Example 11 with XMLCipher
use of org.apache.xml.security.encryption.XMLCipher in project santuario-java by apache.
the class XMLCipherTest method testEncryptedKeyWithRecipient.
@org.junit.Test
public void testEncryptedKeyWithRecipient() throws Exception {
String filename = "src/test/resources/org/apache/xml/security/encryption/encryptedKey.xml";
if (basedir != null && !"".equals(basedir)) {
filename = basedir + "/" + filename;
}
File f = new File(filename);
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(f);
XMLCipher keyCipher = XMLCipher.getInstance();
keyCipher.init(XMLCipher.UNWRAP_MODE, null);
NodeList ekList = document.getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_ENCRYPTEDKEY);
for (int i = 0; i < ekList.getLength(); i++) {
EncryptedKey ek = keyCipher.loadEncryptedKey(document, (Element) ekList.item(i));
assertNotNull(ek.getRecipient());
}
}
Also used :
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
NodeList(org.w3c.dom.NodeList)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
Document(org.w3c.dom.Document)
File(java.io.File)
Example 12 with XMLCipher
use of org.apache.xml.security.encryption.XMLCipher in project santuario-java by apache.
the class XMLCipherTest method testSameDocumentCipherReference.
/*
* Test a Cipher Reference
*/
@org.junit.Test
public void testSameDocumentCipherReference() throws Exception {
if (haveISOPadding) {
DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
Document d = db.newDocument();
Element docElement = d.createElement("EncryptedDoc");
d.appendChild(docElement);
// Create the XMLCipher object
cipher = XMLCipher.getInstance();
EncryptedData ed = cipher.createEncryptedData(CipherData.REFERENCE_TYPE, "#CipherTextId");
EncryptionMethod em = cipher.createEncryptionMethod(XMLCipher.AES_128);
ed.setEncryptionMethod(em);
org.apache.xml.security.encryption.Transforms xencTransforms = cipher.createTransforms(d);
ed.getCipherData().getCipherReference().setTransforms(xencTransforms);
org.apache.xml.security.transforms.Transforms dsTransforms = xencTransforms.getDSTransforms();
// An XPath transform
XPathContainer xpc = new XPathContainer(d);
xpc.setXPath("self::text()[parent::CipherText[@Id=\"CipherTextId\"]]");
dsTransforms.addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_XPATH, xpc.getElementPlusReturns());
// Add a Base64 Transforms
dsTransforms.addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_BASE64_DECODE);
Element ee = cipher.martial(d, ed);
docElement.appendChild(ee);
// Add the cipher text
Element encryptedElement = d.createElement("CipherText");
encryptedElement.setAttributeNS(null, "Id", "CipherTextId");
encryptedElement.setIdAttributeNS(null, "Id", true);
encryptedElement.appendChild(d.createTextNode(tstBase64EncodedString));
docElement.appendChild(encryptedElement);
// dump(d);
// Now the decrypt, with a brand new cipher
XMLCipher cipherDecrypt = XMLCipher.getInstance();
Key key = new SecretKeySpec("abcdefghijklmnop".getBytes(StandardCharsets.US_ASCII), "AES");
cipherDecrypt.init(XMLCipher.DECRYPT_MODE, key);
byte[] decryptBytes = cipherDecrypt.decryptToByteArray(ee);
assertEquals("A test encrypted secret", new String(decryptBytes, StandardCharsets.US_ASCII));
} else {
LOG.warn("Test testSameDocumentCipherReference skipped as " + "necessary algorithms not available");
}
}
Also used :
Element(org.w3c.dom.Element)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
EncryptionMethod(org.apache.xml.security.encryption.EncryptionMethod)
Document(org.w3c.dom.Document)
XPathContainer(org.apache.xml.security.transforms.params.XPathContainer)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
EncryptedData(org.apache.xml.security.encryption.EncryptedData)
PublicKey(java.security.PublicKey)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
Example 13 with XMLCipher
use of org.apache.xml.security.encryption.XMLCipher in project santuario-java by apache.
the class KeyResolverTest method testResolvePrivateKey.
/**
* Encrypt some data, embedded the data encryption key
* in the message using the key transport algorithm rsa-1_5.
* Decrypt the data by resolving the Key Encryption Key.
* This test verifies if a KeyResolver can return a PrivateKey.
*/
@org.junit.Test
public void testResolvePrivateKey() throws Exception {
// See if AES-128 is available...
String algorithmId = JCEMapper.translateURItoJCEID(org.apache.xml.security.utils.EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
boolean haveAES = false;
if (algorithmId != null) {
try {
if (Cipher.getInstance(algorithmId) != null) {
haveAES = true;
}
} catch (NoSuchAlgorithmException nsae) {
//
} catch (NoSuchPaddingException nspe) {
//
}
}
if (!haveAES) {
return;
}
// Create a sample XML document
Document document = XMLUtils.createDocumentBuilder(false).newDocument();
Element rootElement = document.createElement("root");
document.appendChild(rootElement);
Element elem = document.createElement("elem");
Text text = document.createTextNode("text");
elem.appendChild(text);
rootElement.appendChild(elem);
// Create a data encryption key
byte[] keyBytes = { 0, 1, 2, 3, 4, 5, 6, 7, 0, 1, 2, 3, 4, 5, 6, 7 };
SecretKeySpec dataEncryptKey = new SecretKeySpec(keyBytes, "AES");
// Create public and private keys
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger("8710a2bcb2f3fdac177f0ae0461c2dd0ebf72e0d88a5400583a7d8bdabd6" + "ae009d30cfdf6acb5b6a64cdc730bc630a39d946d08babffe62ea20a87e37c93b3b0e8a8e576045b" + "bddfbde83ca9bfa180fe6a5f5eee60661936d728314e809201ef52cd71d9fa3c8ce83f9d30ab5e08" + "1539219e7e45dd6a60be65ac95d2049b8f21", 16), new BigInteger("10001", 16));
RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(new BigInteger("8710a2bcb2f3fdac177f0ae0461c2dd0ebf72e0d88a5400583a7d8bdabd" + "6ae009d30cfdf6acb5b6a64cdc730bc630a39d946d08babffe62ea20a87e37c93b3b0e8a8e576045" + "bbddfbde83ca9bfa180fe6a5f5eee60661936d728314e809201ef52cd71d9fa3c8ce83f9d30ab5e0" + "81539219e7e45dd6a60be65ac95d2049b8f21", 16), new BigInteger("20c39e569c2aa80cc91e5e6b0d56e49e5bbf78827bf56a546c1d996c597" + "5187cb9a50fa828e5efe51d52f5d112c20bc700b836facadca6e0051afcdfe866841e37d207c0295" + "36ff8674b301e2198b2c56abb0a0313f8ff84c1fcd6fa541aa6e5d9c018fab4784d2940def5dc709" + "ddc714d73b6c23b5d178eaa5933577b8e8ae9", 16));
RSAPublicKey pubKey = (RSAPublicKey) keyFactory.generatePublic(pubKeySpec);
RSAPrivateKey privKey = (RSAPrivateKey) keyFactory.generatePrivate(privKeySpec);
// Encrypt the data encryption key with the key encryption key
XMLCipher keyCipher = XMLCipher.getInstance(XMLCipher.RSA_v1dot5);
keyCipher.init(XMLCipher.WRAP_MODE, pubKey);
EncryptedKey encryptedKey = keyCipher.encryptKey(document, dataEncryptKey);
String keyName = "testResolvePrivateKey";
KeyInfo kekInfo = new KeyInfo(document);
kekInfo.addKeyName(keyName);
encryptedKey.setKeyInfo(kekInfo);
// Encrypt the data
XMLCipher xmlCipher = XMLCipher.getInstance(XMLCipher.AES_128);
xmlCipher.init(XMLCipher.ENCRYPT_MODE, dataEncryptKey);
EncryptedData encryptedData = xmlCipher.getEncryptedData();
KeyInfo keyInfo = new KeyInfo(document);
keyInfo.add(encryptedKey);
encryptedData.setKeyInfo(keyInfo);
xmlCipher.doFinal(document, rootElement, true);
Element encryptedDataElement = (Element) rootElement.getFirstChild();
assertEquals("EncryptedData", encryptedDataElement.getLocalName());
// Decrypt the data by resolving the private key used as the KEK
// First test with an internal KeyResolver
MyPrivateKeyResolver.pk = privKey;
MyPrivateKeyResolver.pkName = keyName;
decryptDocument(document, new MyPrivateKeyResolver());
// Now test with a static KeyResolver
KeyResolver.registerAtStart(MyPrivateKeyResolver.class.getName(), false);
KeyResolverSpi resolver = KeyResolver.iterator().next();
assertEquals(MyPrivateKeyResolver.class.getName(), resolver.getClass().getName());
decryptDocument(document, null);
}
Also used :
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
Element(org.w3c.dom.Element)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
Text(org.w3c.dom.Text)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec)
Document(org.w3c.dom.Document)
RSAPrivateKeySpec(java.security.spec.RSAPrivateKeySpec)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
KeyInfo(org.apache.xml.security.keys.KeyInfo)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
KeyResolverSpi(org.apache.xml.security.keys.keyresolver.KeyResolverSpi)
BigInteger(java.math.BigInteger)
EncryptedData(org.apache.xml.security.encryption.EncryptedData)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
KeyFactory(java.security.KeyFactory)
Example 14 with XMLCipher
use of org.apache.xml.security.encryption.XMLCipher in project santuario-java by apache.
the class KeyResolverTest method decryptDocument.
private void decryptDocument(Document docSource, KeyResolverSpi internalResolver) throws Exception {
Document document = (Document) docSource.cloneNode(true);
Element rootElement = document.getDocumentElement();
Element encryptedDataElement = (Element) rootElement.getFirstChild();
XMLCipher decryptCipher = XMLCipher.getInstance();
decryptCipher.init(XMLCipher.DECRYPT_MODE, null);
if (internalResolver != null) {
decryptCipher.registerInternalKeyResolver(internalResolver);
}
decryptCipher.doFinal(document, encryptedDataElement);
Element decryptedElement = (Element) rootElement.getFirstChild();
assertEquals("elem", decryptedElement.getLocalName());
}Example 15 with XMLCipher
use of org.apache.xml.security.encryption.XMLCipher in project santuario-java by apache.
the class BaltimoreEncTest method findKey.
/**
* Method findKey
*
* Given an encryptedData structure, return the key that will decrypt
* it
*
* @param encryptedData EncryptedData to get key for
*/
private Key findKey(EncryptedData encryptedData) throws Exception {
KeyInfo ki = encryptedData.getKeyInfo();
Key key = null;
Key kek = null;
if (ki == null) {
return null;
}
// First check for a known key name
KeyName keyName = ki.itemKeyName(0);
if (keyName != null) {
return mapKeyName(keyName.getKeyName());
}
// Decrypt any encryptedKey structures
EncryptedKey encryptedKey = ki.itemEncryptedKey(0);
if (encryptedKey == null) {
return null;
}
KeyInfo kiek = encryptedKey.getKeyInfo();
if (kiek == null) {
return null;
}
KeyName kekKeyName = kiek.itemKeyName(0);
if (kekKeyName != null) {
kek = mapKeyName(kekKeyName.getKeyName());
} else {
X509Data certData = kiek.itemX509Data(0);
XMLX509Certificate xcert = certData.itemCertificate(0);
X509Certificate cert = xcert.getX509Certificate();
if (cert != null && cert.getSerialNumber().toString().equals(rsaCertSerialNumber)) {
kek = rsaKey;
}
}
if (kek != null) {
XMLCipher cipher = XMLCipher.getInstance();
cipher.init(XMLCipher.UNWRAP_MODE, kek);
key = cipher.decryptKey(encryptedKey, encryptedData.getEncryptionMethod().getAlgorithm());
}
return key;
}
Also used :
KeyName(org.apache.xml.security.keys.content.KeyName)
XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate)
KeyInfo(org.apache.xml.security.keys.KeyInfo)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
X509Data(org.apache.xml.security.keys.content.X509Data)
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
X509Certificate(java.security.cert.X509Certificate)
XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate)
Aggregations
XMLCipher (org.apache.xml.security.encryption.XMLCipher)79
Document (org.w3c.dom.Document)54
EncryptedKey (org.apache.xml.security.encryption.EncryptedKey)51
NodeList (org.w3c.dom.NodeList)48
SecretKey (javax.crypto.SecretKey)41
Element (org.w3c.dom.Element)37
DocumentBuilder (javax.xml.parsers.DocumentBuilder)30
InputStream (java.io.InputStream)29
KeyGenerator (javax.crypto.KeyGenerator)25
ArrayList (java.util.ArrayList)22
EncryptedData (org.apache.xml.security.encryption.EncryptedData)22
Key (java.security.Key)19
ByteArrayInputStream (java.io.ByteArrayInputStream)16
KeyInfo (org.apache.xml.security.keys.KeyInfo)16
PrivateKey (java.security.PrivateKey)15
ByteArrayOutputStream (java.io.ByteArrayOutputStream)13
DOMSource (javax.xml.transform.dom.DOMSource)13
XMLStreamReader (javax.xml.stream.XMLStreamReader)11
StreamResult (javax.xml.transform.stream.StreamResult)11
XMLEncryptionException (org.apache.xml.security.encryption.XMLEncryptionException)11
