Examples with EncryptedKey org.apache.xml.security.encryption.EncryptedKey used on opensource projects

Example 11 with EncryptedKey

use of org.apache.xml.security.encryption.EncryptedKey in project santuario-java by apache.

the class XMLCipherTest method testAES128ElementAES192KWCipherUsingKEK.

/**
 * Test encryption using a generated AES 128 bit key that is
 * encrypted using a AES 192 bit key.  Then reverse using the KEK
 */
@org.junit.Test
public void testAES128ElementAES192KWCipherUsingKEK() throws Exception {
    // source
    Document d = document();
    Document ed = null;
    Document dd = null;
    Element e = (Element) d.getElementsByTagName(element()).item(index());
    Element ee = null;
    String source = null;
    String target = null;
    if (haveISOPadding && haveKeyWraps) {
        source = toString(d);
        // Set up a Key Encryption Key
        byte[] bits192 = "abcdefghijklmnopqrstuvwx".getBytes();
        Key kek = new SecretKeySpec(bits192, "AES");
        // Generate a traffic key
        KeyGenerator keygen = KeyGenerator.getInstance("AES");
        keygen.init(128);
        Key key = keygen.generateKey();
        cipher = XMLCipher.getInstance(XMLCipher.AES_192_KeyWrap);
        cipher.init(XMLCipher.WRAP_MODE, kek);
        EncryptedKey encryptedKey = cipher.encryptKey(d, key);
        // encrypt
        cipher = XMLCipher.getInstance(XMLCipher.AES_128);
        cipher.init(XMLCipher.ENCRYPT_MODE, key);
        EncryptedData builder = cipher.getEncryptedData();
        KeyInfo builderKeyInfo = builder.getKeyInfo();
        if (builderKeyInfo == null) {
            builderKeyInfo = new KeyInfo(d);
            builder.setKeyInfo(builderKeyInfo);
        }
        builderKeyInfo.add(encryptedKey);
        ed = cipher.doFinal(d, e);
        // decrypt
        key = null;
        ee = (Element) ed.getElementsByTagName("xenc:EncryptedData").item(0);
        cipher = XMLCipher.getInstance(XMLCipher.AES_128);
        cipher.init(XMLCipher.DECRYPT_MODE, null);
        cipher.setKEK(kek);
        dd = cipher.doFinal(ed, ee);
        target = toString(dd);
        assertEquals(source, target);
    } else {
        LOG.warn("Test testAES128ElementAES192KWCipherUsingKEK skipped as " + "necessary algorithms not available");
    }
}

Example 12 with EncryptedKey

use of org.apache.xml.security.encryption.EncryptedKey in project santuario-java by apache.

the class XMLCipherTest method testEncryptedKeyWithRecipient.

@org.junit.Test
public void testEncryptedKeyWithRecipient() throws Exception {
    String filename = "src/test/resources/org/apache/xml/security/encryption/encryptedKey.xml";
    if (basedir != null && !"".equals(basedir)) {
        filename = basedir + "/" + filename;
    }
    File f = new File(filename);
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(f);
    XMLCipher keyCipher = XMLCipher.getInstance();
    keyCipher.init(XMLCipher.UNWRAP_MODE, null);
    NodeList ekList = document.getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_ENCRYPTEDKEY);
    for (int i = 0; i < ekList.getLength(); i++) {
        EncryptedKey ek = keyCipher.loadEncryptedKey(document, (Element) ekList.item(i));
        assertNotNull(ek.getRecipient());
    }
}

Example 13 with EncryptedKey

use of org.apache.xml.security.encryption.EncryptedKey in project santuario-java by apache.

the class XMLCipherTest method testMultipleKEKs.

@org.junit.Test
public void testMultipleKEKs() throws Exception {
    // source
    Document d = document();
    Document ed = null;
    Document dd = null;
    Element e = (Element) d.getElementsByTagName(element()).item(index());
    Element ee = null;
    String source = null;
    String target = null;
    if (haveISOPadding && haveKeyWraps) {
        source = toString(d);
        // Set up Key Encryption Key no. 1
        KeyGenerator keygen = KeyGenerator.getInstance("AES");
        keygen.init(192);
        Key kek1 = keygen.generateKey();
        // Set up Key Encryption Key no. 2
        Key kek2 = keygen.generateKey();
        // Generate a traffic key
        keygen = KeyGenerator.getInstance("AES");
        keygen.init(128);
        Key key = keygen.generateKey();
        cipher = XMLCipher.getInstance(XMLCipher.AES_192_KeyWrap);
        cipher.init(XMLCipher.WRAP_MODE, kek1);
        EncryptedKey encryptedKey1 = cipher.encryptKey(d, key);
        cipher.init(XMLCipher.WRAP_MODE, kek2);
        EncryptedKey encryptedKey2 = cipher.encryptKey(d, key);
        // encrypt
        cipher = XMLCipher.getInstance(XMLCipher.AES_128);
        cipher.init(XMLCipher.ENCRYPT_MODE, key);
        EncryptedData builder = cipher.getEncryptedData();
        KeyInfo builderKeyInfo = builder.getKeyInfo();
        if (builderKeyInfo == null) {
            builderKeyInfo = new KeyInfo(d);
            builder.setKeyInfo(builderKeyInfo);
        }
        builderKeyInfo.add(encryptedKey1);
        builderKeyInfo.add(encryptedKey2);
        ed = cipher.doFinal(d, e);
        // decrypt
        key = null;
        ee = (Element) ed.getElementsByTagName("xenc:EncryptedData").item(0);
        cipher = XMLCipher.getInstance(XMLCipher.AES_128);
        cipher.init(XMLCipher.DECRYPT_MODE, null);
        cipher.setKEK(kek2);
        dd = cipher.doFinal(ed, ee);
        target = toString(dd);
        assertEquals(source, target);
    } else {
        LOG.warn("Test testAES128ElementAES192KWCipherUsingKEK skipped as " + "necessary algorithms not available");
    }
}

Example 14 with EncryptedKey

use of org.apache.xml.security.encryption.EncryptedKey in project santuario-java by apache.

the class KeyResolverTest method testResolvePrivateKey.

/**
 * Encrypt some data, embedded the data encryption key
 * in the message using the key transport algorithm rsa-1_5.
 * Decrypt the data by resolving the Key Encryption Key.
 * This test verifies if a KeyResolver can return a PrivateKey.
 */
@org.junit.Test
public void testResolvePrivateKey() throws Exception {
    // See if AES-128 is available...
    String algorithmId = JCEMapper.translateURItoJCEID(org.apache.xml.security.utils.EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
    boolean haveAES = false;
    if (algorithmId != null) {
        try {
            if (Cipher.getInstance(algorithmId) != null) {
                haveAES = true;
            }
        } catch (NoSuchAlgorithmException nsae) {
        // 
        } catch (NoSuchPaddingException nspe) {
        // 
        }
    }
    if (!haveAES) {
        return;
    }
    // Create a sample XML document
    Document document = XMLUtils.createDocumentBuilder(false).newDocument();
    Element rootElement = document.createElement("root");
    document.appendChild(rootElement);
    Element elem = document.createElement("elem");
    Text text = document.createTextNode("text");
    elem.appendChild(text);
    rootElement.appendChild(elem);
    // Create a data encryption key
    byte[] keyBytes = { 0, 1, 2, 3, 4, 5, 6, 7, 0, 1, 2, 3, 4, 5, 6, 7 };
    SecretKeySpec dataEncryptKey = new SecretKeySpec(keyBytes, "AES");
    // Create public and private keys
    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
    RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger("8710a2bcb2f3fdac177f0ae0461c2dd0ebf72e0d88a5400583a7d8bdabd6" + "ae009d30cfdf6acb5b6a64cdc730bc630a39d946d08babffe62ea20a87e37c93b3b0e8a8e576045b" + "bddfbde83ca9bfa180fe6a5f5eee60661936d728314e809201ef52cd71d9fa3c8ce83f9d30ab5e08" + "1539219e7e45dd6a60be65ac95d2049b8f21", 16), new BigInteger("10001", 16));
    RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(new BigInteger("8710a2bcb2f3fdac177f0ae0461c2dd0ebf72e0d88a5400583a7d8bdabd" + "6ae009d30cfdf6acb5b6a64cdc730bc630a39d946d08babffe62ea20a87e37c93b3b0e8a8e576045" + "bbddfbde83ca9bfa180fe6a5f5eee60661936d728314e809201ef52cd71d9fa3c8ce83f9d30ab5e0" + "81539219e7e45dd6a60be65ac95d2049b8f21", 16), new BigInteger("20c39e569c2aa80cc91e5e6b0d56e49e5bbf78827bf56a546c1d996c597" + "5187cb9a50fa828e5efe51d52f5d112c20bc700b836facadca6e0051afcdfe866841e37d207c0295" + "36ff8674b301e2198b2c56abb0a0313f8ff84c1fcd6fa541aa6e5d9c018fab4784d2940def5dc709" + "ddc714d73b6c23b5d178eaa5933577b8e8ae9", 16));
    RSAPublicKey pubKey = (RSAPublicKey) keyFactory.generatePublic(pubKeySpec);
    RSAPrivateKey privKey = (RSAPrivateKey) keyFactory.generatePrivate(privKeySpec);
    // Encrypt the data encryption key with the key encryption key
    XMLCipher keyCipher = XMLCipher.getInstance(XMLCipher.RSA_v1dot5);
    keyCipher.init(XMLCipher.WRAP_MODE, pubKey);
    EncryptedKey encryptedKey = keyCipher.encryptKey(document, dataEncryptKey);
    String keyName = "testResolvePrivateKey";
    KeyInfo kekInfo = new KeyInfo(document);
    kekInfo.addKeyName(keyName);
    encryptedKey.setKeyInfo(kekInfo);
    // Encrypt the data
    XMLCipher xmlCipher = XMLCipher.getInstance(XMLCipher.AES_128);
    xmlCipher.init(XMLCipher.ENCRYPT_MODE, dataEncryptKey);
    EncryptedData encryptedData = xmlCipher.getEncryptedData();
    KeyInfo keyInfo = new KeyInfo(document);
    keyInfo.add(encryptedKey);
    encryptedData.setKeyInfo(keyInfo);
    xmlCipher.doFinal(document, rootElement, true);
    Element encryptedDataElement = (Element) rootElement.getFirstChild();
    assertEquals("EncryptedData", encryptedDataElement.getLocalName());
    // Decrypt the data by resolving the private key used as the KEK
    // First test with an internal KeyResolver
    MyPrivateKeyResolver.pk = privKey;
    MyPrivateKeyResolver.pkName = keyName;
    decryptDocument(document, new MyPrivateKeyResolver());
    // Now test with a static KeyResolver
    KeyResolver.registerAtStart(MyPrivateKeyResolver.class.getName(), false);
    KeyResolverSpi resolver = KeyResolver.iterator().next();
    assertEquals(MyPrivateKeyResolver.class.getName(), resolver.getClass().getName());
    decryptDocument(document, null);
}

Example 15 with EncryptedKey

use of org.apache.xml.security.encryption.EncryptedKey in project santuario-java by apache.

the class BaltimoreEncTest method findKey.

/**
 * Method findKey
 *
 * Given an encryptedData structure, return the key that will decrypt
 * it
 *
 * @param encryptedData EncryptedData to get key for
 */
private Key findKey(EncryptedData encryptedData) throws Exception {
    KeyInfo ki = encryptedData.getKeyInfo();
    Key key = null;
    Key kek = null;
    if (ki == null) {
        return null;
    }
    // First check for a known key name
    KeyName keyName = ki.itemKeyName(0);
    if (keyName != null) {
        return mapKeyName(keyName.getKeyName());
    }
    // Decrypt any encryptedKey structures
    EncryptedKey encryptedKey = ki.itemEncryptedKey(0);
    if (encryptedKey == null) {
        return null;
    }
    KeyInfo kiek = encryptedKey.getKeyInfo();
    if (kiek == null) {
        return null;
    }
    KeyName kekKeyName = kiek.itemKeyName(0);
    if (kekKeyName != null) {
        kek = mapKeyName(kekKeyName.getKeyName());
    } else {
        X509Data certData = kiek.itemX509Data(0);
        XMLX509Certificate xcert = certData.itemCertificate(0);
        X509Certificate cert = xcert.getX509Certificate();
        if (cert != null && cert.getSerialNumber().toString().equals(rsaCertSerialNumber)) {
            kek = rsaKey;
        }
    }
    if (kek != null) {
        XMLCipher cipher = XMLCipher.getInstance();
        cipher.init(XMLCipher.UNWRAP_MODE, kek);
        key = cipher.decryptKey(encryptedKey, encryptedData.getEncryptionMethod().getAlgorithm());
    }
    return key;
}