org.apache.xml.security.algorithms.JCEMapper Java Examples

public static MessageDigest getDigestInstance(String algorithmURI) throws NoSuchAlgorithmException {
   String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI);
   if (algorithmID == null) {
      throw new NoSuchAlgorithmException("Could not translate algorithmURI [" + algorithmURI + "]");
   } else {
      String provider = JCEMapper.getProviderId();

      try {
         MessageDigest md;
         if (provider == null) {
            md = MessageDigest.getInstance(algorithmID);
         } else {
            md = MessageDigest.getInstance(algorithmID, provider);
         }

         return md;
      } catch (NoSuchProviderException var5) {
         throw new NoSuchAlgorithmException("Could not find provider for [" + algorithmID + "]", var5);
      }
   }
}
 

@Override
public MessageDigest getEngine(String digestAlgorithmURI) throws UnsupportedAlgorithmException
{

    String digestAlgorithmName = JCEMapper.translateURItoJCEID(digestAlgorithmURI);
    if (null == digestAlgorithmName) {
        throw new UnsupportedAlgorithmException("Digest algorithm not supported by the provider", digestAlgorithmURI);
    }
    try {
        return this.messageDigestProvider == null ?
                MessageDigest.getInstance(digestAlgorithmName) :
                MessageDigest.getInstance(digestAlgorithmName, this.messageDigestProvider);
    } catch (NoSuchAlgorithmException nsae) {
        throw new UnsupportedAlgorithmException(nsae.getMessage(), digestAlgorithmURI, nsae);
    } catch (NoSuchProviderException nspe) {
        // We checked that the provider existed on construction, but throw anyway
        throw new UnsupportedAlgorithmException("Provider not available", digestAlgorithmURI, nspe);
    }
}
 

public static MessageDigest getDigestInstance(String algorithmURI) throws NoSuchAlgorithmException {
   String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI);
   if (algorithmID == null) {
      throw new NoSuchAlgorithmException("Could not translate algorithmURI [" + algorithmURI + "]");
   } else {
      String provider = JCEMapper.getProviderId();

      try {
         MessageDigest md;
         if (provider == null) {
            md = MessageDigest.getInstance(algorithmID);
         } else {
            md = MessageDigest.getInstance(algorithmID, provider);
         }

         return md;
      } catch (NoSuchProviderException var5) {
         throw new NoSuchAlgorithmException("Could not find provider for [" + algorithmID + "]", var5);
      }
   }
}
 

/**
 * Get the length of the key indicated by the algorithm URI, if applicable and available.
 * 
 * @param algorithmURI the algorithm URI to evaluate
 * @return the length of the key indicated by the algorithm URI, or null if the length is either unavailable or
 *         indeterminable from the URI
 */
public static Integer getKeyLengthFromURI(String algorithmURI) {
    Logger log = getLogger();
    String algoClass = DatatypeHelper.safeTrimOrNullString(JCEMapper.getAlgorithmClassFromURI(algorithmURI));

    if (ApacheXMLSecurityConstants.ALGO_CLASS_BLOCK_ENCRYPTION.equals(algoClass)
            || ApacheXMLSecurityConstants.ALGO_CLASS_SYMMETRIC_KEY_WRAP.equals(algoClass)) {

        try {
            int keyLength = JCEMapper.getKeyLengthFromURI(algorithmURI);
            return new Integer(keyLength);
        } catch (NumberFormatException e) {
            log.warn("XML Security config contained invalid key length value for algorithm URI: " + algorithmURI);
        }
    }

    log.info("Mapping from algorithm URI {} to key length not available", algorithmURI);
    return null;
}
 

public static MessageDigest getDigestInstance(String algorithmURI) throws NoSuchAlgorithmException {
   String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI);
   if (algorithmID == null) {
      throw new NoSuchAlgorithmException("Could not translate algorithmURI [" + algorithmURI + "]");
   } else {
      String provider = JCEMapper.getProviderId();

      try {
         MessageDigest md;
         if (provider == null) {
            md = MessageDigest.getInstance(algorithmID);
         } else {
            md = MessageDigest.getInstance(algorithmID, provider);
         }

         return md;
      } catch (NoSuchProviderException var5) {
         throw new NoSuchAlgorithmException("Could not find provider for [" + algorithmID + "]", var5);
      }
   }
}
 

public static MessageDigest getDigestInstance(String algorithmURI) throws NoSuchAlgorithmException {
   String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI);
   if (algorithmID == null) {
      throw new NoSuchAlgorithmException("Could not translate algorithmURI [" + algorithmURI + "]");
   } else {
      String provider = JCEMapper.getProviderId();

      try {
         MessageDigest md;
         if (provider == null) {
            md = MessageDigest.getInstance(algorithmID);
         } else {
            md = MessageDigest.getInstance(algorithmID, provider);
         }

         return md;
      } catch (NoSuchProviderException var5) {
         throw new NoSuchAlgorithmException("Could not find provider for [" + algorithmID + "]", var5);
      }
   }
}
 

public static MessageDigest getDigestInstance(String algorithmURI) throws NoSuchAlgorithmException {
   String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI);
   if (algorithmID == null) {
      throw new NoSuchAlgorithmException("Could not translate algorithmURI [" + algorithmURI + "]");
   } else {
      String provider = JCEMapper.getProviderId();

      try {
         MessageDigest md;
         if (provider == null) {
            md = MessageDigest.getInstance(algorithmID);
         } else {
            md = MessageDigest.getInstance(algorithmID, provider);
         }

         return md;
      } catch (NoSuchProviderException var5) {
         throw new NoSuchAlgorithmException("Could not find provider for [" + algorithmID + "]", var5);
      }
   }
}
 

private SignRequest generateSignRequest(String requestId, String digestAlgoURI, byte[] transformed) throws TechnicalConnectorException {
   SignRequest request = new SignRequest();
   request.setRequestID(requestId);
   request.setProfile(SignatureUtils.getOption("SignatureTimestampProfile", this.options, "urn:ehealth:profiles:timestamping:2.1-cert"));
   InputDocuments inputDocuments = new InputDocuments();
   DocumentHash docHash = new DocumentHash();
   docHash.setDigestMethod(new DigestMethod());
   docHash.getDigestMethod().setAlgorithm(digestAlgoURI);
   docHash.setDigestValue(ConnectorCryptoUtils.calculateDigest(JCEMapper.translateURItoJCEID(digestAlgoURI), transformed));
   inputDocuments.getDocumentHash().add(docHash);
   request.setInputDocuments(inputDocuments);
   return request;
}
 

private void validateSeparateSignature(Idp idp, String sigAlg, String signature, String relayState,
                                       String samlRequest, String realm) throws Exception {
    // Check signature
    X509Certificate validatingCert = getValidatingCertificate(idp, realm);

    // Process the received SigAlg parameter - fall back to RSA SHA1
    String processedSigAlg = null;
    if (sigAlg != null && SIG_ALGS.contains(sigAlg)) {
        processedSigAlg = sigAlg;
    } else {
        LOG.debug("Supplied SigAlg parameter is either null or not known, so falling back to use RSA-SHA1");
        processedSigAlg = SSOConstants.RSA_SHA1;
    }

    java.security.Signature sig =
        java.security.Signature.getInstance(JCEMapper.translateURItoJCEID(processedSigAlg));
    sig.initVerify(validatingCert);

    // Recreate request to sign
    String requestToSign =
            SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(samlRequest, StandardCharsets.UTF_8.name())
            + "&" + SSOConstants.RELAY_STATE + "=" + URLEncoder.encode(relayState, StandardCharsets.UTF_8.name())
            + "&" + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(processedSigAlg, StandardCharsets.UTF_8.name());

    sig.update(requestToSign.getBytes(StandardCharsets.UTF_8));

    if (!sig.verify(Base64.getDecoder().decode(signature))) {
        LOG.debug("Signature validation failed");
        throw new ProcessingException(TYPE.BAD_REQUEST);
    }
}
 

public void init() {
    X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
    keyInfoGeneratorFactory.setEmitEntityCertificate(true);
    keyInfoGenerator = keyInfoGeneratorFactory.newInstance();

    // Try to load a signature algorithm
    if (loader.getSignatureAlgorithm() != null) {
        SignatureAlgorithm loadedSignatureAlgorithm =
                SignatureAlgorithm.valueOf(loader.getSignatureAlgorithm());
        sigAlgo = loadedSignatureAlgorithm.getAlgorithm();
        jceSigAlgo = JCEMapper.translateURItoJCEID(sigAlgo);
        if (jceSigAlgo == null) {
            LOG.warn("Signature algorithm {} is not valid. Using default algorithm instead.",
                    loader.getSignatureAlgorithm());
            sigAlgo = null;
        }
    }

    if (sigAlgo == null) {
        sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
        String pubKeyAlgo = loader.getCredential().getPublicKey().getAlgorithm();
        if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
            sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA_SHA1;
        } else if (pubKeyAlgo.equalsIgnoreCase("EC")) {
            sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1;
        }
        jceSigAlgo = JCEMapper.translateURItoJCEID(sigAlgo);
    }

    callbackHandler = new SAMLSPCallbackHandler(loader.getKeyPass());
}
 

/**
 * Get the Java security JCA/JCE key algorithm specifier associated with an algorithm URI.
 * 
 * @param algorithmURI the algorithm URI to evaluate
 * @return the Java key algorithm specifier, or null if the mapping is unavailable or indeterminable from the URI
 */
public static String getKeyAlgorithmFromURI(String algorithmURI) {
    // The default Apache config file currently only includes the key algorithm for
    // the block ciphers and key wrap URI's. Note: could use a custom config file which contains others.
    String apacheValue = DatatypeHelper.safeTrimOrNullString(JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI));
    if (apacheValue != null) {
        return apacheValue;
    }

    // HMAC uses any symmetric key, so there is no implied specific key algorithm
    if (isHMAC(algorithmURI)) {
        return null;
    }

    // As a last ditch fallback, check some known common and supported ones.
    if (rsaAlgorithmURIs.contains(algorithmURI)) {
        return "RSA";
    }
    if (dsaAlgorithmURIs.contains(algorithmURI)) {
        return "DSA";
    }
    if (ecdsaAlgorithmURIs.contains(algorithmURI)) {
        return "EC";
    }

    return null;
}
 

public byte[] getDigestValue() {
   try {
      return ConnectorCryptoUtils.calculateDigest(JCEMapper.translateURItoJCEID("http://www.w3.org/2001/04/xmlenc#sha256"), this.getEncoded());
   } catch (Exception var2) {
      throw new IllegalArgumentException(var2);
   }
}
 

public byte[] getDigestValue() {
   try {
      return ConnectorCryptoUtils.calculateDigest(JCEMapper.translateURItoJCEID("http://www.w3.org/2001/04/xmlenc#sha256"), this.getEncoded());
   } catch (Exception var2) {
      throw new IllegalArgumentException(var2);
   }
}
 

private SignRequest generateSignRequest(String requestId, String digestAlgoURI, byte[] transformed) throws TechnicalConnectorException {
   SignRequest request = new SignRequest();
   request.setRequestID(requestId);
   request.setProfile((String)SignatureUtils.getOption("SignatureTimestampProfile", this.options, "urn:ehealth:profiles:timestamping:2.1-cert"));
   InputDocuments inputDocuments = new InputDocuments();
   DocumentHash docHash = new DocumentHash();
   docHash.setDigestMethod(new DigestMethod());
   docHash.getDigestMethod().setAlgorithm(digestAlgoURI);
   docHash.setDigestValue(ConnectorCryptoUtils.calculateDigest(JCEMapper.translateURItoJCEID(digestAlgoURI), transformed));
   inputDocuments.getDocumentHash().add(docHash);
   request.setInputDocuments(inputDocuments);
   return request;
}
 

public byte[] getDigestValue() {
   try {
      return ConnectorCryptoUtils.calculateDigest(JCEMapper.translateURItoJCEID("http://www.w3.org/2001/04/xmlenc#sha256"), this.getEncoded());
   } catch (Exception var2) {
      throw new IllegalArgumentException(var2);
   }
}
 

private SignRequest generateSignRequest(String requestId, String digestAlgoURI, byte[] transformed) throws TechnicalConnectorException {
   SignRequest request = new SignRequest();
   request.setRequestID(requestId);
   request.setProfile((String)SignatureUtils.getOption("SignatureTimestampProfile", this.options, "urn:ehealth:profiles:timestamping:2.1-cert"));
   InputDocuments inputDocuments = new InputDocuments();
   DocumentHash docHash = new DocumentHash();
   docHash.setDigestMethod(new DigestMethod());
   docHash.getDigestMethod().setAlgorithm(digestAlgoURI);
   docHash.setDigestValue(ConnectorCryptoUtils.calculateDigest(JCEMapper.translateURItoJCEID(digestAlgoURI), transformed));
   inputDocuments.getDocumentHash().add(docHash);
   request.setInputDocuments(inputDocuments);
   return request;
}
 

public byte[] getDigestValue() {
   try {
      return ConnectorCryptoUtils.calculateDigest(JCEMapper.translateURItoJCEID("http://www.w3.org/2001/04/xmlenc#sha256"), this.getEncoded());
   } catch (Exception var2) {
      throw new IllegalArgumentException(var2);
   }
}
 

private SignRequest generateSignRequest(String requestId, String digestAlgoURI, byte[] transformed) throws TechnicalConnectorException {
   SignRequest request = new SignRequest();
   request.setRequestID(requestId);
   request.setProfile((String)SignatureUtils.getOption("SignatureTimestampProfile", this.options, "urn:ehealth:profiles:timestamping:2.1-cert"));
   InputDocuments inputDocuments = new InputDocuments();
   DocumentHash docHash = new DocumentHash();
   docHash.setDigestMethod(new DigestMethod());
   docHash.getDigestMethod().setAlgorithm(digestAlgoURI);
   docHash.setDigestValue(ConnectorCryptoUtils.calculateDigest(JCEMapper.translateURItoJCEID(digestAlgoURI), transformed));
   inputDocuments.getDocumentHash().add(docHash);
   request.setInputDocuments(inputDocuments);
   return request;
}
 

public byte[] getDigestValue() {
   try {
      return ConnectorCryptoUtils.calculateDigest(JCEMapper.translateURItoJCEID("http://www.w3.org/2001/04/xmlenc#sha256"), this.getEncoded());
   } catch (Exception var2) {
      throw new IllegalArgumentException(var2);
   }
}
 

private SignRequest generateSignRequest(String requestId, String digestAlgoURI, byte[] transformed) throws TechnicalConnectorException {
   SignRequest request = new SignRequest();
   request.setRequestID(requestId);
   request.setProfile((String)SignatureUtils.getOption("SignatureTimestampProfile", this.options, "urn:ehealth:profiles:timestamping:2.1-cert"));
   InputDocuments inputDocuments = new InputDocuments();
   DocumentHash docHash = new DocumentHash();
   docHash.setDigestMethod(new DigestMethod());
   docHash.getDigestMethod().setAlgorithm(digestAlgoURI);
   docHash.setDigestValue(ConnectorCryptoUtils.calculateDigest(JCEMapper.translateURItoJCEID(digestAlgoURI), transformed));
   inputDocuments.getDocumentHash().add(docHash);
   request.setInputDocuments(inputDocuments);
   return request;
}
 

/**
 * Dynamically initialise the library by registering the default
 * algorithms/implementations
 */
private static void dynamicInit() {
	//
	// Load the Resource Bundle - the default is the English resource bundle.
	// To load another resource bundle, call I18n.init(...) before calling this
	// method.
	//
	I18n.init("en", "US");

	if (LOG.isDebugEnabled()) {
		LOG.debug("Registering default algorithms");
	}
	try {
		//
		// Bind the default prefixes
		//
		ElementProxy.registerDefaultPrefixes();
	} catch (XMLSecurityException ex) {
		LOG.error(ex.getMessage(), ex);
	}

	//
	// Set the default Transforms
	//
	Transform.registerDefaultAlgorithms();

	//
	// Set the default signature algorithms
	//
	SignatureAlgorithm.registerDefaultAlgorithms();

	//
	// Set the default JCE algorithms
	//
	JCEMapper.registerDefaultAlgorithms();

	//
	// Set the default c14n algorithms
	//
	Canonicalizer.registerDefaultAlgorithms();

	//
	// Register the default resolvers (custom)
	//
	registerDefaultResolvers();

	//
	// Register the default key resolvers
	//
	KeyResolver.registerDefaultResolvers();
}
 

protected void storeSecurityToken(AbstractToken policyToken, SecurityToken tok) {
    SecurityTokenConstants.TokenType tokenType = WSSecurityTokenConstants.EncryptedKeyToken;
    if (tok.getTokenType() != null) {
        if (tok.getTokenType().startsWith(WSSConstants.NS_KERBEROS11_TOKEN_PROFILE)) {
            tokenType = WSSecurityTokenConstants.KERBEROS_TOKEN;
        } else if (tok.getTokenType().startsWith(WSSConstants.NS_SAML10_TOKEN_PROFILE)
            || tok.getTokenType().startsWith(WSSConstants.NS_SAML11_TOKEN_PROFILE)) {
            tokenType = WSSecurityTokenConstants.SAML_11_TOKEN;
        } else if (tok.getTokenType().startsWith(WSSConstants.NS_WSC_05_02)
            || tok.getTokenType().startsWith(WSSConstants.NS_WSC_05_12)) {
            tokenType = WSSecurityTokenConstants.SECURE_CONVERSATION_TOKEN;
        }
    }

    final Key key = tok.getKey();
    final byte[] secret = tok.getSecret();
    final X509Certificate[] certs = new X509Certificate[1];
    if (tok.getX509Certificate() != null) {
        certs[0] = tok.getX509Certificate();
    }

    final GenericOutboundSecurityToken encryptedKeySecurityToken =
        new GenericOutboundSecurityToken(tok.getId(), tokenType, key, certs) {

            @Override
            public Key getSecretKey(String algorithmURI) throws XMLSecurityException {
                if (secret != null && algorithmURI != null && !"".equals(algorithmURI)) {
                    return KeyUtils.prepareSecretKey(algorithmURI, secret);
                }
                if (key != null) {
                    return key;
                }
                if (secret != null) {
                    String jceAlg = JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
                    if (jceAlg == null || "".equals(jceAlg)) {
                        jceAlg = "HmacSHA1";
                    }
                    return new SecretKeySpec(secret, jceAlg);
                }

                return super.getSecretKey(algorithmURI);
            }
        };

    // Store a DOM Element reference if it exists
    Element ref;
    if (isTokenRequired(policyToken.getIncludeTokenType())) {
        ref = tok.getAttachedReference();
    } else {
        ref = tok.getUnattachedReference();
    }

    if (ref != null && policyToken instanceof IssuedToken) {
        encryptedKeySecurityToken.setCustomTokenReference(ref);
    }
    final SecurityTokenProvider<OutboundSecurityToken> encryptedKeySecurityTokenProvider =
        new SecurityTokenProvider<OutboundSecurityToken>() {

            @Override
            public OutboundSecurityToken getSecurityToken() throws XMLSecurityException {
                return encryptedKeySecurityToken;
            }

            @Override
            public String getId() {
                return encryptedKeySecurityToken.getId();
            }

        };
    encryptedKeySecurityToken.setSha1Identifier(tok.getSHA1());

    outboundSecurityContext.registerSecurityTokenProvider(
            encryptedKeySecurityTokenProvider.getId(), encryptedKeySecurityTokenProvider);
    outboundSecurityContext.put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION,
            encryptedKeySecurityTokenProvider.getId());
    outboundSecurityContext.put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE,
            encryptedKeySecurityTokenProvider.getId());
    outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_CUSTOM_TOKEN,
            encryptedKeySecurityTokenProvider.getId());
}
 

/**
 * Sign a request according to the redirect binding spec for Web SSO
 */
private void signRequest(
    String authnRequest,
    String relayState,
    UriBuilder ub
) throws Exception {
    Crypto crypto = getSignatureCrypto();
    if (crypto == null) {
        LOG.warning("No crypto instance of properties file configured for signature");
        throw ExceptionUtils.toInternalServerErrorException(null, null);
    }
    String signatureUser = getSignatureUsername();
    if (signatureUser == null) {
        LOG.warning("No user configured for signature");
        throw ExceptionUtils.toInternalServerErrorException(null, null);
    }
    CallbackHandler callbackHandler = getCallbackHandler();
    if (callbackHandler == null) {
        LOG.warning("No CallbackHandler configured to supply a password for signature");
        throw ExceptionUtils.toInternalServerErrorException(null, null);
    }

    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
    cryptoType.setAlias(signatureUser);
    X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
    if (issuerCerts == null) {
        throw new Exception(
            "No issuer certs were found to sign the request using name: " + signatureUser
        );
    }

    String sigAlgo = getSignatureAlgorithm();
    String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
    LOG.fine("automatic sig algo detection: " + pubKeyAlgo);
    if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
        sigAlgo = SSOConstants.DSA_SHA1;
    }

    LOG.fine("Using Signature algorithm " + sigAlgo);
    ub.queryParam(SSOConstants.SIG_ALG, URLEncoder.encode(sigAlgo, StandardCharsets.UTF_8.name()));

    // Get the password
    WSPasswordCallback[] cb = {new WSPasswordCallback(signatureUser, WSPasswordCallback.SIGNATURE)};
    callbackHandler.handle(cb);
    String password = cb[0].getPassword();

    // Get the private key
    PrivateKey privateKey = crypto.getPrivateKey(signatureUser, password);

    // Sign the request
    String jceSigAlgo = JCEMapper.translateURItoJCEID(sigAlgo);
    Signature signature = Signature.getInstance(jceSigAlgo);
    signature.initSign(privateKey);

    String requestToSign =
        SSOConstants.SAML_REQUEST + "=" + authnRequest + "&"
        + SSOConstants.RELAY_STATE + "=" + relayState + "&"
        + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(sigAlgo, StandardCharsets.UTF_8.name());

    signature.update(requestToSign.getBytes(StandardCharsets.UTF_8));
    byte[] signBytes = signature.sign();

    String encodedSignature = Base64.getEncoder().encodeToString(signBytes);

    // Clean the private key from memory when we're done
    try {
        privateKey.destroy();
    } catch (DestroyFailedException ex) {
        // ignore
    }

    ub.queryParam(SSOConstants.SIGNATURE, URLEncoder.encode(encodedSignature, StandardCharsets.UTF_8.name()));

}
 

/**
 * Randomly generates a Java JCE symmetric Key object from the specified XML Encryption algorithm URI.
 * 
 * @param algoURI  The XML Encryption algorithm URI
 * @return a randomly-generated symmteric key
 * @throws NoSuchProviderException  provider not found
 * @throws NoSuchAlgorithmException algorithm not found
 */
public static SecretKey generateKeyFromURI(String algoURI) 
        throws NoSuchAlgorithmException, NoSuchProviderException {
    String jceAlgorithmName = JCEMapper.getJCEKeyAlgorithmFromURI(algoURI);
    int keyLength = JCEMapper.getKeyLengthFromURI(algoURI);
    return generateKey(jceAlgorithmName, keyLength, null);
}
 

/**
 * Get the Java security JCA/JCE algorithm identifier associated with an algorithm URI.
 * 
 * @param algorithmURI the algorithm URI to evaluate
 * @return the Java algorithm identifier, or null if the mapping is unavailable or indeterminable from the URI
 */
public static String getAlgorithmIDFromURI(String algorithmURI) {
    return DatatypeHelper.safeTrimOrNullString(JCEMapper.translateURItoJCEID(algorithmURI));
}
 

/**
 * Check whether the signature method algorithm URI indicates HMAC.
 * 
 * @param signatureAlgorithm the signature method algorithm URI
 * @return true if URI indicates HMAC, false otherwise
 */
public static boolean isHMAC(String signatureAlgorithm) {
    String algoClass = DatatypeHelper.safeTrimOrNullString(JCEMapper.getAlgorithmClassFromURI(signatureAlgorithm));
    return ApacheXMLSecurityConstants.ALGO_CLASS_MAC.equals(algoClass);
}
 

/**
 * Randomly generates a Java JCE KeyPair object from the specified XML Encryption algorithm URI.
 * 
 * @param algoURI  The XML Encryption algorithm URI
 * @param keyLength  the length of key to generate
 * @return a randomly-generated KeyPair
 * @throws NoSuchProviderException  provider not found
 * @throws NoSuchAlgorithmException  algorithm not found
 */
public static KeyPair generateKeyPairFromURI(String algoURI, int keyLength) 
        throws NoSuchAlgorithmException, NoSuchProviderException {
    String jceAlgorithmName = JCEMapper.getJCEKeyAlgorithmFromURI(algoURI);
    return generateKeyPair(jceAlgorithmName, keyLength, null);
}