Example 31 with XMLCipher
use of org.apache.xml.security.encryption.XMLCipher in project testcases by coheigea.
the class AbstractPerformanceTest method doDOMDecryptionInbound.
protected void doDOMDecryptionInbound(File file, int tagCount, Serializer serializer) throws Exception {
Document document = StaxUtils.read(file);
XMLCipher cipher = XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#aes256-cbc");
cipher.init(XMLCipher.DECRYPT_MODE, encryptionSymKey);
cipher.setSerializer(serializer);
cipher.doFinal(document, document.getDocumentElement());
}Example 32 with XMLCipher
use of org.apache.xml.security.encryption.XMLCipher in project testcases by coheigea.
the class AbstractPerformanceTest method doDOMEncryptionOutbound.
protected File doDOMEncryptionOutbound(File file, int tagCount, Serializer serializer) throws Exception {
Document document = StaxUtils.read(file);
XMLCipher cipher = XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#aes256-cbc");
cipher.init(XMLCipher.ENCRYPT_MODE, encryptionSymKey);
cipher.setSerializer(serializer);
document = cipher.doFinal(document, document.getDocumentElement());
final File encryptedFile = new File(getTmpFilePath(), "encryption-dom-" + serializer.toString() + "-" + tagCount + ".xml");
OutputStream outputStream = new FileOutputStream(encryptedFile);
XMLUtils.outputDOM(document, new BufferedOutputStream(outputStream));
outputStream.close();
return encryptedFile;
}
Also used :
OutputStream(java.io.OutputStream)
FileOutputStream(java.io.FileOutputStream)
BufferedOutputStream(java.io.BufferedOutputStream)
FileOutputStream(java.io.FileOutputStream)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
Document(org.w3c.dom.Document)
File(java.io.File)
BufferedOutputStream(java.io.BufferedOutputStream)
Example 33 with XMLCipher
use of org.apache.xml.security.encryption.XMLCipher in project cxf by apache.
the class XmlEncOutInterceptor method encryptDocument.
protected Document encryptDocument(Message message, Document payloadDoc) throws Exception {
String symEncAlgo = encProps.getEncryptionSymmetricKeyAlgo() == null ? XMLCipher.AES_256 : encProps.getEncryptionSymmetricKeyAlgo();
byte[] secretKey = getSymmetricKey(symEncAlgo);
Document encryptedDataDoc = DOMUtils.createDocument();
Element encryptedDataElement = createEncryptedDataElement(encryptedDataDoc, symEncAlgo);
if (encryptSymmetricKey) {
X509Certificate receiverCert;
String userName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME, message);
if (RSSecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(userName) && !MessageUtils.isRequestor(message)) {
receiverCert = (X509Certificate) message.getExchange().getInMessage().get(AbstractXmlSecInHandler.SIGNING_CERT);
if (receiverCert == null) {
receiverCert = (X509Certificate) message.getExchange().getInMessage().get(SecurityConstants.ENCRYPT_CERT);
}
} else {
CryptoLoader loader = new CryptoLoader();
Crypto crypto = loader.getCrypto(message, SecurityConstants.ENCRYPT_CRYPTO, SecurityConstants.ENCRYPT_PROPERTIES);
userName = RSSecurityUtils.getUserName(crypto, userName);
if (StringUtils.isEmpty(userName)) {
throw new Exception("User name is not available");
}
receiverCert = getReceiverCertificateFromCrypto(crypto, userName);
}
if (receiverCert == null) {
throw new Exception("Receiver certificate is not available");
}
String keyEncAlgo = encProps.getEncryptionKeyTransportAlgo() == null ? XMLCipher.RSA_OAEP : encProps.getEncryptionKeyTransportAlgo();
String digestAlgo = encProps.getEncryptionDigestAlgo();
byte[] encryptedSecretKey = encryptSymmetricKey(secretKey, receiverCert, keyEncAlgo, digestAlgo);
addEncryptedKeyElement(encryptedDataElement, receiverCert, encryptedSecretKey, keyEncAlgo, digestAlgo);
}
// encrypt payloadDoc
XMLCipher xmlCipher = EncryptionUtils.initXMLCipher(symEncAlgo, XMLCipher.ENCRYPT_MODE, symmetricKey);
Document result = xmlCipher.doFinal(payloadDoc, payloadDoc.getDocumentElement(), false);
NodeList list = result.getElementsByTagNameNS(ENC_NS, "CipherValue");
if (list.getLength() != 1) {
throw new Exception("Payload CipherData is missing");
}
String cipherText = ((Element) list.item(0)).getTextContent().trim();
Element cipherValue = createCipherValue(encryptedDataDoc, encryptedDataDoc.getDocumentElement());
cipherValue.appendChild(encryptedDataDoc.createTextNode(cipherText));
// StaxUtils.copy(new DOMSource(encryptedDataDoc), System.out);
return encryptedDataDoc;
}
Also used :
Crypto(org.apache.wss4j.common.crypto.Crypto)
Element(org.w3c.dom.Element)
CryptoLoader(org.apache.cxf.rs.security.common.CryptoLoader)
NodeList(org.w3c.dom.NodeList)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
Document(org.w3c.dom.Document)
X509Certificate(java.security.cert.X509Certificate)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
BadPaddingException(javax.crypto.BadPaddingException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
Example 34 with XMLCipher
use of org.apache.xml.security.encryption.XMLCipher in project cxf by apache.
the class XmlEncOutInterceptor method encryptSymmetricKey.
// Apache Security XMLCipher does not support
// Certificates for encrypting the keys
protected byte[] encryptSymmetricKey(byte[] keyBytes, X509Certificate remoteCert, String keyEncAlgo, String digestAlgo) throws WSSecurityException {
Cipher cipher = EncryptionUtils.initCipherWithCert(keyEncAlgo, digestAlgo, Cipher.ENCRYPT_MODE, remoteCert);
int blockSize = cipher.getBlockSize();
if (blockSize > 0 && blockSize < keyBytes.length) {
String message = "Public key algorithm too weak to encrypt symmetric key";
LOG.severe(message);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "unsupportedKeyTransp", new Object[] { message });
}
final byte[] encryptedEphemeralKey;
try {
encryptedEphemeralKey = cipher.doFinal(keyBytes);
} catch (IllegalStateException | IllegalBlockSizeException | BadPaddingException ex) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, ex);
}
return encryptedEphemeralKey;
}
Also used :
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
Cipher(javax.crypto.Cipher)
BadPaddingException(javax.crypto.BadPaddingException)
Example 35 with XMLCipher
use of org.apache.xml.security.encryption.XMLCipher in project cxf by apache.
the class EncryptionUtils method initXMLCipher.
public static XMLCipher initXMLCipher(String symEncAlgo, int mode, Key key) throws WSSecurityException {
try {
XMLCipher cipher = XMLCipher.getInstance(symEncAlgo);
cipher.setSecureValidation(true);
cipher.init(mode, key);
return cipher;
} catch (XMLEncryptionException ex) {
throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, ex);
}
}
Also used :
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
XMLEncryptionException(org.apache.xml.security.encryption.XMLEncryptionException)
Aggregations
XMLCipher (org.apache.xml.security.encryption.XMLCipher)79
Document (org.w3c.dom.Document)54
EncryptedKey (org.apache.xml.security.encryption.EncryptedKey)51
NodeList (org.w3c.dom.NodeList)48
SecretKey (javax.crypto.SecretKey)41
Element (org.w3c.dom.Element)37
DocumentBuilder (javax.xml.parsers.DocumentBuilder)30
InputStream (java.io.InputStream)29
KeyGenerator (javax.crypto.KeyGenerator)25
ArrayList (java.util.ArrayList)22
EncryptedData (org.apache.xml.security.encryption.EncryptedData)22
Key (java.security.Key)19
ByteArrayInputStream (java.io.ByteArrayInputStream)16
KeyInfo (org.apache.xml.security.keys.KeyInfo)16
PrivateKey (java.security.PrivateKey)15
ByteArrayOutputStream (java.io.ByteArrayOutputStream)13
DOMSource (javax.xml.transform.dom.DOMSource)13
XMLStreamReader (javax.xml.stream.XMLStreamReader)11
StreamResult (javax.xml.transform.stream.StreamResult)11
XMLEncryptionException (org.apache.xml.security.encryption.XMLEncryptionException)11
