Search in sources :

Example 6 with KeyResolverException

use of org.apache.xml.security.keys.keyresolver.KeyResolverException in project santuario-java by apache.

the class XMLCipher method decryptToByteArray.

/**
 * Decrypt an EncryptedData element to a byte array.
 *
 * When passed in an EncryptedData node, returns the decryption
 * as a byte array.
 *
 * Does not modify the source document.
 * @param element
 * @return the bytes resulting from the decryption
 * @throws XMLEncryptionException
 */
public byte[] decryptToByteArray(Element element) throws XMLEncryptionException {
    LOG.debug("Decrypting to ByteArray...");
    if (cipherMode != DECRYPT_MODE) {
        throw new XMLEncryptionException("empty", "XMLCipher unexpectedly not in DECRYPT_MODE...");
    }
    EncryptedData encryptedData = factory.newEncryptedData(element);
    String encMethodAlgorithm = encryptedData.getEncryptionMethod().getAlgorithm();
    if (key == null) {
        KeyInfo ki = encryptedData.getKeyInfo();
        if (ki != null) {
            try {
                // Add an EncryptedKey resolver
                EncryptedKeyResolver resolver = new EncryptedKeyResolver(encMethodAlgorithm, kek);
                if (internalKeyResolvers != null) {
                    int size = internalKeyResolvers.size();
                    for (int i = 0; i < size; i++) {
                        resolver.registerInternalKeyResolver(internalKeyResolvers.get(i));
                    }
                }
                ki.registerInternalKeyResolver(resolver);
                ki.setSecureValidation(secureValidation);
                key = ki.getSecretKey();
            } catch (KeyResolverException kre) {
                LOG.debug(kre.getMessage(), kre);
            }
        }
        if (key == null) {
            LOG.error("XMLCipher::decryptElement called without a key and unable to resolve");
            throw new XMLEncryptionException("empty", "encryption.nokey");
        }
    }
    // Obtain the encrypted octets
    XMLCipherInput cipherInput = new XMLCipherInput(encryptedData);
    cipherInput.setSecureValidation(secureValidation);
    byte[] encryptedBytes = cipherInput.getBytes();
    // Now create the working cipher
    String jceAlgorithm = JCEMapper.translateURItoJCEID(encMethodAlgorithm);
    LOG.debug("JCE Algorithm = {}", jceAlgorithm);
    Cipher c;
    try {
        if (requestedJCEProvider == null) {
            c = Cipher.getInstance(jceAlgorithm);
        } else {
            c = Cipher.getInstance(jceAlgorithm, requestedJCEProvider);
        }
    } catch (NoSuchAlgorithmException nsae) {
        throw new XMLEncryptionException(nsae);
    } catch (NoSuchProviderException nspre) {
        throw new XMLEncryptionException(nspre);
    } catch (NoSuchPaddingException nspae) {
        throw new XMLEncryptionException(nspae);
    }
    int ivLen = JCEMapper.getIVLengthFromURI(encMethodAlgorithm) / 8;
    byte[] ivBytes = new byte[ivLen];
    // You may be able to pass the entire piece in to IvParameterSpec
    // and it will only take the first x bytes, but no way to be certain
    // that this will work for every JCE provider, so lets copy the
    // necessary bytes into a dedicated array.
    System.arraycopy(encryptedBytes, 0, ivBytes, 0, ivLen);
    String blockCipherAlg = algorithm;
    if (blockCipherAlg == null) {
        blockCipherAlg = encMethodAlgorithm;
    }
    AlgorithmParameterSpec paramSpec = constructBlockCipherParameters(blockCipherAlg, ivBytes);
    try {
        c.init(cipherMode, key, paramSpec);
    } catch (InvalidKeyException ike) {
        throw new XMLEncryptionException(ike);
    } catch (InvalidAlgorithmParameterException iape) {
        throw new XMLEncryptionException(iape);
    }
    try {
        return c.doFinal(encryptedBytes, ivLen, encryptedBytes.length - ivLen);
    } catch (IllegalBlockSizeException ibse) {
        throw new XMLEncryptionException(ibse);
    } catch (BadPaddingException bpe) {
        throw new XMLEncryptionException(bpe);
    }
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) KeyResolverException(org.apache.xml.security.keys.keyresolver.KeyResolverException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) BadPaddingException(javax.crypto.BadPaddingException) InvalidKeyException(java.security.InvalidKeyException) KeyInfo(org.apache.xml.security.keys.KeyInfo) Cipher(javax.crypto.Cipher) NoSuchProviderException(java.security.NoSuchProviderException) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) EncryptedKeyResolver(org.apache.xml.security.keys.keyresolver.implementations.EncryptedKeyResolver)

Example 7 with KeyResolverException

use of org.apache.xml.security.keys.keyresolver.KeyResolverException in project santuario-java by apache.

the class PrivateKeyResolver method engineLookupAndResolvePrivateKey.

/**
 * Method engineResolvePrivateKey
 * {@inheritDoc}
 * @param element
 * @param baseURI
 * @param storage
 * @return resolved PrivateKey key or null if no {@link PrivateKey} could be obtained
 * @throws KeyResolverException
 */
public PrivateKey engineLookupAndResolvePrivateKey(Element element, String baseURI, StorageResolver storage) throws KeyResolverException {
    LOG.debug("Can I resolve {}?", element.getTagName());
    if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
        PrivateKey privKey = resolveX509Data(element, baseURI);
        if (privKey != null) {
            return privKey;
        }
    } else if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
        LOG.debug("Can I resolve KeyName?");
        String keyName = element.getFirstChild().getNodeValue();
        try {
            Key key = keyStore.getKey(keyName, password);
            if (key instanceof PrivateKey) {
                return (PrivateKey) key;
            }
        } catch (Exception e) {
            LOG.debug("Cannot recover the key", e);
        }
    }
    LOG.debug("I can't");
    return null;
}
Also used : PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey) KeyStoreException(java.security.KeyStoreException) KeyResolverException(org.apache.xml.security.keys.keyresolver.KeyResolverException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) CertificateEncodingException(java.security.cert.CertificateEncodingException)

Example 8 with KeyResolverException

use of org.apache.xml.security.keys.keyresolver.KeyResolverException in project santuario-java by apache.

the class X509DigestResolver method checkStorage.

/**
 * Method checkSrorage
 *
 * @param storage
 * @throws KeyResolverException
 */
private void checkStorage(StorageResolver storage) throws KeyResolverException {
    if (storage == null) {
        Object[] exArgs = { Constants._TAG_X509DIGEST };
        KeyResolverException ex = new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
        LOG.debug("", ex);
        throw ex;
    }
}
Also used : KeyResolverException(org.apache.xml.security.keys.keyresolver.KeyResolverException)

Example 9 with KeyResolverException

use of org.apache.xml.security.keys.keyresolver.KeyResolverException in project santuario-java by apache.

the class X509SKIResolver method engineLookupResolveX509Certificate.

/**
 * Method engineResolveX509Certificate
 * {@inheritDoc}
 * @param element
 * @param baseURI
 * @param storage
 *
 * @throws KeyResolverException
 */
public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage) throws KeyResolverException {
    LOG.debug("Can I resolve {}?", element.getTagName());
    if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
        LOG.debug("I can't");
        return null;
    }
    /**
     * Field _x509childObject[]
     */
    XMLX509SKI[] x509childObject = null;
    Element[] x509childNodes = null;
    x509childNodes = XMLUtils.selectDsNodes(element.getFirstChild(), Constants._TAG_X509SKI);
    if (!(x509childNodes != null && x509childNodes.length > 0)) {
        LOG.debug("I can't");
        return null;
    }
    try {
        if (storage == null) {
            Object[] exArgs = { Constants._TAG_X509SKI };
            KeyResolverException ex = new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
            LOG.debug("", ex);
            throw ex;
        }
        x509childObject = new XMLX509SKI[x509childNodes.length];
        for (int i = 0; i < x509childNodes.length; i++) {
            x509childObject[i] = new XMLX509SKI(x509childNodes[i], baseURI);
        }
        Iterator<Certificate> storageIterator = storage.getIterator();
        while (storageIterator.hasNext()) {
            X509Certificate cert = (X509Certificate) storageIterator.next();
            XMLX509SKI certSKI = new XMLX509SKI(element.getOwnerDocument(), cert);
            for (int i = 0; i < x509childObject.length; i++) {
                if (certSKI.equals(x509childObject[i])) {
                    LOG.debug("Return PublicKey from {}", cert.getSubjectX500Principal().getName());
                    return cert;
                }
            }
        }
    } catch (XMLSecurityException ex) {
        throw new KeyResolverException(ex);
    }
    return null;
}
Also used : XMLX509SKI(org.apache.xml.security.keys.content.x509.XMLX509SKI) Element(org.w3c.dom.Element) KeyResolverException(org.apache.xml.security.keys.keyresolver.KeyResolverException) X509Certificate(java.security.cert.X509Certificate) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 10 with KeyResolverException

use of org.apache.xml.security.keys.keyresolver.KeyResolverException in project santuario-java by apache.

the class SecretKeyResolver method engineResolveSecretKey.

/**
 * Method engineResolveSecretKey
 *
 * @param element
 * @param baseURI
 * @param storage
 * @return resolved SecretKey key or null if no {@link SecretKey} could be obtained
 *
 * @throws KeyResolverException
 */
public SecretKey engineResolveSecretKey(Element element, String baseURI, StorageResolver storage) throws KeyResolverException {
    LOG.debug("Can I resolve {}?", element.getTagName());
    if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
        String keyName = element.getFirstChild().getNodeValue();
        try {
            Key key = keyStore.getKey(keyName, password);
            if (key instanceof SecretKey) {
                return (SecretKey) key;
            }
        } catch (Exception e) {
            LOG.debug("Cannot recover the key", e);
        }
    }
    LOG.debug("I can't");
    return null;
}
Also used : SecretKey(javax.crypto.SecretKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) SecretKey(javax.crypto.SecretKey) KeyResolverException(org.apache.xml.security.keys.keyresolver.KeyResolverException)

Aggregations

KeyResolverException (org.apache.xml.security.keys.keyresolver.KeyResolverException)11 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)7 X509Certificate (java.security.cert.X509Certificate)6 Element (org.w3c.dom.Element)5 Certificate (java.security.cert.Certificate)4 SecretKey (javax.crypto.SecretKey)3 Key (java.security.Key)2 PrivateKey (java.security.PrivateKey)2 PublicKey (java.security.PublicKey)2 KeyInfo (org.apache.xml.security.keys.KeyInfo)2 XMLSignatureException (org.apache.xml.security.signature.XMLSignatureException)2 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)1 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)1 InvalidKeyException (java.security.InvalidKeyException)1 KeyStoreException (java.security.KeyStoreException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 NoSuchProviderException (java.security.NoSuchProviderException)1 CertificateEncodingException (java.security.cert.CertificateEncodingException)1 AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)1 BadPaddingException (javax.crypto.BadPaddingException)1