org.apache.xml.security.utils.EncryptionConstants Java Examples

The following examples show how to use org.apache.xml.security.utils.EncryptionConstants. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ArtifactResolutionServlet.java    From OpenSAML-ref-project-demo-v3 with Apache License 2.0 6 votes vote down vote up
/**
 * 加密断言
 */
private EncryptedAssertion encryptAssertion(Assertion assertion) {
    DataEncryptionParameters encryptionParameters = new DataEncryptionParameters();
    encryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);

    KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
    keyEncryptionParameters.setEncryptionCredential(SPCredentials.getCredential());
    keyEncryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);

    Encrypter encrypter = new Encrypter(encryptionParameters, keyEncryptionParameters);
    encrypter.setKeyPlacement(Encrypter.KeyPlacement.INLINE);

    try {
        return encrypter.encrypt(assertion);
    } catch (EncryptionException e) {
        throw new RuntimeException(e);
    }
}
 
Example #2
Source File: XmlSecOutInterceptor.java    From cxf with Apache License 2.0 5 votes vote down vote up
public void setSymmetricEncAlgorithm(String algo) {
    if (!(algo.startsWith(EncryptionConstants.EncryptionSpecNS)
        || algo.startsWith(EncryptionConstants.EncryptionSpec11NS))) {
        algo = EncryptionConstants.EncryptionSpecNS + algo;
    }
    encryptionProperties.setEncryptionSymmetricKeyAlgo(algo);
}
 
Example #3
Source File: XmlEncOutInterceptor.java    From cxf with Apache License 2.0 5 votes vote down vote up
public void setSymmetricEncAlgorithm(String algo) {
    if (!(algo.startsWith(EncryptionConstants.EncryptionSpecNS)
        || algo.startsWith(EncryptionConstants.EncryptionSpec11NS))) {
        algo = EncryptionConstants.EncryptionSpecNS + algo;
    }
    encProps.setEncryptionSymmetricKeyAlgo(algo);
}
 
Example #4
Source File: XMLEncryptionUtil.java    From keycloak with Apache License 2.0 4 votes vote down vote up
/**
 * Given an element in a Document, encrypt the element and replace the element in the document with the encrypted
 * data
 *
 * @param elementQName QName of the element that we like to encrypt
 * @param document
 * @param publicKey
 * @param secretKey
 * @param keySize
 * @param wrappingElementQName A QName of an element that will wrap the encrypted element
 * @param addEncryptedKeyInKeyInfo Need for the EncryptedKey to be placed in ds:KeyInfo
 *
 * @throws ProcessingException
 */
public static void encryptElement(QName elementQName, Document document, PublicKey publicKey, SecretKey secretKey,
                                  int keySize, QName wrappingElementQName, boolean addEncryptedKeyInKeyInfo) throws ProcessingException {
    if (elementQName == null)
        throw logger.nullArgumentError("elementQName");
    if (document == null)
        throw logger.nullArgumentError("document");
    String wrappingElementPrefix = wrappingElementQName.getPrefix();
    if (wrappingElementPrefix == null || "".equals(wrappingElementPrefix))
        throw logger.wrongTypeError("Wrapping element prefix invalid");

    Element documentElement = DocumentUtil.getElement(document, elementQName);

    if (documentElement == null)
        throw logger.domMissingDocElementError(elementQName.toString());

    XMLCipher cipher = null;
    EncryptedKey encryptedKey = encryptKey(document, secretKey, publicKey, keySize);

    String encryptionAlgorithm = getXMLEncryptionURL(secretKey.getAlgorithm(), keySize);
    // Encrypt the Document
    try {
        cipher = XMLCipher.getInstance(encryptionAlgorithm);
        cipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
    } catch (XMLEncryptionException e1) {
        throw logger.processingError(e1);
    }

    Document encryptedDoc;
    try {
        encryptedDoc = cipher.doFinal(document, documentElement);
    } catch (Exception e) {
        throw logger.processingError(e);
    }

    // The EncryptedKey element is added
    Element encryptedKeyElement = cipher.martial(document, encryptedKey);

    final String wrappingElementName;

    if (StringUtil.isNullOrEmpty(wrappingElementPrefix)) {
        wrappingElementName = wrappingElementQName.getLocalPart();
    } else {
        wrappingElementName = wrappingElementPrefix + ":" + wrappingElementQName.getLocalPart();
    }
    // Create the wrapping element and set its attribute NS
    Element wrappingElement = encryptedDoc.createElementNS(wrappingElementQName.getNamespaceURI(), wrappingElementName);

    if (! StringUtil.isNullOrEmpty(wrappingElementPrefix)) {
        wrappingElement.setAttributeNS(XMLConstants.XMLNS_ATTRIBUTE_NS_URI, "xmlns:" + wrappingElementPrefix, wrappingElementQName.getNamespaceURI());
    }

    // Get Hold of the Cipher Data
    NodeList cipherElements = encryptedDoc.getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_ENCRYPTEDDATA);
    if (cipherElements == null || cipherElements.getLength() == 0)
        throw logger.domMissingElementError("xenc:EncryptedData");
    Element encryptedDataElement = (Element) cipherElements.item(0);

    Node parentOfEncNode = encryptedDataElement.getParentNode();
    parentOfEncNode.replaceChild(wrappingElement, encryptedDataElement);

    wrappingElement.appendChild(encryptedDataElement);

    if (addEncryptedKeyInKeyInfo) {
        // Outer ds:KeyInfo Element to hold the EncryptionKey
        Element sigElement = encryptedDoc.createElementNS(XMLSignature.XMLNS, DS_KEY_INFO);
        sigElement.setAttributeNS(XMLConstants.XMLNS_ATTRIBUTE_NS_URI, "xmlns:ds", XMLSignature.XMLNS);
        sigElement.appendChild(encryptedKeyElement);

        // Insert the Encrypted key before the CipherData element
        NodeList nodeList = encryptedDoc.getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_CIPHERDATA);
        if (nodeList == null || nodeList.getLength() == 0)
            throw logger.domMissingElementError("xenc:CipherData");
        Element cipherDataElement = (Element) nodeList.item(0);
        Node cipherParent = cipherDataElement.getParentNode();
        cipherParent.insertBefore(sigElement, cipherDataElement);
    } else {
        // Add the encrypted key as a child of the wrapping element
        wrappingElement.appendChild(encryptedKeyElement);
    }
}
 
Example #5
Source File: XMLEncryptionUtil.java    From keycloak with Apache License 2.0 4 votes vote down vote up
/**
 * <p>
 * Encrypts an element in a XML document using the specified public key, secret key, and key size. This method
 * doesn't wrap
 * the encrypted element in a new element. Instead, it replaces the element with its encrypted version.
 * </p>
 * <p>
 * For example, calling this method to encrypt the <tt><b>inner</b></tt> element in the following XML document
 *
 * <pre>
 *    &lt;root&gt;
 *       &lt;outer&gt;
 *          &lt;inner&gt;
 *             ...
 *          &lt;/inner&gt;
 *       &lt;/outer&gt;
 *    &lt;/root&gt;
 * </pre>
 *
 * would result in a document similar to
 *
 * <pre>
 *    &lt;root&gt;
 *       &lt;outer&gt;
 *          &lt;xenc:EncryptedData xmlns:xenc="..."&gt;
 *             ...
 *          &lt;/xenc:EncryptedData&gt;
 *       &lt;/outer&gt;
 *    &lt;/root&gt;
 * </pre>
 *
 * </p>
 *
 * @param document the {@code Document} that contains the element to be encrypted.
 * @param element the {@code Element} to be encrypted.
 * @param publicKey the {@code PublicKey} that must be used to encrypt the secret key.
 * @param secretKey the {@code SecretKey} used to encrypt the specified element.
 * @param keySize the size (in bits) of the secret key.
 *
 * @throws ProcessingException if an error occurs while encrypting the element with the specified params.
 */
public static void encryptElement(Document document, Element element, PublicKey publicKey, SecretKey secretKey, int keySize)
        throws ProcessingException {
    if (element == null)
        throw logger.nullArgumentError("element");
    if (document == null)
        throw logger.nullArgumentError("document");

    XMLCipher cipher = null;
    EncryptedKey encryptedKey = encryptKey(document, secretKey, publicKey, keySize);
    String encryptionAlgorithm = getXMLEncryptionURL(secretKey.getAlgorithm(), keySize);

    // Encrypt the Document
    try {
        cipher = XMLCipher.getInstance(encryptionAlgorithm);
        cipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
    } catch (XMLEncryptionException e1) {
        throw logger.processingError(e1);
    }

    Document encryptedDoc;
    try {
        encryptedDoc = cipher.doFinal(document, element);
    } catch (Exception e) {
        throw logger.processingError(e);
    }

    // The EncryptedKey element is added
    Element encryptedKeyElement = cipher.martial(document, encryptedKey);

    // Outer ds:KeyInfo Element to hold the EncryptionKey
    Element sigElement = encryptedDoc.createElementNS(XMLSignature.XMLNS, DS_KEY_INFO);
    sigElement.setAttributeNS(XMLConstants.XMLNS_ATTRIBUTE_NS_URI, "xmlns:ds", XMLSignature.XMLNS);
    sigElement.appendChild(encryptedKeyElement);

    // Insert the Encrypted key before the CipherData element
    NodeList nodeList = encryptedDoc.getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_CIPHERDATA);
    if (nodeList == null || nodeList.getLength() == 0)
        throw logger.domMissingElementError("xenc:CipherData");
    Element cipherDataElement = (Element) nodeList.item(0);
    Node cipherParent = cipherDataElement.getParentNode();
    cipherParent.insertBefore(sigElement, cipherDataElement);
}
 
Example #6
Source File: XMLEncryptionUtil.java    From keycloak with Apache License 2.0 4 votes vote down vote up
/**
 * Encrypt the root document element inside a Document. <b>NOTE:</b> The document root element will be replaced by
 * the
 * wrapping element.
 *
 * @param document Document that contains an element to encrypt
 * @param publicKey The Public Key used to encrypt the secret encryption key
 * @param secretKey The secret encryption key
 * @param keySize Length of key
 * @param wrappingElementQName QName of the element to be used to wrap around the cipher data.
 * @param addEncryptedKeyInKeyInfo Should the encrypted key be inside a KeyInfo or added as a peer of Cipher Data
 *
 * @return An element that has the wrappingElementQName
 *
 * @throws ProcessingException
 * @throws org.keycloak.saml.common.exceptions.ConfigurationException
 */
public static Element encryptElementInDocument(Document document, PublicKey publicKey, SecretKey secretKey, int keySize,
                                               QName wrappingElementQName, boolean addEncryptedKeyInKeyInfo) throws ProcessingException, ConfigurationException {
    String wrappingElementPrefix = wrappingElementQName.getPrefix();
    if (wrappingElementPrefix == null || "".equals(wrappingElementPrefix))
        throw logger.wrongTypeError("Wrapping element prefix invalid");

    XMLCipher cipher = null;
    EncryptedKey encryptedKey = encryptKey(document, secretKey, publicKey, keySize);

    String encryptionAlgorithm = getXMLEncryptionURL(secretKey.getAlgorithm(), keySize);
    // Encrypt the Document
    try {
        cipher = XMLCipher.getInstance(encryptionAlgorithm);
        cipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
    } catch (XMLEncryptionException e1) {
        throw logger.configurationError(e1);
    }

    Document encryptedDoc;
    try {
        encryptedDoc = cipher.doFinal(document, document.getDocumentElement());
    } catch (Exception e) {
        throw logger.processingError(e);
    }

    // The EncryptedKey element is added
    Element encryptedKeyElement = cipher.martial(document, encryptedKey);

    final String wrappingElementName;

    if (StringUtil.isNullOrEmpty(wrappingElementPrefix)) {
        wrappingElementName = wrappingElementQName.getLocalPart();
    } else {
        wrappingElementName = wrappingElementPrefix + ":" + wrappingElementQName.getLocalPart();
    }
    // Create the wrapping element and set its attribute NS
    Element wrappingElement = encryptedDoc.createElementNS(wrappingElementQName.getNamespaceURI(), wrappingElementName);

    if (! StringUtil.isNullOrEmpty(wrappingElementPrefix)) {
        wrappingElement.setAttributeNS(XMLConstants.XMLNS_ATTRIBUTE_NS_URI, "xmlns:" + wrappingElementPrefix, wrappingElementQName.getNamespaceURI());
    }

    Element encryptedDocRootElement = encryptedDoc.getDocumentElement();
    // Bring in the encrypted wrapping element to wrap the root node
    encryptedDoc.replaceChild(wrappingElement, encryptedDocRootElement);

    wrappingElement.appendChild(encryptedDocRootElement);

    if (addEncryptedKeyInKeyInfo) {
        // Outer ds:KeyInfo Element to hold the EncryptionKey
        Element sigElement = encryptedDoc.createElementNS(XMLSignature.XMLNS, DS_KEY_INFO);
        sigElement.setAttributeNS(XMLConstants.XMLNS_ATTRIBUTE_NS_URI, "xmlns:ds", XMLSignature.XMLNS);
        sigElement.appendChild(encryptedKeyElement);

        // Insert the Encrypted key before the CipherData element
        NodeList nodeList = encryptedDocRootElement.getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_CIPHERDATA);
        if (nodeList == null || nodeList.getLength() == 0)
            throw logger.domMissingElementError("xenc:CipherData");

        Element cipherDataElement = (Element) nodeList.item(0);
        encryptedDocRootElement.insertBefore(sigElement, cipherDataElement);
    } else {
        // Add the encrypted key as a child of the wrapping element
        wrappingElement.appendChild(encryptedKeyElement);
    }

    return encryptedDoc.getDocumentElement();
}