Example 1 with EncryptedKey
use of org.apache.xml.security.encryption.EncryptedKey in project OpenAM by OpenRock.
the class AMEncryptionProvider method decryptAndReplace.
/**
* Decrypts an XML Document that contains encrypted data.
* @param encryptedDoc XML Document with encrypted data.
* @param privKey Key Encryption Key used for encryption.
* @return org.w3c.dom.Document Decrypted XML Document.
*/
public Document decryptAndReplace(Document encryptedDoc, java.security.Key privKey) throws EncryptionException {
EncryptionUtils.debug.message("************IN DECRYPT *************");
if (encryptedDoc == null) {
throw new EncryptionException(EncryptionUtils.bundle.getString("null encrypted doc"));
}
if (EncryptionUtils.debug.messageEnabled()) {
EncryptionUtils.debug.message("AMEncryptionProvider.decrypt" + "AndReplace: input encrypted DOC = " + XMLUtils.print(encryptedDoc));
}
Key encryptionKey = null;
Document decryptedDoc = null;
EncryptedKey encryptedKey = null;
Element encryptedElementNext = null;
XMLCipher cipher = null;
NodeList nodes = encryptedDoc.getElementsByTagNameNS(EncryptionConstants.ENC_XML_NS, "EncryptedData");
int length = nodes.getLength();
if (nodes == null || length == 0) {
return encryptedDoc;
}
/**
* Check for the encrypted key after the encrypted data.
* if found, use that symmetric key for the decryption., otherwise
* check if there's one in the encrypted data.
*/
Element encryptedElem = (Element) encryptedDoc.getElementsByTagNameNS(EncryptionConstants.ENC_XML_NS, "EncryptedKey").item(0);
try {
cipher = XMLCipher.getInstance();
cipher.init(XMLCipher.DECRYPT_MODE, null);
} catch (Exception xe) {
EncryptionUtils.debug.error("AMEncryptionProvider.decrypt" + "AndReplace: XML Decryption error for XMLCipher init :", xe);
throw new EncryptionException(xe);
}
int i = 0;
Element encryptedElement = (Element) nodes.item(i);
while (i < length) {
try {
if (EncryptionUtils.debug.messageEnabled()) {
EncryptionUtils.debug.message("AMEncryptionProvider.decrypt" + "AndReplace: encrypted element (" + i + ") = " + XMLUtils.print(encryptedElement));
}
EncryptedData encryptedData = cipher.loadEncryptedData(encryptedDoc, encryptedElement);
if (encryptedKey == null) {
encryptedKey = cipher.loadEncryptedKey(encryptedDoc, encryptedElem);
if (encryptedKey == null) {
encryptedKey = encryptedData.getKeyInfo().itemEncryptedKey(0);
}
}
if (EncryptionUtils.debug.messageEnabled()) {
EncryptionUtils.debug.message("AMEncryptionProvider.decrypt" + "AndReplace: Encrypted key = " + toString(cipher.martial(encryptedDoc, encryptedKey)));
EncryptionUtils.debug.message("AMEncryptionProvider.decrypt" + "AndReplace: Encrypted Data (" + i + ") = " + toString(cipher.martial(encryptedDoc, encryptedData)));
}
if (encryptedKey != null) {
XMLCipher keyCipher = XMLCipher.getInstance();
if (privKey == null) {
privKey = getPrivateKey(encryptedKey.getKeyInfo());
}
keyCipher.init(XMLCipher.UNWRAP_MODE, privKey);
encryptionKey = keyCipher.decryptKey(encryptedKey, encryptedData.getEncryptionMethod().getAlgorithm());
}
cipher = XMLCipher.getInstance();
cipher.init(XMLCipher.DECRYPT_MODE, encryptionKey);
i = i + 1;
if (i < length) {
encryptedElementNext = (Element) nodes.item(i);
}
decryptedDoc = cipher.doFinal(encryptedDoc, encryptedElement);
encryptedElement = encryptedElementNext;
if (EncryptionUtils.debug.messageEnabled()) {
EncryptionUtils.debug.message("AMEncryptionProvider.decrypt" + "AndReplace: decryptedDoc (" + (i - 1) + ") = " + XMLUtils.print(decryptedDoc));
}
} catch (Exception xe) {
EncryptionUtils.debug.error("AMEncryptionProvider.decrypt" + "AndReplace: XML Decryption error.", xe);
throw new EncryptionException(xe);
}
}
if (EncryptionUtils.debug.messageEnabled()) {
EncryptionUtils.debug.message("AMEncryptionProvider.decrypt" + "AndReplace: FINAL decryptedDoc = " + XMLUtils.print(decryptedDoc));
}
return decryptedDoc;
}
Also used :
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
Element(org.w3c.dom.Element)
NodeList(org.w3c.dom.NodeList)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
EncryptedData(org.apache.xml.security.encryption.EncryptedData)
Document(org.w3c.dom.Document)
PublicKey(java.security.PublicKey)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Example 2 with EncryptedKey
use of org.apache.xml.security.encryption.EncryptedKey in project OpenAM by OpenRock.
the class FMEncProvider method decrypt.
@Override
public Element decrypt(String xmlString, Set<PrivateKey> privateKeys) throws SAML2Exception {
String classMethod = "FMEncProvider.decrypt: ";
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message(classMethod + "Entering ...");
}
if (StringUtils.isEmpty(xmlString) || CollectionUtils.isEmpty(privateKeys)) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
}
Document doc = XMLUtils.toDOMDocument(xmlString, SAML2SDKUtils.debug);
if (doc == null) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorObtainingElement"));
}
Element rootElement = doc.getDocumentElement();
if (rootElement == null) {
SAML2SDKUtils.debug.error(classMethod + "Empty document.");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("emptyDoc"));
}
Element firstChild = getNextElementNode(rootElement.getFirstChild());
if (firstChild == null) {
SAML2SDKUtils.debug.error(classMethod + "Missing the EncryptedData element.");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingElementEncryptedData"));
}
Element secondChild = getNextElementNode(firstChild.getNextSibling());
if (secondChild == null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message(classMethod + "looking for encrytion key inside first child.");
}
NodeList nl = firstChild.getElementsByTagNameNS(SAML2Constants.NS_XMLENC, "EncryptedKey");
if ((nl == null) || (nl.getLength() == 0)) {
SAML2SDKUtils.debug.error(classMethod + "Missing the EncryptedKey element.");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingElementEncryptedKey"));
} else {
// use the first EncryptedKey found
secondChild = (Element) nl.item(0);
}
}
XMLCipher cipher = null;
try {
cipher = XMLCipher.getInstance();
} catch (XMLEncryptionException xe1) {
SAML2SDKUtils.debug.error(classMethod + "Unable to get a cipher instance.", xe1);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("noCipher"));
}
try {
cipher.init(XMLCipher.DECRYPT_MODE, null);
} catch (XMLEncryptionException xe2) {
SAML2SDKUtils.debug.error(classMethod + "Failed to initialize cipher for decryption mode", xe2);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedInitCipherForDecrypt"));
}
EncryptedData encryptedData = null;
try {
encryptedData = cipher.loadEncryptedData(doc, firstChild);
} catch (XMLEncryptionException xe3) {
SAML2SDKUtils.debug.error(classMethod + "Failed to load encrypted data", xe3);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedLoadingEncryptedData"));
}
EncryptedKey encryptedKey = null;
try {
encryptedKey = cipher.loadEncryptedKey(doc, secondChild);
} catch (XMLEncryptionException xe4) {
SAML2SDKUtils.debug.error(classMethod + "Failed to load encrypted key", xe4);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedLoadingEncryptedKey"));
}
Document decryptedDoc = null;
if (encryptedKey != null && encryptedData != null) {
XMLCipher keyCipher = null;
try {
keyCipher = XMLCipher.getInstance();
} catch (XMLEncryptionException xe5) {
SAML2SDKUtils.debug.error(classMethod + "Failed to get a cipher instance " + "for decrypting secret key.", xe5);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("noCipher"));
}
Key encryptionKey = getEncryptionKey(keyCipher, privateKeys, encryptedKey, encryptedData.getEncryptionMethod().getAlgorithm());
cipher = null;
try {
cipher = XMLCipher.getInstance();
} catch (XMLEncryptionException xe8) {
SAML2SDKUtils.debug.error(classMethod + "Failed to get cipher instance for " + "final data decryption.", xe8);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("noCipher"));
}
try {
cipher.init(XMLCipher.DECRYPT_MODE, encryptionKey);
} catch (XMLEncryptionException xe9) {
SAML2SDKUtils.debug.error(classMethod + "Failed to initialize cipher with secret key.", xe9);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedInitCipherForDecrypt"));
}
try {
decryptedDoc = cipher.doFinal(doc, firstChild);
} catch (Exception e) {
SAML2SDKUtils.debug.error(classMethod + "Failed to decrypt data.", e);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedDecryptingData"));
}
}
Element root = decryptedDoc.getDocumentElement();
Element child = getNextElementNode(root.getFirstChild());
if (child == null) {
SAML2SDKUtils.debug.error(classMethod + "decrypted document contains empty element.");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedDecryptingData"));
}
root.removeChild(child);
decryptedDoc.replaceChild(child, root);
return decryptedDoc.getDocumentElement();
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
Element(org.w3c.dom.Element)
NodeList(org.w3c.dom.NodeList)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
EncryptedData(org.apache.xml.security.encryption.EncryptedData)
Document(org.w3c.dom.Document)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
XMLEncryptionException(org.apache.xml.security.encryption.XMLEncryptionException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
XMLEncryptionException(org.apache.xml.security.encryption.XMLEncryptionException)
Example 3 with EncryptedKey
use of org.apache.xml.security.encryption.EncryptedKey in project OpenAM by OpenRock.
the class FMEncProvider method getEncryptionKey.
private Key getEncryptionKey(XMLCipher cipher, Set<PrivateKey> privateKeys, EncryptedKey encryptedKey, String algorithm) throws SAML2Exception {
final String classMethod = "FMEncProvider.getEncryptionKey";
String firstErrorCode = null;
for (Key privateKey : privateKeys) {
try {
cipher.init(XMLCipher.UNWRAP_MODE, privateKey);
} catch (XMLEncryptionException xee) {
SAML2SDKUtils.debug.warning(classMethod + "Failed to initialize cipher in unwrap mode with private key", xee);
if (firstErrorCode == null) {
firstErrorCode = "noCipherForUnwrap";
}
continue;
}
try {
return cipher.decryptKey(encryptedKey, algorithm);
} catch (XMLEncryptionException xee) {
SAML2SDKUtils.debug.error(classMethod + "Failed to decrypt the secret key", xee);
if (firstErrorCode == null) {
firstErrorCode = "failedDecryptingSecretKey";
}
}
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString(firstErrorCode));
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
XMLEncryptionException(org.apache.xml.security.encryption.XMLEncryptionException)
Example 4 with EncryptedKey
use of org.apache.xml.security.encryption.EncryptedKey in project santuario-java by apache.
the class EncryptedKeyResolver method engineLookupAndResolveSecretKey.
/**
* {@inheritDoc}
*/
public SecretKey engineLookupAndResolveSecretKey(Element element, String baseURI, StorageResolver storage) {
if (element == null) {
return null;
}
LOG.debug("EncryptedKeyResolver - Can I resolve {}", element.getTagName());
SecretKey key = null;
boolean isEncryptedKey = XMLUtils.elementIsInEncryptionSpace(element, EncryptionConstants._TAG_ENCRYPTEDKEY);
if (isEncryptedKey) {
LOG.debug("Passed an Encrypted Key");
try {
XMLCipher cipher = XMLCipher.getInstance();
cipher.init(XMLCipher.UNWRAP_MODE, kek);
if (internalKeyResolvers != null) {
int size = internalKeyResolvers.size();
for (int i = 0; i < size; i++) {
cipher.registerInternalKeyResolver(internalKeyResolvers.get(i));
}
}
EncryptedKey ek = cipher.loadEncryptedKey(element);
key = (SecretKey) cipher.decryptKey(ek, algorithm);
} catch (XMLEncryptionException e) {
LOG.debug(e.getMessage(), e);
}
}
return key;
}
Also used :
SecretKey(javax.crypto.SecretKey)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
XMLEncryptionException(org.apache.xml.security.encryption.XMLEncryptionException)
Example 5 with EncryptedKey
use of org.apache.xml.security.encryption.EncryptedKey in project santuario-java by apache.
the class XMLEncryption11Test method testKeyWrappingRSA3072EncryptDecrypt.
/**
* rsa-oaep-mgf1p, Digest:SHA256, MGF:SHA1, PSource: None
*/
@org.junit.Test
public void testKeyWrappingRSA3072EncryptDecrypt() throws Exception {
if (haveISOPadding) {
String keystore = "src/test/resources/org/w3c/www/interop/xmlenc-core-11/RSA-3072_SHA256WithRSA.jks";
String basedir = System.getProperty("basedir");
if (basedir != null && !"".equals(basedir)) {
keystore = basedir + "/" + keystore;
}
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(new java.io.FileInputStream(keystore), "passwd".toCharArray());
Certificate cert = keyStore.getCertificate("importkey");
KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()));
PrivateKey rsaKey = pkEntry.getPrivateKey();
// Perform encryption
String filename = "src/test/resources/org/w3c/www/interop/xmlenc-core-11/plaintext.xml";
if (basedir != null && !"".equals(basedir)) {
filename = basedir + "/" + filename;
}
File f = new File(filename);
DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
Document doc = db.parse(new java.io.FileInputStream(f));
Key sessionKey = getSessionKey("http://www.w3.org/2009/xmlenc11#aes192-gcm");
EncryptedKey encryptedKey = createEncryptedKey(doc, (X509Certificate) cert, sessionKey, "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", "http://www.w3.org/2001/04/xmlenc#sha256", null, null);
doc = encryptDocument(doc, encryptedKey, sessionKey, "http://www.w3.org/2009/xmlenc11#aes192-gcm");
// XMLUtils.outputDOM(doc.getFirstChild(), System.out);
// Perform decryption
Document dd = decryptElement(doc, rsaKey, (X509Certificate) cert);
// XMLUtils.outputDOM(dd.getFirstChild(), System.out);
checkDecryptedDoc(dd, true);
} else {
LOG.warn("Skipping testRSA3072 as necessary " + "crypto algorithms are not available");
}
}
Also used :
PrivateKey(java.security.PrivateKey)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
Document(org.w3c.dom.Document)
KeyStore(java.security.KeyStore)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
File(java.io.File)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
X509Certificate(java.security.cert.X509Certificate)
XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
EncryptedKey (org.apache.xml.security.encryption.EncryptedKey)50
XMLCipher (org.apache.xml.security.encryption.XMLCipher)40
Document (org.w3c.dom.Document)39
SecretKey (javax.crypto.SecretKey)37
NodeList (org.w3c.dom.NodeList)31
DocumentBuilder (javax.xml.parsers.DocumentBuilder)28
KeyGenerator (javax.crypto.KeyGenerator)27
InputStream (java.io.InputStream)23
ArrayList (java.util.ArrayList)23
Key (java.security.Key)20
EncryptedData (org.apache.xml.security.encryption.EncryptedData)17
KeyInfo (org.apache.xml.security.keys.KeyInfo)16
Element (org.w3c.dom.Element)16
PrivateKey (java.security.PrivateKey)15
ByteArrayInputStream (java.io.ByteArrayInputStream)12
ByteArrayOutputStream (java.io.ByteArrayOutputStream)12
XMLStreamReader (javax.xml.stream.XMLStreamReader)12
DOMSource (javax.xml.transform.dom.DOMSource)12
StreamResult (javax.xml.transform.stream.StreamResult)12
InboundXMLSec (org.apache.xml.security.stax.ext.InboundXMLSec)12
