Example 41 with EncryptedKey
use of org.apache.xml.security.encryption.EncryptedKey in project santuario-java by apache.
the class KeyWrapEncryptionVerificationTest method testCamellia128KW.
@Test
public void testCamellia128KW() throws Exception {
org.junit.Assume.assumeTrue(bcInstalled);
// Read in plaintext document
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(sourceDocument);
// Set up the Key
KeyGenerator keygen = KeyGenerator.getInstance("Camellia");
keygen.init(128);
SecretKey key = keygen.generateKey();
// Set up the Key Wrapping Key
XMLCipher cipher = XMLCipher.getInstance(XMLCipher.CAMELLIA_128_KeyWrap);
keygen = KeyGenerator.getInstance("Camellia");
keygen.init(128);
SecretKey keyWrappingKey = keygen.generateKey();
cipher.init(XMLCipher.WRAP_MODE, keyWrappingKey);
EncryptedKey encryptedKey = cipher.encryptKey(document, key);
// Encrypt using DOM
List<String> localNames = new ArrayList<>();
localNames.add("PaymentInfo");
String encryptionAlgorithm = XMLCipher.CAMELLIA_128;
encrypt(encryptedKey, encryptionAlgorithm, document, localNames, key);
// Check the CreditCard encrypted ok
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
Assert.assertEquals(nodeList.getLength(), 0);
// XMLUtils.outputDOM(document, System.out);
// Convert Document to a Stream Reader
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
XMLStreamReader xmlStreamReader = null;
try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
}
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(keyWrappingKey);
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
// Check the CreditCard decrypted ok
nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
Assert.assertEquals(nodeList.getLength(), 1);
}
Also used :
DOMSource(javax.xml.transform.dom.DOMSource)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
StreamResult(javax.xml.transform.stream.StreamResult)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
NodeList(org.w3c.dom.NodeList)
ArrayList(java.util.ArrayList)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec)
Document(org.w3c.dom.Document)
SecretKey(javax.crypto.SecretKey)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
ByteArrayInputStream(java.io.ByteArrayInputStream)
XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties)
TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener)
KeyGenerator(javax.crypto.KeyGenerator)
Test(org.junit.Test)
Example 42 with EncryptedKey
use of org.apache.xml.security.encryption.EncryptedKey in project santuario-java by apache.
the class SymmetricEncryptionVerificationTest method encryptUsingDOM.
/**
* Encrypt the document using DOM APIs and run some tests on the encrypted Document.
*/
private void encryptUsingDOM(String algorithm, SecretKey secretKey, String keyTransportAlgorithm, Key wrappingKey, boolean includeWrappingKeyInfo, Document document, List<String> localNames, boolean content) throws Exception {
XMLCipher cipher = XMLCipher.getInstance(algorithm);
cipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
if (wrappingKey != null) {
XMLCipher newCipher = XMLCipher.getInstance(keyTransportAlgorithm);
newCipher.init(XMLCipher.WRAP_MODE, wrappingKey);
EncryptedKey encryptedKey = newCipher.encryptKey(document, secretKey);
if (includeWrappingKeyInfo && wrappingKey instanceof PublicKey) {
// Create a KeyInfo for the EncryptedKey
KeyInfo encryptedKeyKeyInfo = encryptedKey.getKeyInfo();
if (encryptedKeyKeyInfo == null) {
encryptedKeyKeyInfo = new KeyInfo(document);
encryptedKeyKeyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
encryptedKey.setKeyInfo(encryptedKeyKeyInfo);
}
encryptedKeyKeyInfo.add((PublicKey) wrappingKey);
}
EncryptedData builder = cipher.getEncryptedData();
KeyInfo builderKeyInfo = builder.getKeyInfo();
if (builderKeyInfo == null) {
builderKeyInfo = new KeyInfo(document);
builderKeyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
builder.setKeyInfo(builderKeyInfo);
}
builderKeyInfo.add(encryptedKey);
}
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
for (String localName : localNames) {
String expression = "//*[local-name()='" + localName + "']";
Element elementToEncrypt = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
Assert.assertNotNull(elementToEncrypt);
document = cipher.doFinal(document, elementToEncrypt, content);
}
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(), XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart());
Assert.assertTrue(nodeList.getLength() > 0);
}
Also used :
XPath(javax.xml.xpath.XPath)
XPathFactory(javax.xml.xpath.XPathFactory)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
KeyInfo(org.apache.xml.security.keys.KeyInfo)
PublicKey(java.security.PublicKey)
DSNamespaceContext(org.apache.xml.security.test.dom.DSNamespaceContext)
Element(org.w3c.dom.Element)
NodeList(org.w3c.dom.NodeList)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
EncryptedData(org.apache.xml.security.encryption.EncryptedData)
Example 43 with EncryptedKey
use of org.apache.xml.security.encryption.EncryptedKey in project santuario-java by apache.
the class XMLEncryption11Test method decryptElementDOM.
/**
* Decrypt using DOM API
*/
private Document decryptElementDOM(Document doc, Key rsaKey) throws Exception {
// Create the XMLCipher element
XMLCipher cipher = XMLCipher.getInstance();
// Need to pre-load the Encrypted Data so we can get the key info
Element ee = (Element) doc.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedData").item(0);
cipher.init(XMLCipher.DECRYPT_MODE, null);
EncryptedData encryptedData = cipher.loadEncryptedData(doc, ee);
KeyInfo ki = encryptedData.getKeyInfo();
EncryptedKey encryptedKey = ki.itemEncryptedKey(0);
XMLCipher cipher2 = XMLCipher.getInstance();
cipher2.init(XMLCipher.UNWRAP_MODE, rsaKey);
Key key = cipher2.decryptKey(encryptedKey, encryptedData.getEncryptionMethod().getAlgorithm());
cipher.init(XMLCipher.DECRYPT_MODE, key);
Document dd = cipher.doFinal(doc, ee);
return dd;
}
Also used :
KeyInfo(org.apache.xml.security.keys.KeyInfo)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
Element(org.w3c.dom.Element)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
EncryptedData(org.apache.xml.security.encryption.EncryptedData)
Document(org.w3c.dom.Document)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
Example 44 with EncryptedKey
use of org.apache.xml.security.encryption.EncryptedKey in project santuario-java by apache.
the class XMLCipherTest method testAES192Element3DESKWCipher.
/**
* Test encryption using a generated AES 192 bit key that is
* encrypted using a 3DES key. Then reverse by decrypting
* EncryptedKey by hand
*/
@org.junit.Test
public void testAES192Element3DESKWCipher() throws Exception {
// source
Document d = document();
Document ed = null;
Document dd = null;
Element e = (Element) d.getElementsByTagName(element()).item(index());
Element ee = null;
String source = null;
String target = null;
if (haveISOPadding && haveKeyWraps) {
source = toString(d);
// Set up a Key Encryption Key
byte[] bits192 = "abcdefghijklmnopqrstuvwx".getBytes();
DESedeKeySpec keySpec = new DESedeKeySpec(bits192);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
Key kek = keyFactory.generateSecret(keySpec);
// Generate a traffic key
KeyGenerator keygen = KeyGenerator.getInstance("AES");
keygen.init(192);
Key key = keygen.generateKey();
cipher = XMLCipher.getInstance(XMLCipher.TRIPLEDES_KeyWrap);
cipher.init(XMLCipher.WRAP_MODE, kek);
EncryptedKey encryptedKey = cipher.encryptKey(d, key);
// encrypt
cipher = XMLCipher.getInstance(XMLCipher.AES_192);
cipher.init(XMLCipher.ENCRYPT_MODE, key);
EncryptedData builder = cipher.getEncryptedData();
KeyInfo builderKeyInfo = builder.getKeyInfo();
if (builderKeyInfo == null) {
builderKeyInfo = new KeyInfo(d);
builder.setKeyInfo(builderKeyInfo);
}
builderKeyInfo.add(encryptedKey);
ed = cipher.doFinal(d, e);
// decrypt
key = null;
ee = (Element) ed.getElementsByTagName("xenc:EncryptedData").item(0);
cipher = XMLCipher.getInstance();
cipher.init(XMLCipher.DECRYPT_MODE, null);
EncryptedData encryptedData = cipher.loadEncryptedData(ed, ee);
if (encryptedData == null) {
System.out.println("ed is null");
} else if (encryptedData.getKeyInfo() == null) {
System.out.println("ki is null");
}
EncryptedKey ek = encryptedData.getKeyInfo().itemEncryptedKey(0);
if (ek != null) {
XMLCipher keyCipher = XMLCipher.getInstance();
keyCipher.init(XMLCipher.UNWRAP_MODE, kek);
key = keyCipher.decryptKey(ek, encryptedData.getEncryptionMethod().getAlgorithm());
}
// Create a new cipher just to be paranoid
XMLCipher cipher3 = XMLCipher.getInstance();
cipher3.init(XMLCipher.DECRYPT_MODE, key);
dd = cipher3.doFinal(ed, ee);
target = toString(dd);
assertEquals(source, target);
} else {
LOG.warn("Test testAES192Element3DESKWCipher skipped as " + "necessary algorithms not available");
}
}
Also used :
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
KeyInfo(org.apache.xml.security.keys.KeyInfo)
Element(org.w3c.dom.Element)
DESedeKeySpec(javax.crypto.spec.DESedeKeySpec)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
EncryptedData(org.apache.xml.security.encryption.EncryptedData)
Document(org.w3c.dom.Document)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
KeyGenerator(javax.crypto.KeyGenerator)
PublicKey(java.security.PublicKey)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
Example 45 with EncryptedKey
use of org.apache.xml.security.encryption.EncryptedKey in project santuario-java by apache.
the class XMLEncryption11Test method decryptElement.
/**
* Method decryptElement
*
* Take a key, encryption type and a document, find an encrypted element
* decrypt it and return the resulting document
*
* @param filename File to decrypt from
* @param key The Key to use for decryption
*/
private Document decryptElement(Document doc, Key rsaKey, X509Certificate rsaCert) throws Exception {
// Create the XMLCipher element
XMLCipher cipher = XMLCipher.getInstance();
// Need to pre-load the Encrypted Data so we can get the key info
Element ee = (Element) doc.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedData").item(0);
cipher.init(XMLCipher.DECRYPT_MODE, null);
EncryptedData encryptedData = cipher.loadEncryptedData(doc, ee);
KeyInfo ki = encryptedData.getKeyInfo();
EncryptedKey encryptedKey = ki.itemEncryptedKey(0);
KeyInfo kiek = encryptedKey.getKeyInfo();
X509Data certData = kiek.itemX509Data(0);
XMLX509Certificate xcert = certData.itemCertificate(0);
X509Certificate cert = xcert.getX509Certificate();
assertTrue(rsaCert.equals(cert));
XMLCipher cipher2 = XMLCipher.getInstance();
cipher2.init(XMLCipher.UNWRAP_MODE, rsaKey);
Key key = cipher2.decryptKey(encryptedKey, encryptedData.getEncryptionMethod().getAlgorithm());
cipher.init(XMLCipher.DECRYPT_MODE, key);
Document dd = cipher.doFinal(doc, ee);
return dd;
}
Also used :
XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate)
KeyInfo(org.apache.xml.security.keys.KeyInfo)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
Element(org.w3c.dom.Element)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
EncryptedData(org.apache.xml.security.encryption.EncryptedData)
Document(org.w3c.dom.Document)
X509Data(org.apache.xml.security.keys.content.X509Data)
X509Certificate(java.security.cert.X509Certificate)
XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
Aggregations
EncryptedKey (org.apache.xml.security.encryption.EncryptedKey)54
XMLCipher (org.apache.xml.security.encryption.XMLCipher)44
Document (org.w3c.dom.Document)43
SecretKey (javax.crypto.SecretKey)38
NodeList (org.w3c.dom.NodeList)35
DocumentBuilder (javax.xml.parsers.DocumentBuilder)28
KeyGenerator (javax.crypto.KeyGenerator)27
InputStream (java.io.InputStream)23
ArrayList (java.util.ArrayList)23
Key (java.security.Key)21
Element (org.w3c.dom.Element)20
EncryptedData (org.apache.xml.security.encryption.EncryptedData)18
PrivateKey (java.security.PrivateKey)16
KeyInfo (org.apache.xml.security.keys.KeyInfo)16
ByteArrayInputStream (java.io.ByteArrayInputStream)12
ByteArrayOutputStream (java.io.ByteArrayOutputStream)12
XMLStreamReader (javax.xml.stream.XMLStreamReader)12
DOMSource (javax.xml.transform.dom.DOMSource)12
StreamResult (javax.xml.transform.stream.StreamResult)12
InboundXMLSec (org.apache.xml.security.stax.ext.InboundXMLSec)12
