/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: FMEncProvider.java,v 1.5 2008/06/25 05:48:03 qcheng Exp $
*
* Portions Copyrighted 2014-2015 ForgeRock AS.
*/
/**
* <code>FMEncProvier</code> is a class for encrypting and
* decrypting XML documents, it implements <code>EncProvider</code>.
*/
/**
* A static map contains the recipients' entity IDs as
* the indices and symmetric keys as values. Symmetric key
* generation each time is expensive operation. Using the
* same key for each recipient is provided as an option
* here.
*/
/**
* A hidden property to switch between two encryption formats.
* If true, will have a ds:KeyInfo Element inside xenc:EncryptedData
* which will include the xenc:EncryptedKey Element (as defined in
* XML Encryption Specification). If false, will have xenc:EncryptedKey
* Element parallels to xenc:EncryptedData (as defined in SAML2
* profile specification). Default to true if not specified.
*/
private static boolean encryptedKeyInKeyInfo = true;
static {
"com.sun.identity.saml.xmlenc.encryptedKeyInKeyInfo");
encryptedKeyInKeyInfo = false;
}
}
/**
* Encrypts the root element of the given XML document.
* @param xmlString String representing an XML document whose root
* element is to be encrypted.
* @param recipientPublicKey Public key used to encrypt the data encryption
* (secret) key, it is the public key of the
* recipient of the XML document to be encrypted.
* @param dataEncAlgorithm Data encryption algorithm.
* @param dataEncStrength Data encryption strength.
* @param recipientEntityID Unique identifier of the recipient, it is used
* as the index to the cached secret key so that
* the key can be reused for the same recipient;
* It can be null in which case the secret key will
* be generated every time and will not be cached
* and reused. Note that the generation of a secret
* key is a relatively expensive operation.
* @param outerElementName Name of the element that will wrap around the
* encrypted data and encrypted key(s) sub-elements
* @return org.w3c.dom.Element Root element of the encypted document; The
* name of this root element is indicated by
* the last input parameter
* @exception SAML2Exception if there is an error during the encryption
* process
*/
int dataEncStrength,
throws SAML2Exception {
}
/**
* Encrypts the root element of the given XML document.
* @param xmlString String representing an XML document whose root
* element is to be encrypted.
* @param recipientPublicKey Public key used to encrypt the data encryption
* (secret) key, it is the public key of the
* recipient of the XML document to be encrypted.
* @param secretKey the secret key used to encrypted data.
* @param dataEncAlgorithm Data encryption algorithm.
* @param dataEncStrength Data encryption strength.
* @param recipientEntityID Unique identifier of the recipient, it is used
* as the index to the cached secret key so that
* the key can be reused for the same recipient;
* It can be null in which case the secret key will
* be generated every time and will not be cached
* and reused. Note that the generation of a secret
* key is a relatively expensive operation.
* @param outerElementName Name of the element that will wrap around the
* encrypted data and encrypted key(s) sub-elements
* @return org.w3c.dom.Element Root element of the encypted document; The
* name of this root element is indicated by
* the last input parameter
* @exception SAML2Exception if there is an error during the encryption
* process
*/
int dataEncStrength,
throws SAML2Exception {
// checking the input parameters
dataEncAlgorithm==null ||
outerElementName==null ||
classMethod + "Null input parameter(s).");
throw new SAML2Exception(
}
"unsupportedKeyAlg"));
}
dataEncStrength != 128) ||
dataEncStrength != 192) ||
dataEncStrength != 256)) {
"Data encryption algorithm " + dataEncAlgorithm +
"and strength " + dataEncStrength +
" mismatch.");
"algSizeMismatch"));
}
throw new SAML2Exception(
}
if (dataEncStrength <= 0) {
dataEncStrength = 128;
}
if (rootElement == null) {
throw new SAML2Exception(
}
// start of obtaining secret key
if (recipientEntityID != null) {
} else {
}
} else {
}
"errorGenerateKey"));
}
}
// end of obtaining secret key
// start of encrypting the secret key with public key
/* note that the public key encryption algorithm could only
* have three possible values here: "RSA", "AES", "DESede"
*/
try {
} else {
throw new SAML2Exception(
}
} catch (XMLEncryptionException xe1) {
"Unable to obtain cipher with public key algorithm.", xe1);
throw new SAML2Exception(
}
try {
} catch (XMLEncryptionException xe2) {
classMethod + "Failed to initialize cipher with public key",
xe2);
throw new SAML2Exception(
"failedInitCipherWithPublicKey"));
}
try {
} catch (XMLEncryptionException xe3) {
classMethod + "Failed to encrypt secret key with public key",
xe3);
throw new SAML2Exception(
"failedEncryptingSecretKeyWithPublicKey"));
}
// end of encrypting the secret key with public key
// start of doing data encryption
try {
} catch (XMLEncryptionException xe4) {
classMethod + "Failed to obtain a cipher for "+
"data encryption algorithm" + dataEncAlgorithm,
xe4);
throw new SAML2Exception(
"cipherNotAvailableForDataEncAlg"));
}
try {
} catch (XMLEncryptionException xe5) {
classMethod + "Failed to initialize cipher with secret key.",
xe5);
throw new SAML2Exception(
"failedInitCipherWithSecretKey"));
}
try {
} catch (Exception e) {
classMethod + "Failed to do the final data encryption.", e);
throw new SAML2Exception(
}
// end of doing data encryption
// add the EncryptedKey element
try {
throw new SAML2Exception(
"failedMartialingEncryptedKey"));
}
outerElemPrefix = "samlp";
}
if (encryptedKeyInKeyInfo) {
// create a ds:KeyInfo Element to include the EncryptionKey
// find the xenc:CipherData Element inside the encrypted data
"CipherData");
"Unable to find required xenc:CipherData Element.");
"failedEncryptingData"));
}
// insert the EncryptedKey before the xenc:CipherData Element
} else {
}
return resultDoc.getDocumentElement();
}
public SecretKey getSecretKey(String xmlString, Set<PrivateKey> privateKeys) throws SAML2Exception {
}
privateKeys == null) {
throw new SAML2Exception(
}
throw new SAML2Exception(
"errorObtainingElement"));
}
if (rootElement == null) {
throw new SAML2Exception(
}
if (firstChild == null) {
classMethod + "Missing the EncryptedData element.");
throw new SAML2Exception(
"missingElementEncryptedData"));
}
if (secondChild == null) {
"looking for encrytion key inside first child.");
}
classMethod + "Missing the EncryptedKey element.");
throw new SAML2Exception(
"missingElementEncryptedKey"));
} else {
// use the first EncryptedKey found
}
}
try {
} catch (XMLEncryptionException xe1) {
throw new SAML2Exception(
}
try {
} catch (XMLEncryptionException xe2) {
classMethod + "Failed to initialize cipher for decryption mode",
xe2);
throw new SAML2Exception(
"failedInitCipherForDecrypt"));
}
try {
} catch (XMLEncryptionException xe3) {
throw new SAML2Exception(
"failedLoadingEncryptedData"));
}
try {
} catch (XMLEncryptionException xe4) {
throw new SAML2Exception(
"failedLoadingEncryptedKey"));
}
try {
} catch (XMLEncryptionException xe5) {
SAML2SDKUtils.debug.error(classMethod + "Failed to get a cipher instance for decrypting secret key.",
xe5);
}
}
return null;
}
}
throw new SAML2Exception(
}
throw new SAML2Exception(
"errorObtainingElement"));
}
if (rootElement == null) {
throw new SAML2Exception(
}
if (firstChild == null) {
classMethod + "Missing the EncryptedData element.");
throw new SAML2Exception(
"missingElementEncryptedData"));
}
if (secondChild == null) {
"looking for encrytion key inside first child.");
}
classMethod + "Missing the EncryptedKey element.");
throw new SAML2Exception(
"missingElementEncryptedKey"));
} else {
// use the first EncryptedKey found
}
}
try {
} catch (XMLEncryptionException xe1) {
throw new SAML2Exception(
}
try {
} catch (XMLEncryptionException xe2) {
classMethod + "Failed to initialize cipher for decryption mode",
xe2);
throw new SAML2Exception(
"failedInitCipherForDecrypt"));
}
try {
} catch (XMLEncryptionException xe3) {
throw new SAML2Exception(
"failedLoadingEncryptedData"));
}
try {
} catch (XMLEncryptionException xe4) {
throw new SAML2Exception(
"failedLoadingEncryptedKey"));
}
try {
} catch (XMLEncryptionException xe5) {
"Failed to get a cipher instance "+
"for decrypting secret key.",
xe5);
throw new SAML2Exception(
}
try {
} catch (XMLEncryptionException xe8) {
"Failed to get cipher instance for " +
"final data decryption.",
xe8);
throw new SAML2Exception(
}
try {
} catch (XMLEncryptionException xe9) {
"Failed to initialize cipher with secret key.",
xe9);
throw new SAML2Exception(
"failedInitCipherForDecrypt"));
}
try {
} catch (Exception e) {
classMethod + "Failed to decrypt data.", e);
throw new SAML2Exception(
"failedDecryptingData"));
}
}
"decrypted document contains empty element.");
throw new SAML2Exception(
}
return decryptedDoc.getDocumentElement();
}
/**
* Returns the next Element node, return null if no such node exists.
*/
while (true) {
return null;
} else {
}
}
}
/**
* Generates secret key for a given algorithm and key strength.
*/
throws SAML2Exception {
try {
} else {
"unsupportedKeyAlg"));
}
if (keyStrength != 0) {
}
} catch (NoSuchAlgorithmException ne) {
throw new SAML2Exception(ne);
}
}
private Key getEncryptionKey(XMLCipher cipher, Set<PrivateKey> privateKeys, EncryptedKey encryptedKey,
try {
} catch (XMLEncryptionException xee) {
SAML2SDKUtils.debug.warning(classMethod + "Failed to initialize cipher in unwrap mode with private key",
xee);
if (firstErrorCode == null) {
firstErrorCode = "noCipherForUnwrap";
}
continue;
}
try {
} catch (XMLEncryptionException xee) {
if (firstErrorCode == null) {
firstErrorCode = "failedDecryptingSecretKey";
}
}
}
}
}