Search in sources :

Example 51 with EncryptedKey

use of org.apache.xml.security.encryption.EncryptedKey in project santuario-java by apache.

the class KeyWrapEncryptionAlgorithmTest method testCamellia256KW.

@org.junit.Test
public void testCamellia256KW() throws Exception {
    org.junit.Assume.assumeTrue(bcInstalled);
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set up the Key
    KeyGenerator keygen = KeyGenerator.getInstance("Camellia");
    keygen.init(256);
    SecretKey key = keygen.generateKey();
    // Set up the Key Wrapping Key
    XMLCipher cipher = XMLCipher.getInstance(XMLCipher.CAMELLIA_256_KeyWrap);
    keygen = KeyGenerator.getInstance("Camellia");
    keygen.init(256);
    SecretKey keyWrappingKey = keygen.generateKey();
    cipher.init(XMLCipher.WRAP_MODE, keyWrappingKey);
    EncryptedKey encryptedKey = cipher.encryptKey(document, key);
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    String encryptionAlgorithm = XMLCipher.CAMELLIA_256;
    encrypt(encryptedKey, encryptionAlgorithm, document, localNames, key);
    // Check the CreditCard encrypted ok
    NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 0);
    // XMLUtils.outputDOM(document, System.out);
    document = decrypt(document, keyWrappingKey);
    // Check the CreditCard decrypted ok
    nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 1);
}
Also used : SecretKey(javax.crypto.SecretKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) InputStream(java.io.InputStream) NodeList(org.w3c.dom.NodeList) ArrayList(java.util.ArrayList) XMLCipher(org.apache.xml.security.encryption.XMLCipher) Document(org.w3c.dom.Document) KeyGenerator(javax.crypto.KeyGenerator)

Example 52 with EncryptedKey

use of org.apache.xml.security.encryption.EncryptedKey in project keycloak by keycloak.

the class XMLEncryptionUtil method decryptElementInDocument.

/**
 * Decrypt an encrypted element inside a document
 *
 * @param documentWithEncryptedElement
 * @param privateKey key need to unwrap the encryption key
 *
 * @return the document with the encrypted element replaced by the data element
 */
public static Element decryptElementInDocument(Document documentWithEncryptedElement, PrivateKey privateKey) throws ProcessingException {
    if (documentWithEncryptedElement == null)
        throw logger.nullArgumentError("Input document is null");
    // Look for encrypted data element
    Element documentRoot = documentWithEncryptedElement.getDocumentElement();
    Element encDataElement = getNextElementNode(documentRoot.getFirstChild());
    if (encDataElement == null)
        throw logger.domMissingElementError("No element representing the encrypted data found");
    // Look at siblings for the key
    Element encKeyElement = getNextElementNode(encDataElement.getNextSibling());
    if (encKeyElement == null) {
        // Search the enc data element for enc key
        NodeList nodeList = encDataElement.getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_ENCRYPTEDKEY);
        if (nodeList == null || nodeList.getLength() == 0)
            throw logger.nullValueError("Encrypted Key not found in the enc data");
        encKeyElement = (Element) nodeList.item(0);
    }
    XMLCipher cipher;
    EncryptedData encryptedData;
    EncryptedKey encryptedKey;
    try {
        cipher = XMLCipher.getInstance();
        cipher.init(XMLCipher.DECRYPT_MODE, null);
        encryptedData = cipher.loadEncryptedData(documentWithEncryptedElement, encDataElement);
        encryptedKey = cipher.loadEncryptedKey(documentWithEncryptedElement, encKeyElement);
    } catch (XMLEncryptionException e1) {
        throw logger.processingError(e1);
    }
    Document decryptedDoc = null;
    if (encryptedData != null && encryptedKey != null) {
        try {
            String encAlgoURL = encryptedData.getEncryptionMethod().getAlgorithm();
            XMLCipher keyCipher = XMLCipher.getInstance();
            keyCipher.init(XMLCipher.UNWRAP_MODE, privateKey);
            Key encryptionKey = keyCipher.decryptKey(encryptedKey, encAlgoURL);
            cipher = XMLCipher.getInstance();
            cipher.init(XMLCipher.DECRYPT_MODE, encryptionKey);
            decryptedDoc = cipher.doFinal(documentWithEncryptedElement, encDataElement);
        } catch (Exception e) {
            throw logger.processingError(e);
        }
    }
    if (decryptedDoc == null) {
        throw logger.nullValueError("decryptedDoc");
    }
    Element decryptedRoot = decryptedDoc.getDocumentElement();
    Element dataElement = getNextElementNode(decryptedRoot.getFirstChild());
    if (dataElement == null)
        throw logger.nullValueError("Data Element after encryption is null");
    decryptedRoot.removeChild(dataElement);
    decryptedDoc.replaceChild(dataElement, decryptedRoot);
    return decryptedDoc.getDocumentElement();
}
Also used : EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) Element(org.w3c.dom.Element) NodeList(org.w3c.dom.NodeList) XMLCipher(org.apache.xml.security.encryption.XMLCipher) EncryptedData(org.apache.xml.security.encryption.EncryptedData) Document(org.w3c.dom.Document) PublicKey(java.security.PublicKey) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) XMLEncryptionException(org.apache.xml.security.encryption.XMLEncryptionException) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) XMLEncryptionException(org.apache.xml.security.encryption.XMLEncryptionException)

Example 53 with EncryptedKey

use of org.apache.xml.security.encryption.EncryptedKey in project keycloak by keycloak.

the class XMLEncryptionUtil method encryptElement.

/**
 * Given an element in a Document, encrypt the element and replace the element in the document with the encrypted
 * data
 *
 * @param elementQName QName of the element that we like to encrypt
 * @param document
 * @param publicKey
 * @param secretKey
 * @param keySize
 * @param wrappingElementQName A QName of an element that will wrap the encrypted element
 * @param addEncryptedKeyInKeyInfo Need for the EncryptedKey to be placed in ds:KeyInfo
 *
 * @throws ProcessingException
 */
public static void encryptElement(QName elementQName, Document document, PublicKey publicKey, SecretKey secretKey, int keySize, QName wrappingElementQName, boolean addEncryptedKeyInKeyInfo) throws ProcessingException {
    if (elementQName == null)
        throw logger.nullArgumentError("elementQName");
    if (document == null)
        throw logger.nullArgumentError("document");
    String wrappingElementPrefix = wrappingElementQName.getPrefix();
    if (wrappingElementPrefix == null || "".equals(wrappingElementPrefix))
        throw logger.wrongTypeError("Wrapping element prefix invalid");
    Element documentElement = DocumentUtil.getElement(document, elementQName);
    if (documentElement == null)
        throw logger.domMissingDocElementError(elementQName.toString());
    XMLCipher cipher = null;
    EncryptedKey encryptedKey = encryptKey(document, secretKey, publicKey, keySize);
    String encryptionAlgorithm = getXMLEncryptionURL(secretKey.getAlgorithm(), keySize);
    // Encrypt the Document
    try {
        cipher = XMLCipher.getInstance(encryptionAlgorithm);
        cipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
    } catch (XMLEncryptionException e1) {
        throw logger.processingError(e1);
    }
    Document encryptedDoc;
    try {
        encryptedDoc = cipher.doFinal(document, documentElement);
    } catch (Exception e) {
        throw logger.processingError(e);
    }
    // The EncryptedKey element is added
    Element encryptedKeyElement = cipher.martial(document, encryptedKey);
    final String wrappingElementName;
    if (StringUtil.isNullOrEmpty(wrappingElementPrefix)) {
        wrappingElementName = wrappingElementQName.getLocalPart();
    } else {
        wrappingElementName = wrappingElementPrefix + ":" + wrappingElementQName.getLocalPart();
    }
    // Create the wrapping element and set its attribute NS
    Element wrappingElement = encryptedDoc.createElementNS(wrappingElementQName.getNamespaceURI(), wrappingElementName);
    if (!StringUtil.isNullOrEmpty(wrappingElementPrefix)) {
        wrappingElement.setAttributeNS(XMLConstants.XMLNS_ATTRIBUTE_NS_URI, "xmlns:" + wrappingElementPrefix, wrappingElementQName.getNamespaceURI());
    }
    // Get Hold of the Cipher Data
    NodeList cipherElements = encryptedDoc.getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_ENCRYPTEDDATA);
    if (cipherElements == null || cipherElements.getLength() == 0)
        throw logger.domMissingElementError("xenc:EncryptedData");
    Element encryptedDataElement = (Element) cipherElements.item(0);
    Node parentOfEncNode = encryptedDataElement.getParentNode();
    parentOfEncNode.replaceChild(wrappingElement, encryptedDataElement);
    wrappingElement.appendChild(encryptedDataElement);
    if (addEncryptedKeyInKeyInfo) {
        // Outer ds:KeyInfo Element to hold the EncryptionKey
        Element sigElement = encryptedDoc.createElementNS(XMLSignature.XMLNS, DS_KEY_INFO);
        sigElement.setAttributeNS(XMLConstants.XMLNS_ATTRIBUTE_NS_URI, "xmlns:ds", XMLSignature.XMLNS);
        sigElement.appendChild(encryptedKeyElement);
        // Insert the Encrypted key before the CipherData element
        NodeList nodeList = encryptedDoc.getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_CIPHERDATA);
        if (nodeList == null || nodeList.getLength() == 0)
            throw logger.domMissingElementError("xenc:CipherData");
        Element cipherDataElement = (Element) nodeList.item(0);
        Node cipherParent = cipherDataElement.getParentNode();
        cipherParent.insertBefore(sigElement, cipherDataElement);
    } else {
        // Add the encrypted key as a child of the wrapping element
        wrappingElement.appendChild(encryptedKeyElement);
    }
}
Also used : EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) Element(org.w3c.dom.Element) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) XMLCipher(org.apache.xml.security.encryption.XMLCipher) Document(org.w3c.dom.Document) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) XMLEncryptionException(org.apache.xml.security.encryption.XMLEncryptionException) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) XMLEncryptionException(org.apache.xml.security.encryption.XMLEncryptionException)

Example 54 with EncryptedKey

use of org.apache.xml.security.encryption.EncryptedKey in project keycloak by keycloak.

the class XMLEncryptionUtil method encryptElementInDocument.

/**
 * Encrypt the root document element inside a Document. <b>NOTE:</b> The document root element will be replaced by
 * the
 * wrapping element.
 *
 * @param document Document that contains an element to encrypt
 * @param publicKey The Public Key used to encrypt the secret encryption key
 * @param secretKey The secret encryption key
 * @param keySize Length of key
 * @param wrappingElementQName QName of the element to be used to wrap around the cipher data.
 * @param addEncryptedKeyInKeyInfo Should the encrypted key be inside a KeyInfo or added as a peer of Cipher Data
 *
 * @return An element that has the wrappingElementQName
 *
 * @throws ProcessingException
 * @throws org.keycloak.saml.common.exceptions.ConfigurationException
 */
public static Element encryptElementInDocument(Document document, PublicKey publicKey, SecretKey secretKey, int keySize, QName wrappingElementQName, boolean addEncryptedKeyInKeyInfo) throws ProcessingException, ConfigurationException {
    String wrappingElementPrefix = wrappingElementQName.getPrefix();
    if (wrappingElementPrefix == null || "".equals(wrappingElementPrefix))
        throw logger.wrongTypeError("Wrapping element prefix invalid");
    XMLCipher cipher = null;
    EncryptedKey encryptedKey = encryptKey(document, secretKey, publicKey, keySize);
    String encryptionAlgorithm = getXMLEncryptionURL(secretKey.getAlgorithm(), keySize);
    // Encrypt the Document
    try {
        cipher = XMLCipher.getInstance(encryptionAlgorithm);
        cipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
    } catch (XMLEncryptionException e1) {
        throw logger.configurationError(e1);
    }
    Document encryptedDoc;
    try {
        encryptedDoc = cipher.doFinal(document, document.getDocumentElement());
    } catch (Exception e) {
        throw logger.processingError(e);
    }
    // The EncryptedKey element is added
    Element encryptedKeyElement = cipher.martial(document, encryptedKey);
    final String wrappingElementName;
    if (StringUtil.isNullOrEmpty(wrappingElementPrefix)) {
        wrappingElementName = wrappingElementQName.getLocalPart();
    } else {
        wrappingElementName = wrappingElementPrefix + ":" + wrappingElementQName.getLocalPart();
    }
    // Create the wrapping element and set its attribute NS
    Element wrappingElement = encryptedDoc.createElementNS(wrappingElementQName.getNamespaceURI(), wrappingElementName);
    if (!StringUtil.isNullOrEmpty(wrappingElementPrefix)) {
        wrappingElement.setAttributeNS(XMLConstants.XMLNS_ATTRIBUTE_NS_URI, "xmlns:" + wrappingElementPrefix, wrappingElementQName.getNamespaceURI());
    }
    Element encryptedDocRootElement = encryptedDoc.getDocumentElement();
    // Bring in the encrypted wrapping element to wrap the root node
    encryptedDoc.replaceChild(wrappingElement, encryptedDocRootElement);
    wrappingElement.appendChild(encryptedDocRootElement);
    if (addEncryptedKeyInKeyInfo) {
        // Outer ds:KeyInfo Element to hold the EncryptionKey
        Element sigElement = encryptedDoc.createElementNS(XMLSignature.XMLNS, DS_KEY_INFO);
        sigElement.setAttributeNS(XMLConstants.XMLNS_ATTRIBUTE_NS_URI, "xmlns:ds", XMLSignature.XMLNS);
        sigElement.appendChild(encryptedKeyElement);
        // Insert the Encrypted key before the CipherData element
        NodeList nodeList = encryptedDocRootElement.getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_CIPHERDATA);
        if (nodeList == null || nodeList.getLength() == 0)
            throw logger.domMissingElementError("xenc:CipherData");
        Element cipherDataElement = (Element) nodeList.item(0);
        encryptedDocRootElement.insertBefore(sigElement, cipherDataElement);
    } else {
        // Add the encrypted key as a child of the wrapping element
        wrappingElement.appendChild(encryptedKeyElement);
    }
    return encryptedDoc.getDocumentElement();
}
Also used : EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) Element(org.w3c.dom.Element) NodeList(org.w3c.dom.NodeList) XMLCipher(org.apache.xml.security.encryption.XMLCipher) Document(org.w3c.dom.Document) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) XMLEncryptionException(org.apache.xml.security.encryption.XMLEncryptionException) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) XMLEncryptionException(org.apache.xml.security.encryption.XMLEncryptionException)

Aggregations

EncryptedKey (org.apache.xml.security.encryption.EncryptedKey)54 XMLCipher (org.apache.xml.security.encryption.XMLCipher)44 Document (org.w3c.dom.Document)43 SecretKey (javax.crypto.SecretKey)38 NodeList (org.w3c.dom.NodeList)35 DocumentBuilder (javax.xml.parsers.DocumentBuilder)28 KeyGenerator (javax.crypto.KeyGenerator)27 InputStream (java.io.InputStream)23 ArrayList (java.util.ArrayList)23 Key (java.security.Key)21 Element (org.w3c.dom.Element)20 EncryptedData (org.apache.xml.security.encryption.EncryptedData)18 PrivateKey (java.security.PrivateKey)16 KeyInfo (org.apache.xml.security.keys.KeyInfo)16 ByteArrayInputStream (java.io.ByteArrayInputStream)12 ByteArrayOutputStream (java.io.ByteArrayOutputStream)12 XMLStreamReader (javax.xml.stream.XMLStreamReader)12 DOMSource (javax.xml.transform.dom.DOMSource)12 StreamResult (javax.xml.transform.stream.StreamResult)12 InboundXMLSec (org.apache.xml.security.stax.ext.InboundXMLSec)12