Examples with EncryptedKeyResolver - org.apache.xml.security.keys.keyresolver.implementations.EncryptedKeyResolver

Example 1 with EncryptedKeyResolver

use of org.apache.xml.security.keys.keyresolver.implementations.EncryptedKeyResolver in project santuario-java by apache.

the class XMLCipher method decryptToByteArray.

/**
 * Decrypt an EncryptedData element to a byte array.
 *
 * When passed in an EncryptedData node, returns the decryption
 * as a byte array.
 *
 * Does not modify the source document.
 * @param element
 * @return the bytes resulting from the decryption
 * @throws XMLEncryptionException
 */
public byte[] decryptToByteArray(Element element) throws XMLEncryptionException {
    LOG.debug("Decrypting to ByteArray...");
    if (cipherMode != DECRYPT_MODE) {
        throw new XMLEncryptionException("empty", "XMLCipher unexpectedly not in DECRYPT_MODE...");
    }
    EncryptedData encryptedData = factory.newEncryptedData(element);
    String encMethodAlgorithm = encryptedData.getEncryptionMethod().getAlgorithm();
    if (key == null) {
        KeyInfo ki = encryptedData.getKeyInfo();
        if (ki != null) {
            try {
                // Add an EncryptedKey resolver
                EncryptedKeyResolver resolver = new EncryptedKeyResolver(encMethodAlgorithm, kek);
                if (internalKeyResolvers != null) {
                    int size = internalKeyResolvers.size();
                    for (int i = 0; i < size; i++) {
                        resolver.registerInternalKeyResolver(internalKeyResolvers.get(i));
                    }
                }
                ki.registerInternalKeyResolver(resolver);
                ki.setSecureValidation(secureValidation);
                key = ki.getSecretKey();
            } catch (KeyResolverException kre) {
                LOG.debug(kre.getMessage(), kre);
            }
        }
        if (key == null) {
            LOG.error("XMLCipher::decryptElement called without a key and unable to resolve");
            throw new XMLEncryptionException("empty", "encryption.nokey");
        }
    }
    // Obtain the encrypted octets
    XMLCipherInput cipherInput = new XMLCipherInput(encryptedData);
    cipherInput.setSecureValidation(secureValidation);
    byte[] encryptedBytes = cipherInput.getBytes();
    // Now create the working cipher
    String jceAlgorithm = JCEMapper.translateURItoJCEID(encMethodAlgorithm);
    LOG.debug("JCE Algorithm = {}", jceAlgorithm);
    Cipher c;
    try {
        if (requestedJCEProvider == null) {
            c = Cipher.getInstance(jceAlgorithm);
        } else {
            c = Cipher.getInstance(jceAlgorithm, requestedJCEProvider);
        }
    } catch (NoSuchAlgorithmException nsae) {
        throw new XMLEncryptionException(nsae);
    } catch (NoSuchProviderException nspre) {
        throw new XMLEncryptionException(nspre);
    } catch (NoSuchPaddingException nspae) {
        throw new XMLEncryptionException(nspae);
    }
    int ivLen = JCEMapper.getIVLengthFromURI(encMethodAlgorithm) / 8;
    byte[] ivBytes = new byte[ivLen];
    // You may be able to pass the entire piece in to IvParameterSpec
    // and it will only take the first x bytes, but no way to be certain
    // that this will work for every JCE provider, so lets copy the
    // necessary bytes into a dedicated array.
    System.arraycopy(encryptedBytes, 0, ivBytes, 0, ivLen);
    String blockCipherAlg = algorithm;
    if (blockCipherAlg == null) {
        blockCipherAlg = encMethodAlgorithm;
    }
    AlgorithmParameterSpec paramSpec = constructBlockCipherParameters(blockCipherAlg, ivBytes);
    try {
        c.init(cipherMode, key, paramSpec);
    } catch (InvalidKeyException ike) {
        throw new XMLEncryptionException(ike);
    } catch (InvalidAlgorithmParameterException iape) {
        throw new XMLEncryptionException(iape);
    }
    try {
        return c.doFinal(encryptedBytes, ivLen, encryptedBytes.length - ivLen);
    } catch (IllegalBlockSizeException ibse) {
        throw new XMLEncryptionException(ibse);
    } catch (BadPaddingException bpe) {
        throw new XMLEncryptionException(bpe);
    }
}

Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) KeyResolverException(org.apache.xml.security.keys.keyresolver.KeyResolverException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) BadPaddingException(javax.crypto.BadPaddingException) InvalidKeyException(java.security.InvalidKeyException) KeyInfo(org.apache.xml.security.keys.KeyInfo) Cipher(javax.crypto.Cipher) NoSuchProviderException(java.security.NoSuchProviderException) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) EncryptedKeyResolver(org.apache.xml.security.keys.keyresolver.implementations.EncryptedKeyResolver)

Aggregations

InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)1 InvalidKeyException (java.security.InvalidKeyException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 NoSuchProviderException (java.security.NoSuchProviderException)1 AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)1 BadPaddingException (javax.crypto.BadPaddingException)1 Cipher (javax.crypto.Cipher)1 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)1 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)1 KeyInfo (org.apache.xml.security.keys.KeyInfo)1 KeyResolverException (org.apache.xml.security.keys.keyresolver.KeyResolverException)1 EncryptedKeyResolver (org.apache.xml.security.keys.keyresolver.implementations.EncryptedKeyResolver)1