AMEncryptionProvider.java revision 80849398a45dca1fb917716907d6ec99be6222c2
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AMEncryptionProvider.java,v 1.7 2009/08/29 07:30:38 mallas Exp $
*
*/
/**
* <code>AMEncryptionProvier</code> is a class for encrypting and
* decrypting XML Documents which implements <code>EncryptionProvider</code>.
*/
public class AMEncryptionProvider implements EncryptionProvider {
/**
* A static map contains provider id and symmetric keys as key value pairs.
* Key generation each time is an expensive operation and using the same
* key for each provider should be okay.
*/
static {
}
/**
* Initializes encryption provider.
*/
if(keyprovider == null) {
"keyprovider is null");
"nullValues"));
}
this.keyProvider = keyprovider;
}
/**
* Encrypts the given XML element in a given XML Context document.
* @param doc the context XML Document.
* @param element Element to be encrypted.
* @param secretKeyAlg Encryption Key Algorithm.
* @param keyStrength Encryption Key Strength.
* @param certAlias KeyEncryption Key cert alias.
* @param kekStrength Key Encryption Key Strength.
* @return org.w3c.dom.Document XML Document replaced with encrypted data
* for a given XML element.
*/
int keyStrength,
int kekStrength)
throws EncryptionException {
}
/**
* Encrypts the given XML element in a given XML Context document.
* @param doc the context XML Document.
* @param element Element to be encrypted.
* @param secretKeyAlg Encryption Key Algorithm.
* @param keyStrength Encryption Key Strength.
* @param certAlias KeyEncryption Key cert alias.
* @param kekStrength Key Encryption Key Strength,
* @param providerID Provider ID.
* @return org.w3c.dom.Document XML Document replaced with encrypted data
* for a given XML element.
*/
int keyStrength,
int kekStrength,
throws EncryptionException {
}
/**
* Encrypts the given ResourceID XML element in a given XML Context
* document.
* @param doc the context XML Document.
* @param element Element to be encrypted.
* @param secretKeyAlg Encryption Key Algorithm.
* @param keyStrength Encryption Key Strength.
* @param certAlias KeyEncryption Key cert alias.
* @param kekStrength Key Encryption Key Strength,
* @param providerID Provider ID.
* @return org.w3c.dom.Document EncryptedResourceID XML Document.
*/
int keyStrength,
int kekStrength,
throws EncryptionException {
kekStrength, providerID, true);
}
/**
* Encrypts the given XML element in a given XML Context document.
* @param doc the context XML Document.
* @param element Element to be encrypted.
* @param secretKeyAlg Encryption Key Algorithm.
* @param keyStrength Encryption Key Strength.
* @param kek Key Encryption Key.
* @param kekStrength Key Encryption Key Strength,
* @param providerID Provider ID
* @return org.w3c.dom.Document XML Document replaced with encrypted data
* for a given XML element.
*/
int keyStrength,
int kekStrength,
throws EncryptionException {
}
/**
* Encrypts the given XML element in a given XML Context document.
* @param doc the context XML Document.
* @param element Element to be encrypted.
* @param secretKeyAlg Encryption Key Algorithm.
* @param keyStrength Encryption Key Strength.
* @param kek Key Encryption Key.
* @param kekStrength Key Encryption Key Strength,
* @param providerID Provider ID
* @return org.w3c.dom.Document XML Document replaced with encrypted data
* for a given XML element.
*/
int keyStrength,
int kekStrength,
throws EncryptionException {
}
/**
* Encrypts the given XML element in a given XML Context document.
* @param doc the context XML Document.
* @param element Element to be encrypted.
* @param secretKeyAlg Encryption Key Algorithm.
* @param keyStrength Encryption Key Strength.
* @param kek Key Encryption Key.
* @param kekStrength Key Encryption Key Strength,
* @param providerID Provider ID
* @param isEncryptResourceID A flag indicates whether it's to encrypt
* ResourceID or not.
* @return org.w3c.dom.Document EncryptedResourceID XML Document if
* isEncryptResourceID is set. Otherwise, return the XML Document
* replaced with encrypted data for a given XML element.
*/
int keyStrength,
int kekStrength,
boolean isEncryptResourceID)
throws EncryptionException {
"Replace: Null values");
"nullValues"));
}
if(providerID != null) {
} else {
}
} else {
}
"generateKeyError"));
}
try {
} else if(kekStrength == 192) {
} else if(kekStrength == 256) {
} else {
throw new EncryptionException(
}
} else {
throw new EncryptionException(
}
// Encrypt the key with key encryption key
if (isEncryptResourceID) {
}
doc, encryptedKey)));
}
if(builderKeyInfo == null) {
}
if (isEncryptResourceID) {
"http://www.w3.org/2001/04/xmlenc#EncryptedKey");
} else {
}
if (isEncryptResourceID) {
"urn:liberty:disco:2003-08",
"EncryptedResourceID");
"http://www.w3.org/2001/04/xmlenc#", "xenc:CarriedKeyName");
}
return result;
"Replace: XML Encryption error", xe);
throw new EncryptionException(xe);
}
}
/**
* Encrypts the given WSS XML element in a given XML Context document.
* @param doc the context XML Document.
* @param elmMap Map of (Element, wsu_id) to be encrypted.
* @param encDataEncAlg Encryption Key Algorithm.
* @param encDataEncAlgStrength Encryption Key Strength.
* @param certAlias Key Encryption Key cert alias.
* @param kekStrength Key Encryption Key Strength.
* @param tokenType Security token type.
* @param providerID Provider ID.
* @return org.w3c.dom.Document XML Document replaced with encrypted data
* for a given XML element.
*/
int kekStrength,
throws EncryptionException {
return null;
}
/**
* Decrypts an XML Document that contains encrypted data.
* @param encryptedDoc XML Document with encrypted data.
* @param certAlias Private Key Certificate Alias.
* @return org.w3c.dom.Document Decrypted XML Document.
*/
public Document decryptAndReplace(
throws EncryptionException {
return decryptAndReplace(encryptedDoc,
}
/**
* Decrypts an XML Document that contains encrypted data.
* @param encryptedDoc XML Document with encrypted data.
* @param privKey Key Encryption Key used for encryption.
* @return org.w3c.dom.Document Decrypted XML Document.
*/
public Document decryptAndReplace(
throws EncryptionException {
if(encryptedDoc == null) {
"null encrypted doc"));
}
"AndReplace: input encrypted DOC = "
}
return encryptedDoc;
}
/**
* Check for the encrypted key after the encrypted data.
* if found, use that symmetric key for the decryption., otherwise
* check if there's one in the encrypted data.
*/
try {
"AndReplace: XML Decryption error for XMLCipher init :"
, xe);
throw new EncryptionException(xe);
}
int i=0 ;
while (i < length) {
try {
"AndReplace: encrypted element (" + i + ") = "
}
if(encryptedKey == null) {
if(encryptedKey == null) {
}
}
encryptedDoc, encryptedKey)));
+ "AndReplace: Encrypted Data (" + i + ") = "
}
if(encryptedKey != null) {
}
}
i = i+1;
if (i < length) {
}
+ "AndReplace: decryptedDoc (" + (i-1) + ") = " +
}
"AndReplace: XML Decryption error.", xe);
throw new EncryptionException(xe);
}
}
+ "AndReplace: FINAL decryptedDoc = " +
}
return decryptedDoc;
}
// converts the element to a string.
of.setIndenting(true);
try {
} catch (IOException ioe) {
}
}
/**
* Converts XML encryption algorithm string to a short name.
* For example, http://www.w3.org/2001/04/xmlenc#aes128-cbc -> AES
*/
throws EncryptionException {
if (algorithmUri == null) {
return null;
return EncryptionConstants.AES;
return EncryptionConstants.TRIPLEDES;
} else {
"unsupportedKeyAlg"));
}
}
/**
* Gets the equivalent XML encryption algorithm string for a given
* algorithm and strength that is published by the provider.
*/
throws EncryptionException {
"nullValues"));
}
} else if (keyStrength == 192) {
} else if(keyStrength == 256) {
} else {
"invalidKeyStrength"));
}
} else {
"unsupportedKeyAlg"));
}
}
/**
* Generates secret key for a given algorithm and key strength.
*/
throws EncryptionException {
try {
if(keyStrength != 0) {
}
return keygen.generateKey();
} catch (NoSuchAlgorithmException ne) {
throw new EncryptionException(ne);
}
}
/**
* Returns the private key for X509Certificate embedded in the KeyInfo
* @param keyinfo KeyInfo
* @return a private key for X509Certificate
*/
try {
if (keyinfo.containsX509Data()) {
" element in the KeyInfo");
}
}
}
} catch (Exception e) {
, e);
}
return pk;
}
/**
* Decrypt the given encrypted key.
* @param encryptedKey the encrypted key element
* @param certAlias the private key alias
* @return the key associated with the decrypted key.
*/
return null;
}
}