Example 26 with EncryptedKey
use of org.apache.xml.security.encryption.EncryptedKey in project santuario-java by apache.
the class KeyWrapEncryptionVerificationTest method testTripleDESKW.
@Test
public void testTripleDESKW() throws Exception {
// Read in plaintext document
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(sourceDocument);
// Set up the Key
KeyGenerator keygen = KeyGenerator.getInstance("DESede");
SecretKey key = keygen.generateKey();
// Set up the Key Wrapping Key
XMLCipher cipher = XMLCipher.getInstance(XMLCipher.TRIPLEDES_KeyWrap);
keygen = KeyGenerator.getInstance("DESede");
SecretKey keyWrappingKey = keygen.generateKey();
cipher.init(XMLCipher.WRAP_MODE, keyWrappingKey);
EncryptedKey encryptedKey = cipher.encryptKey(document, key);
// Encrypt using DOM
List<String> localNames = new ArrayList<>();
localNames.add("PaymentInfo");
String encryptionAlgorithm = XMLCipher.TRIPLEDES;
encrypt(encryptedKey, encryptionAlgorithm, document, localNames, key);
// Check the CreditCard encrypted ok
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
Assert.assertEquals(nodeList.getLength(), 0);
// XMLUtils.outputDOM(document, System.out);
// Convert Document to a Stream Reader
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
XMLStreamReader xmlStreamReader = null;
try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
}
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(keyWrappingKey);
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
// Check the CreditCard decrypted ok
nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
Assert.assertEquals(nodeList.getLength(), 1);
}
Also used :
DOMSource(javax.xml.transform.dom.DOMSource)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
StreamResult(javax.xml.transform.stream.StreamResult)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
NodeList(org.w3c.dom.NodeList)
ArrayList(java.util.ArrayList)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec)
Document(org.w3c.dom.Document)
SecretKey(javax.crypto.SecretKey)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
ByteArrayInputStream(java.io.ByteArrayInputStream)
XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties)
TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener)
KeyGenerator(javax.crypto.KeyGenerator)
Test(org.junit.Test)
Example 27 with EncryptedKey
use of org.apache.xml.security.encryption.EncryptedKey in project santuario-java by apache.
the class KeyWrapEncryptionVerificationTest method testAES256KW.
@Test
public void testAES256KW() throws Exception {
// Read in plaintext document
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(sourceDocument);
// Set up the Key
KeyGenerator keygen = KeyGenerator.getInstance("AES");
keygen.init(256);
SecretKey key = keygen.generateKey();
// Set up the Key Wrapping Key
XMLCipher cipher = XMLCipher.getInstance(XMLCipher.AES_256_KeyWrap);
keygen = KeyGenerator.getInstance("AES");
keygen.init(256);
SecretKey keyWrappingKey = keygen.generateKey();
cipher.init(XMLCipher.WRAP_MODE, keyWrappingKey);
EncryptedKey encryptedKey = cipher.encryptKey(document, key);
// Encrypt using DOM
List<String> localNames = new ArrayList<>();
localNames.add("PaymentInfo");
String encryptionAlgorithm = XMLCipher.AES_256;
encrypt(encryptedKey, encryptionAlgorithm, document, localNames, key);
// Check the CreditCard encrypted ok
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
Assert.assertEquals(nodeList.getLength(), 0);
// XMLUtils.outputDOM(document, System.out);
// Convert Document to a Stream Reader
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
final XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(keyWrappingKey);
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
// Check the CreditCard decrypted ok
nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
Assert.assertEquals(nodeList.getLength(), 1);
}
Also used :
DOMSource(javax.xml.transform.dom.DOMSource)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
StreamResult(javax.xml.transform.stream.StreamResult)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
NodeList(org.w3c.dom.NodeList)
ArrayList(java.util.ArrayList)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec)
Document(org.w3c.dom.Document)
SecretKey(javax.crypto.SecretKey)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
ByteArrayInputStream(java.io.ByteArrayInputStream)
XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties)
TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener)
KeyGenerator(javax.crypto.KeyGenerator)
Test(org.junit.Test)
Example 28 with EncryptedKey
use of org.apache.xml.security.encryption.EncryptedKey in project camel by apache.
the class XMLSecurityDataFormat method embedKeyInfoInEncryptedData.
private void embedKeyInfoInEncryptedData(Document document, XMLCipher keyCipher, XMLCipher xmlCipher, Key dataEncryptionkey, Key keyEncryptionKey) throws XMLEncryptionException {
EncryptedKey encryptedKey = keyCipher.encryptKey(document, dataEncryptionkey, mgfAlgorithm, null);
if (addKeyValueForEncryptedKey && keyEncryptionKey instanceof PublicKey) {
KeyInfo keyInfo = new KeyInfo(document);
keyInfo.add((PublicKey) keyEncryptionKey);
encryptedKey.setKeyInfo(keyInfo);
}
KeyInfo keyInfo = new KeyInfo(document);
keyInfo.add(encryptedKey);
EncryptedData encryptedDataElement = xmlCipher.getEncryptedData();
encryptedDataElement.setKeyInfo(keyInfo);
}
Also used :
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
KeyInfo(org.apache.xml.security.keys.KeyInfo)
PublicKey(java.security.PublicKey)
EncryptedData(org.apache.xml.security.encryption.EncryptedData)
Example 29 with EncryptedKey
use of org.apache.xml.security.encryption.EncryptedKey in project OpenAM by OpenRock.
the class FMEncProvider method getSecretKey.
@Override
public SecretKey getSecretKey(String xmlString, Set<PrivateKey> privateKeys) throws SAML2Exception {
String classMethod = "FMEncProvider.getSecretKey: ";
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message(classMethod + "Entering ...");
}
if (xmlString == null || xmlString.length() == 0 || privateKeys == null) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
}
Document doc = XMLUtils.toDOMDocument(xmlString, SAML2SDKUtils.debug);
if (doc == null) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorObtainingElement"));
}
Element rootElement = doc.getDocumentElement();
if (rootElement == null) {
SAML2SDKUtils.debug.error(classMethod + "Empty document.");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("emptyDoc"));
}
Element firstChild = getNextElementNode(rootElement.getFirstChild());
if (firstChild == null) {
SAML2SDKUtils.debug.error(classMethod + "Missing the EncryptedData element.");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingElementEncryptedData"));
}
Element secondChild = getNextElementNode(firstChild.getNextSibling());
if (secondChild == null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message(classMethod + "looking for encrytion key inside first child.");
}
NodeList nl = firstChild.getElementsByTagNameNS(SAML2Constants.NS_XMLENC, "EncryptedKey");
if ((nl == null) || (nl.getLength() == 0)) {
SAML2SDKUtils.debug.error(classMethod + "Missing the EncryptedKey element.");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingElementEncryptedKey"));
} else {
// use the first EncryptedKey found
secondChild = (Element) nl.item(0);
}
}
XMLCipher cipher = null;
try {
cipher = XMLCipher.getInstance();
} catch (XMLEncryptionException xe1) {
SAML2SDKUtils.debug.error(classMethod + "Unable to get a cipher instance.", xe1);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("noCipher"));
}
try {
cipher.init(XMLCipher.DECRYPT_MODE, null);
} catch (XMLEncryptionException xe2) {
SAML2SDKUtils.debug.error(classMethod + "Failed to initialize cipher for decryption mode", xe2);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedInitCipherForDecrypt"));
}
EncryptedData encryptedData = null;
try {
encryptedData = cipher.loadEncryptedData(doc, firstChild);
} catch (XMLEncryptionException xe3) {
SAML2SDKUtils.debug.error(classMethod + "Failed to load encrypted data", xe3);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedLoadingEncryptedData"));
}
EncryptedKey encryptedKey = null;
try {
encryptedKey = cipher.loadEncryptedKey(doc, secondChild);
} catch (XMLEncryptionException xe4) {
SAML2SDKUtils.debug.error(classMethod + "Failed to load encrypted key", xe4);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedLoadingEncryptedKey"));
}
if ((encryptedKey != null) && (encryptedData != null)) {
XMLCipher keyCipher;
try {
keyCipher = XMLCipher.getInstance();
} catch (XMLEncryptionException xe5) {
SAML2SDKUtils.debug.error(classMethod + "Failed to get a cipher instance for decrypting secret key.", xe5);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("noCipher"));
}
return (SecretKey) getEncryptionKey(keyCipher, privateKeys, encryptedKey, encryptedData.getEncryptionMethod().getAlgorithm());
}
return null;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
SecretKey(javax.crypto.SecretKey)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
Element(org.w3c.dom.Element)
NodeList(org.w3c.dom.NodeList)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
EncryptedData(org.apache.xml.security.encryption.EncryptedData)
Document(org.w3c.dom.Document)
XMLEncryptionException(org.apache.xml.security.encryption.XMLEncryptionException)
Example 30 with EncryptedKey
use of org.apache.xml.security.encryption.EncryptedKey in project OpenAM by OpenRock.
the class FMEncProvider method encrypt.
/**
* Encrypts the root element of the given XML document.
* @param xmlString String representing an XML document whose root
* element is to be encrypted.
* @param recipientPublicKey Public key used to encrypt the data encryption
* (secret) key, it is the public key of the
* recipient of the XML document to be encrypted.
* @param secretKey the secret key used to encrypted data.
* @param dataEncAlgorithm Data encryption algorithm.
* @param dataEncStrength Data encryption strength.
* @param recipientEntityID Unique identifier of the recipient, it is used
* as the index to the cached secret key so that
* the key can be reused for the same recipient;
* It can be null in which case the secret key will
* be generated every time and will not be cached
* and reused. Note that the generation of a secret
* key is a relatively expensive operation.
* @param outerElementName Name of the element that will wrap around the
* encrypted data and encrypted key(s) sub-elements
* @return org.w3c.dom.Element Root element of the encypted document; The
* name of this root element is indicated by
* the last input parameter
* @exception SAML2Exception if there is an error during the encryption
* process
*/
public Element encrypt(String xmlString, Key recipientPublicKey, SecretKey secretKey, String dataEncAlgorithm, int dataEncStrength, String recipientEntityID, String outerElementName) throws SAML2Exception {
String classMethod = "FMEncProvider.encrypt: ";
// checking the input parameters
if (xmlString == null || xmlString.length() == 0 || recipientPublicKey == null || dataEncAlgorithm == null || dataEncAlgorithm.length() == 0 || outerElementName == null || outerElementName.length() == 0) {
SAML2SDKUtils.debug.error(classMethod + "Null input parameter(s).");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
}
if (!dataEncAlgorithm.equals(XMLCipher.AES_128) && !dataEncAlgorithm.equals(XMLCipher.AES_192) && !dataEncAlgorithm.equals(XMLCipher.AES_256) && !dataEncAlgorithm.equals(XMLCipher.TRIPLEDES)) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("unsupportedKeyAlg"));
}
if ((dataEncAlgorithm.equals(XMLCipher.AES_128) && dataEncStrength != 128) || (dataEncAlgorithm.equals(XMLCipher.AES_192) && dataEncStrength != 192) || (dataEncAlgorithm.equals(XMLCipher.AES_256) && dataEncStrength != 256)) {
SAML2SDKUtils.debug.error(classMethod + "Data encryption algorithm " + dataEncAlgorithm + "and strength " + dataEncStrength + " mismatch.");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("algSizeMismatch"));
}
Document doc = XMLUtils.toDOMDocument(xmlString, SAML2SDKUtils.debug);
if (doc == null) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorObtainingElement"));
}
if (dataEncStrength <= 0) {
dataEncStrength = 128;
}
Element rootElement = doc.getDocumentElement();
if (rootElement == null) {
SAML2SDKUtils.debug.error(classMethod + "Empty document.");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("emptyDoc"));
}
// start of obtaining secret key
if (secretKey == null) {
if (recipientEntityID != null) {
if (cachedKeys.containsKey(recipientEntityID)) {
secretKey = (SecretKey) cachedKeys.get(recipientEntityID);
} else {
secretKey = generateSecretKey(dataEncAlgorithm, dataEncStrength);
cachedKeys.put(recipientEntityID, secretKey);
}
} else {
secretKey = generateSecretKey(dataEncAlgorithm, dataEncStrength);
}
if (secretKey == null) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorGenerateKey"));
}
}
// end of obtaining secret key
XMLCipher cipher = null;
// start of encrypting the secret key with public key
String publicKeyEncAlg = recipientPublicKey.getAlgorithm();
/* note that the public key encryption algorithm could only
* have three possible values here: "RSA", "AES", "DESede"
*/
try {
if (publicKeyEncAlg.equals(EncryptionConstants.RSA)) {
cipher = XMLCipher.getInstance(XMLCipher.RSA_v1dot5);
} else if (publicKeyEncAlg.equals(EncryptionConstants.TRIPLEDES)) {
cipher = XMLCipher.getInstance(XMLCipher.TRIPLEDES_KeyWrap);
} else if (publicKeyEncAlg.equals(EncryptionConstants.AES)) {
cipher = XMLCipher.getInstance(XMLCipher.AES_128_KeyWrap);
} else {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("unsupportedKeyAlg"));
}
} catch (XMLEncryptionException xe1) {
SAML2SDKUtils.debug.error(classMethod + "Unable to obtain cipher with public key algorithm.", xe1);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("noCipherForPublicKeyAlg"));
}
try {
cipher.init(XMLCipher.WRAP_MODE, recipientPublicKey);
} catch (XMLEncryptionException xe2) {
SAML2SDKUtils.debug.error(classMethod + "Failed to initialize cipher with public key", xe2);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedInitCipherWithPublicKey"));
}
EncryptedKey encryptedKey = null;
try {
encryptedKey = cipher.encryptKey(doc, secretKey);
} catch (XMLEncryptionException xe3) {
SAML2SDKUtils.debug.error(classMethod + "Failed to encrypt secret key with public key", xe3);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedEncryptingSecretKeyWithPublicKey"));
}
// start of doing data encryption
try {
cipher = XMLCipher.getInstance(dataEncAlgorithm);
} catch (XMLEncryptionException xe4) {
SAML2SDKUtils.debug.error(classMethod + "Failed to obtain a cipher for " + "data encryption algorithm" + dataEncAlgorithm, xe4);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("cipherNotAvailableForDataEncAlg"));
}
try {
cipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
} catch (XMLEncryptionException xe5) {
SAML2SDKUtils.debug.error(classMethod + "Failed to initialize cipher with secret key.", xe5);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedInitCipherWithSecretKey"));
}
Document resultDoc = null;
try {
resultDoc = cipher.doFinal(doc, rootElement);
} catch (Exception e) {
SAML2SDKUtils.debug.error(classMethod + "Failed to do the final data encryption.", e);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedEncryptingData"));
}
// end of doing data encryption
// add the EncryptedKey element
Element ek = null;
try {
ek = cipher.martial(doc, encryptedKey);
} catch (Exception xe6) {
SAML2SDKUtils.debug.error(classMethod + "Failed to martial the encrypted key", xe6);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedMartialingEncryptedKey"));
}
String outerElemNS = SAML2Constants.ASSERTION_NAMESPACE_URI;
String outerElemPrefix = "saml";
if (outerElementName.equals("NewEncryptedID")) {
outerElemNS = SAML2Constants.PROTOCOL_NAMESPACE;
outerElemPrefix = "samlp";
}
Element outerElement = resultDoc.createElementNS(outerElemNS, outerElemPrefix + ":" + outerElementName);
outerElement.setAttributeNS(SAML2Constants.NS_XML, "xmlns:" + outerElemPrefix, outerElemNS);
Element ed = resultDoc.getDocumentElement();
resultDoc.replaceChild(outerElement, ed);
outerElement.appendChild(ed);
if (encryptedKeyInKeyInfo) {
// create a ds:KeyInfo Element to include the EncryptionKey
Element dsElement = resultDoc.createElementNS(SAML2Constants.NS_XMLSIG, "ds:KeyInfo");
dsElement.setAttributeNS(SAML2Constants.NS_XML, "xmlns:ds", SAML2Constants.NS_XMLSIG);
dsElement.appendChild(ek);
// find the xenc:CipherData Element inside the encrypted data
NodeList nl = ed.getElementsByTagNameNS(SAML2Constants.NS_XMLENC, "CipherData");
if ((nl == null) || (nl.getLength() == 0)) {
SAML2SDKUtils.debug.error(classMethod + "Unable to find required xenc:CipherData Element.");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedEncryptingData"));
}
Element cipherDataElement = (Element) nl.item(0);
// insert the EncryptedKey before the xenc:CipherData Element
ed.insertBefore(dsElement, cipherDataElement);
} else {
outerElement.appendChild(ek);
}
return resultDoc.getDocumentElement();
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
Element(org.w3c.dom.Element)
NodeList(org.w3c.dom.NodeList)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
Document(org.w3c.dom.Document)
XMLEncryptionException(org.apache.xml.security.encryption.XMLEncryptionException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
XMLEncryptionException(org.apache.xml.security.encryption.XMLEncryptionException)
Aggregations
EncryptedKey (org.apache.xml.security.encryption.EncryptedKey)54
XMLCipher (org.apache.xml.security.encryption.XMLCipher)44
Document (org.w3c.dom.Document)43
SecretKey (javax.crypto.SecretKey)38
NodeList (org.w3c.dom.NodeList)35
DocumentBuilder (javax.xml.parsers.DocumentBuilder)28
KeyGenerator (javax.crypto.KeyGenerator)27
InputStream (java.io.InputStream)23
ArrayList (java.util.ArrayList)23
Key (java.security.Key)21
Element (org.w3c.dom.Element)20
EncryptedData (org.apache.xml.security.encryption.EncryptedData)18
PrivateKey (java.security.PrivateKey)16
KeyInfo (org.apache.xml.security.keys.KeyInfo)16
ByteArrayInputStream (java.io.ByteArrayInputStream)12
ByteArrayOutputStream (java.io.ByteArrayOutputStream)12
XMLStreamReader (javax.xml.stream.XMLStreamReader)12
DOMSource (javax.xml.transform.dom.DOMSource)12
StreamResult (javax.xml.transform.stream.StreamResult)12
InboundXMLSec (org.apache.xml.security.stax.ext.InboundXMLSec)12
