use of org.apache.xml.security.keys.keyresolver.KeyResolverException in project santuario-java by apache.
the class XMLCipher method decryptToByteArray.
/**
* Decrypt an EncryptedData element to a byte array.
*
* When passed in an EncryptedData node, returns the decryption
* as a byte array.
*
* Does not modify the source document.
* @param element
* @return the bytes resulting from the decryption
* @throws XMLEncryptionException
*/
public byte[] decryptToByteArray(Element element) throws XMLEncryptionException {
LOG.debug("Decrypting to ByteArray...");
if (cipherMode != DECRYPT_MODE) {
throw new XMLEncryptionException("empty", "XMLCipher unexpectedly not in DECRYPT_MODE...");
}
EncryptedData encryptedData = factory.newEncryptedData(element);
String encMethodAlgorithm = encryptedData.getEncryptionMethod().getAlgorithm();
if (key == null) {
KeyInfo ki = encryptedData.getKeyInfo();
if (ki != null) {
try {
// Add an EncryptedKey resolver
EncryptedKeyResolver resolver = new EncryptedKeyResolver(encMethodAlgorithm, kek);
if (internalKeyResolvers != null) {
int size = internalKeyResolvers.size();
for (int i = 0; i < size; i++) {
resolver.registerInternalKeyResolver(internalKeyResolvers.get(i));
}
}
ki.registerInternalKeyResolver(resolver);
ki.setSecureValidation(secureValidation);
key = ki.getSecretKey();
} catch (KeyResolverException kre) {
LOG.debug(kre.getMessage(), kre);
}
}
if (key == null) {
LOG.error("XMLCipher::decryptElement called without a key and unable to resolve");
throw new XMLEncryptionException("empty", "encryption.nokey");
}
}
// Obtain the encrypted octets
XMLCipherInput cipherInput = new XMLCipherInput(encryptedData);
cipherInput.setSecureValidation(secureValidation);
byte[] encryptedBytes = cipherInput.getBytes();
// Now create the working cipher
String jceAlgorithm = JCEMapper.translateURItoJCEID(encMethodAlgorithm);
LOG.debug("JCE Algorithm = {}", jceAlgorithm);
Cipher c;
try {
if (requestedJCEProvider == null) {
c = Cipher.getInstance(jceAlgorithm);
} else {
c = Cipher.getInstance(jceAlgorithm, requestedJCEProvider);
}
} catch (NoSuchAlgorithmException nsae) {
throw new XMLEncryptionException(nsae);
} catch (NoSuchProviderException nspre) {
throw new XMLEncryptionException(nspre);
} catch (NoSuchPaddingException nspae) {
throw new XMLEncryptionException(nspae);
}
int ivLen = JCEMapper.getIVLengthFromURI(encMethodAlgorithm) / 8;
byte[] ivBytes = new byte[ivLen];
// You may be able to pass the entire piece in to IvParameterSpec
// and it will only take the first x bytes, but no way to be certain
// that this will work for every JCE provider, so lets copy the
// necessary bytes into a dedicated array.
System.arraycopy(encryptedBytes, 0, ivBytes, 0, ivLen);
String blockCipherAlg = algorithm;
if (blockCipherAlg == null) {
blockCipherAlg = encMethodAlgorithm;
}
AlgorithmParameterSpec paramSpec = constructBlockCipherParameters(blockCipherAlg, ivBytes);
try {
c.init(cipherMode, key, paramSpec);
} catch (InvalidKeyException ike) {
throw new XMLEncryptionException(ike);
} catch (InvalidAlgorithmParameterException iape) {
throw new XMLEncryptionException(iape);
}
try {
return c.doFinal(encryptedBytes, ivLen, encryptedBytes.length - ivLen);
} catch (IllegalBlockSizeException ibse) {
throw new XMLEncryptionException(ibse);
} catch (BadPaddingException bpe) {
throw new XMLEncryptionException(bpe);
}
}
use of org.apache.xml.security.keys.keyresolver.KeyResolverException in project santuario-java by apache.
the class PrivateKeyResolver method engineLookupAndResolvePrivateKey.
/**
* Method engineResolvePrivateKey
* {@inheritDoc}
* @param element
* @param baseURI
* @param storage
* @return resolved PrivateKey key or null if no {@link PrivateKey} could be obtained
* @throws KeyResolverException
*/
public PrivateKey engineLookupAndResolvePrivateKey(Element element, String baseURI, StorageResolver storage) throws KeyResolverException {
LOG.debug("Can I resolve {}?", element.getTagName());
if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
PrivateKey privKey = resolveX509Data(element, baseURI);
if (privKey != null) {
return privKey;
}
} else if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
LOG.debug("Can I resolve KeyName?");
String keyName = element.getFirstChild().getNodeValue();
try {
Key key = keyStore.getKey(keyName, password);
if (key instanceof PrivateKey) {
return (PrivateKey) key;
}
} catch (Exception e) {
LOG.debug("Cannot recover the key", e);
}
}
LOG.debug("I can't");
return null;
}
use of org.apache.xml.security.keys.keyresolver.KeyResolverException in project santuario-java by apache.
the class X509DigestResolver method checkStorage.
/**
* Method checkSrorage
*
* @param storage
* @throws KeyResolverException
*/
private void checkStorage(StorageResolver storage) throws KeyResolverException {
if (storage == null) {
Object[] exArgs = { Constants._TAG_X509DIGEST };
KeyResolverException ex = new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
LOG.debug("", ex);
throw ex;
}
}
use of org.apache.xml.security.keys.keyresolver.KeyResolverException in project santuario-java by apache.
the class X509SKIResolver method engineLookupResolveX509Certificate.
/**
* Method engineResolveX509Certificate
* {@inheritDoc}
* @param element
* @param baseURI
* @param storage
*
* @throws KeyResolverException
*/
public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage) throws KeyResolverException {
LOG.debug("Can I resolve {}?", element.getTagName());
if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
LOG.debug("I can't");
return null;
}
/**
* Field _x509childObject[]
*/
XMLX509SKI[] x509childObject = null;
Element[] x509childNodes = null;
x509childNodes = XMLUtils.selectDsNodes(element.getFirstChild(), Constants._TAG_X509SKI);
if (!(x509childNodes != null && x509childNodes.length > 0)) {
LOG.debug("I can't");
return null;
}
try {
if (storage == null) {
Object[] exArgs = { Constants._TAG_X509SKI };
KeyResolverException ex = new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
LOG.debug("", ex);
throw ex;
}
x509childObject = new XMLX509SKI[x509childNodes.length];
for (int i = 0; i < x509childNodes.length; i++) {
x509childObject[i] = new XMLX509SKI(x509childNodes[i], baseURI);
}
Iterator<Certificate> storageIterator = storage.getIterator();
while (storageIterator.hasNext()) {
X509Certificate cert = (X509Certificate) storageIterator.next();
XMLX509SKI certSKI = new XMLX509SKI(element.getOwnerDocument(), cert);
for (int i = 0; i < x509childObject.length; i++) {
if (certSKI.equals(x509childObject[i])) {
LOG.debug("Return PublicKey from {}", cert.getSubjectX500Principal().getName());
return cert;
}
}
}
} catch (XMLSecurityException ex) {
throw new KeyResolverException(ex);
}
return null;
}
use of org.apache.xml.security.keys.keyresolver.KeyResolverException in project santuario-java by apache.
the class SecretKeyResolver method engineResolveSecretKey.
/**
* Method engineResolveSecretKey
*
* @param element
* @param baseURI
* @param storage
* @return resolved SecretKey key or null if no {@link SecretKey} could be obtained
*
* @throws KeyResolverException
*/
public SecretKey engineResolveSecretKey(Element element, String baseURI, StorageResolver storage) throws KeyResolverException {
LOG.debug("Can I resolve {}?", element.getTagName());
if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
String keyName = element.getFirstChild().getNodeValue();
try {
Key key = keyStore.getKey(keyName, password);
if (key instanceof SecretKey) {
return (SecretKey) key;
}
} catch (Exception e) {
LOG.debug("Cannot recover the key", e);
}
}
LOG.debug("I can't");
return null;
}
Aggregations