xml.parsers.DocumentBuilder)3