Element encKeyElement = getNextElementNode(encDataElement.getNextSibling()); if (encKeyElement == null) NodeList nodeList = encDataElement.getElementsByTagNameNS(XMLENC_NS, ENCRYPTED_KEY_LOCALNAME); if (nodeList == null || nodeList.getLength() == 0) throw new IllegalStateException(ErrorCodes.NULL_VALUE + "Encrypted Key not found in the enc data"); encKeyElement = (Element) nodeList.item(0); try cipher = XMLCipher.getInstance(); cipher.init(XMLCipher.DECRYPT_MODE, null); encryptedData = cipher.loadEncryptedData(documentWithEncryptedElement, encDataElement); encryptedKey = cipher.loadEncryptedKey(documentWithEncryptedElement, encKeyElement); XMLCipher keyCipher = XMLCipher.getInstance(); keyCipher.init(XMLCipher.UNWRAP_MODE, privateKey); Key encryptionKey = keyCipher.decryptKey(encryptedKey, encAlgoURL); cipher = XMLCipher.getInstance(); cipher.init(XMLCipher.DECRYPT_MODE, encryptionKey); decryptedDoc = cipher.doFinal(documentWithEncryptedElement, encDataElement); return decryptedDoc.getDocumentElement();
dbf.setNamespaceAware(true); Document doc = dbf.newDocumentBuilder().newDocument(); Element nameId = doc.createElement("saml:NameID"); nameId.setAttribute("SPNameQualifier", spnq); nameId.setAttribute("Format", format); nameId.setAttribute("NameQualifier", nq); nameId.appendChild(doc.createTextNode(value)); doc.appendChild(nameId); XMLCipher xmlCipher = XMLCipher.getInstance(Constants.AES128_CBC); xmlCipher.init(XMLCipher.ENCRYPT_MODE, symmetricKey); XMLCipher keyCipher = XMLCipher.getInstance(Constants.RSA_1_5); keyCipher.init(XMLCipher.WRAP_MODE, cert.getPublicKey()); EncryptedKey encryptedKey = keyCipher.encryptKey(doc, symmetricKey); EncryptedData encryptedData = xmlCipher.getEncryptedData(); KeyInfo keyInfo = new KeyInfo(doc); keyInfo.add(encryptedKey); xmlCipher.doFinal(doc, nameId, false);
String encryptionAlgorithm = getXMLEncryptionURL(secretKey.getAlgorithm(), keySize); cipher = XMLCipher.getInstance(encryptionAlgorithm); cipher.init(XMLCipher.ENCRYPT_MODE, secretKey); try encryptedDoc = cipher.doFinal(document, element); Element encryptedKeyElement = cipher.martial(document, encryptedKey); Element sigElement = encryptedDoc.createElementNS(XMLSIG_NS, DS_KEY_INFO); sigElement.setAttributeNS(XMLNS, "xmlns:ds", XMLSIG_NS); sigElement.appendChild(encryptedKeyElement); NodeList nodeList = encryptedDoc.getElementsByTagNameNS(XMLENC_NS, CIPHER_DATA_LOCALNAME); if (nodeList == null || nodeList.getLength() == 0) throw new IllegalStateException(ErrorCodes.DOM_MISSING_ELEMENT + "xenc:CipherData"); Element cipherDataElement = (Element) nodeList.item(0); Node cipherParent = cipherDataElement.getParentNode(); cipherParent.insertBefore(sigElement, cipherDataElement);
private Key getDecipheredOtherPartyEntropy(Object encryptedKey, Key privKey) throws XMLEncryptionException { if ( encryptedKey instanceof EncryptedKey ) { EncryptedKey encKey = (EncryptedKey)encryptedKey; XMLCipher cipher = XMLCipher.getInstance(); cipher.setKEK(privKey); cipher.decryptKey(encKey); return null; } else { return null; } }
public static XMLCipher initXMLCipher(String symEncAlgo, int mode, Key key) throws WSSecurityException { try { XMLCipher cipher = XMLCipher.getInstance(symEncAlgo); cipher.setSecureValidation(true); cipher.init(mode, key); return cipher; } catch (XMLEncryptionException ex) { throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, ex); } }
public void createEncryptedData(String algorithm, Key key, Element element) throws XKMSException { try { Document doc = element.getOwnerDocument(); XMLCipher xmlCipher = XMLCipher.getInstance(algorithm); xmlCipher.init(XMLCipher.ENCRYPT_MODE, key); xmlCipher.doFinal(doc, element, true); } catch (Exception e) { e.printStackTrace(); throw new XKMSException(e); } }
ConfigurationException EncryptedKey encryptedKey = encryptKey(document, secretKey, publicKey, keySize); String encryptionAlgorithm = getXMLEncryptionURL(secretKey.getAlgorithm(), keySize); cipher = XMLCipher.getInstance(encryptionAlgorithm); cipher.init(XMLCipher.ENCRYPT_MODE, secretKey); try encryptedDoc = cipher.doFinal(document, document.getDocumentElement()); Element encryptedKeyElement = cipher.martial(document, encryptedKey); String wrappingElementName = wrappingElementPrefix + ":" + wrappingElementQName.getLocalPart(); wrappingElementName = wrappingElementQName.getLocalPart(); wrappingElement.setAttributeNS(XMLNS, "xmlns:" + wrappingElementPrefix, wrappingElementQName.getNamespaceURI()); Element encryptedDocRootElement = encryptedDoc.getDocumentElement(); encryptedDoc.replaceChild(wrappingElement, encryptedDocRootElement); wrappingElement.appendChild(encryptedDocRootElement);
throw new IllegalStateException(ErrorCodes.DOM_MISSING_DOC_ELEMENT + elementQName.toString()); String encryptionAlgorithm = getXMLEncryptionURL(secretKey.getAlgorithm(), keySize); cipher = XMLCipher.getInstance(encryptionAlgorithm); cipher.init(XMLCipher.ENCRYPT_MODE, secretKey); try encryptedDoc = cipher.doFinal(document, documentElement); Element encryptedKeyElement = cipher.martial(document, encryptedKey); String wrappingElementName = wrappingElementPrefix + ":" + wrappingElementQName.getLocalPart(); Element wrappingElement = encryptedDoc.createElementNS(wrappingElementQName.getNamespaceURI(), wrappingElementName); wrappingElement.setAttributeNS(XMLNS, "xmlns:" + wrappingElementPrefix, wrappingElementQName.getNamespaceURI()); wrappingElement.appendChild(encryptedDataElement); Element sigElement = encryptedDoc.createElementNS(XMLSIG_NS, DS_KEY_INFO); if (nodeList == null || nodeList.getLength() == 0) cipherParent.insertBefore(sigElement, cipherDataElement);
EncryptionUtils.initXMLCipher(symEncAlgo, XMLCipher.ENCRYPT_MODE, symmetricKey); Document result = xmlCipher.doFinal(payloadDoc, payloadDoc.getDocumentElement(), false); NodeList list = result.getElementsByTagNameNS(ENC_NS, "CipherValue"); if (list.getLength() != 1) { throw new Exception("Payload CipherData is missing"); String cipherText = ((Element)list.item(0)).getTextContent().trim(); Element cipherValue = createCipherValue(encryptedDataDoc, encryptedDataDoc.getDocumentElement()); cipherValue.appendChild(encryptedDataDoc.createTextNode(cipherText));
XMLCipher xmlCipher = XMLCipher.getInstance(); xmlCipher.init(XMLCipher.DECRYPT_MODE, null); NodeList keyInfoInEncData = encryptedDataElement.getElementsByTagNameNS(Constants.NS_DS, "KeyInfo"); if (keyInfoInEncData.getLength() == 0) { throw new ValidationError("No KeyInfo inside EncryptedData element", ValidationError.KEYINFO_NOT_FOUND_IN_ENCRYPTED_DATA); NodeList childs = keyInfoInEncData.item(0).getChildNodes(); for (int i=0; i < childs.getLength(); i++) { if (childs.item(i).getLocalName() != null && childs.item(i).getLocalName().equals("RetrievalMethod")) { Element retrievalMethodElem = (Element)childs.item(i); if (!retrievalMethodElem.getAttribute("Type").equals("http://www.w3.org/2001/04/xmlenc#EncryptedKey")) { throw new ValidationError("Unsupported Retrieval Method found", ValidationError.UNSUPPORTED_RETRIEVAL_METHOD); String uri = retrievalMethodElem.getAttribute("URI").substring(1); NodeList encryptedKeyNodes = ((Element) encryptedDataElement.getParentNode()).getElementsByTagNameNS(Constants.NS_XENC, "EncryptedKey"); xmlCipher.setKEK(inputKey); xmlCipher.doFinal(encryptedDataElement.getOwnerDocument(), encryptedDataElement, false); } catch (Exception e) { LOGGER.warn("Error executing decryption: " + e.getMessage(), e);
); algorithmSuiteValidator.checkSymmetricKeyLength(key.getEncoded().length); algorithmSuiteValidator.checkSymmetricEncryptionAlgorithm(symEncAlgo); xmlCipher = XMLCipher.getInstance(symEncAlgo); xmlCipher.setSecureValidation(true); xmlCipher.init(XMLCipher.DECRYPT_MODE, key); } catch (XMLEncryptionException ex) { throw new WSSecurityException( ); Node previousSibling = elem.getPreviousSibling(); Node parent = elem.getParentNode(); try { xmlCipher.doFinal(elem.getOwnerDocument(), elem, false); } catch (Exception e) { throw new WSSecurityException( decryptedNode = parent.getFirstChild(); } else { decryptedNode = previousSibling.getNextSibling(); if (decryptedNode != null && Node.ELEMENT_NODE == decryptedNode.getNodeType()) { dataRef.setProtectedElement((Element)decryptedNode);
private Element decryptElement(PrivateKey privKey, Element encryptedToken) throws Exception { Element kiElem = null; Element encrKeyElem = null; EncryptedKeyProcessor encrKeyProcessor = null; SecretKey secretKey = null; XMLCipher cipher = null; Document doc = null; if (log.isDebugEnabled()) { log.debug("decryptingToken"); } kiElem = (Element) encryptedToken.getElementsByTagNameNS(WSConstants.SIG_NS, "KeyInfo").item(0); encrKeyElem = (Element) kiElem.getElementsByTagNameNS(WSConstants.ENC_NS, EncryptionConstants._TAG_ENCRYPTEDKEY) .item(0); encrKeyProcessor = new EncryptedKeyProcessor(); encrKeyProcessor.handleEncryptedKey(encrKeyElem, privKey); secretKey = WSSecurityUtil.prepareSecretKey(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128, encrKeyProcessor.getDecryptedBytes()); cipher = XMLCipher.getInstance(); cipher.init(XMLCipher.DECRYPT_MODE, secretKey); doc = cipher.doFinal(encryptedToken.getOwnerDocument(), encryptedToken); if (log.isDebugEnabled()) { log.debug("decryptingTokenDone"); } return doc.getDocumentElement(); }
XMLCipher xmlCipher = null; try { xmlCipher = XMLCipher.getInstance(symEncAlgo); xmlCipher.setSecureValidation(true); xmlCipher.init(XMLCipher.DECRYPT_MODE, symmetricKey); } catch (XMLEncryptionException ex) { throw new WSSecurityException( dataRef.setContent(content); Node parent = encData.getParentNode(); Node previousSibling = encData.getPreviousSibling(); if (content) { encData = (Element) encData.getParentNode(); parent = encData.getParentNode(); xmlCipher.doFinal(doc, encData, content); } catch (Exception ex) { throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, ex); if (parent.getLocalName().equals(WSConstants.ENCRYPTED_HEADER) && parent.getNamespaceURI().equals(WSConstants.WSSE11_NS) || parent.getLocalName().equals(WSConstants.ENCRYPED_ASSERTION_LN) && parent.getNamespaceURI().equals(WSConstants.SAML2_NS)) {
if (element != null && element.getParentNode() == null) { throw new XMLEncryptionException("empty", "The element can't be serialized as it has no parent"); byte[] octets = decryptToByteArray(element); Node sourceParent = element.getParentNode(); try { Node decryptedNode = serializer.deserialize(octets, sourceParent); if (sourceParent != null && Node.DOCUMENT_NODE == sourceParent.getNodeType()) { contextDocument.removeChild(contextDocument.getDocumentElement()); contextDocument.appendChild(decryptedNode); } else if (sourceParent != null) { sourceParent.replaceChild(decryptedNode, element);
if ("Header".equals(modifier)) { Element elem = doc.createElementNS( WSConstants.WSSE11_NS, "wsse11:" + WSConstants.ENCRYPTED_HEADER ); WSSecurityUtil.setNamespace(elem, WSConstants.WSU_NS, WSConstants.WSU_PREFIX); headerId = config.getIdAllocator().createId("EH-", elementToEncrypt); elem.setAttributeNS( WSConstants.WSU_NS, wsuPrefix + ":Id", headerId ); Node parent = elementToEncrypt.getParentNode(); elementToEncrypt = (Element)parent.replaceChild(elem, elementToEncrypt); elem.appendChild(elementToEncrypt); NamedNodeMap map = elementToEncrypt.getAttributes(); xmlCipher.init(XMLCipher.ENCRYPT_MODE, secretKey); EncryptedData encData = xmlCipher.getEncryptedData(); encData.setId(xencEncryptedDataId); encData.setKeyInfo(keyInfo); xmlCipher.doFinal(doc, elementToEncrypt, content); return xencEncryptedDataId; } catch (Exception ex) {
try { if ("Header".equals(modifier)) { String soapNamespace = WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement()); if (elementToEncrypt.getParentNode().getNamespaceURI().equals(soapNamespace) && WSConstants.ELEM_HEADER.equals(elementToEncrypt.getParentNode().getLocalName())) { createEncryptedHeaderElement(securityHeader, elementToEncrypt, idAllocator); xmlCipher.init(XMLCipher.ENCRYPT_MODE, secretKey); EncryptedData encData = xmlCipher.getEncryptedData(); encData.setId(xencEncryptedDataId); encData.setKeyInfo(keyInfo); xmlCipher.doFinal(doc, elementToEncrypt, content); return xencEncryptedDataId; } catch (Exception ex) {
public Document decrypt(Document doc, EncryptionOptions options) throws SecurityException { if (!isEncrypted(doc)) return null; try { org.w3c.dom.Document dom = fomToDom(doc, options); Key kek = options.getKeyEncryptionKey(); Key dek = options.getDataEncryptionKey(); org.w3c.dom.Element element = dom.getDocumentElement(); XMLCipher xmlCipher = XMLCipher.getInstance(); xmlCipher.init(XMLCipher.DECRYPT_MODE, dek); xmlCipher.setKEK(kek); dom = xmlCipher.doFinal(dom, element); return domToFom(dom, options); } catch (Exception e) { throw new SecurityException(e); } }
public Document encrypt(Document doc, EncryptionOptions options) throws SecurityException { try { org.w3c.dom.Document dom = fomToDom(doc, options); Key dek = options.getDataEncryptionKey(); Key kek = options.getKeyEncryptionKey(); String dalg = options.getDataCipherAlgorithm(); String kalg = options.getKeyCipherAlgorithm(); boolean includeki = options.includeKeyInfo(); EncryptedKey enckey = null; XMLCipher xmlCipher = XMLCipher.getInstance(dalg); xmlCipher.init(XMLCipher.ENCRYPT_MODE, dek); if (includeki && kek != null && dek != null) { XMLCipher keyCipher = XMLCipher.getInstance(kalg); keyCipher.init(XMLCipher.WRAP_MODE, kek); enckey = keyCipher.encryptKey(dom, dek); EncryptedData encdata = xmlCipher.getEncryptedData(); KeyInfo keyInfo = new KeyInfo(dom); keyInfo.add(enckey); encdata.setKeyInfo(keyInfo); } dom = xmlCipher.doFinal(dom, dom.getDocumentElement(), false); return domToFom(dom, options); } catch (Exception e) { throw new SecurityException(e); } }
xmlCipher = XMLCipher.getInstance(encryptionAlgorithm); } catch (XMLEncryptionException ex) { throw new WSSecurityException( xmlCipher.setSerializer(encryptionSerializer); XMLUtils.findElements(elementToEncrypt.getFirstChild(), "Include", WSConstants.XOP_NS); if (includeElements != null && !includeElements.isEmpty()) { if (matchingElement != null && matchingElement != encrElement) { encrElement.getParentNode().replaceChild(matchingElement, encrElement); encrElement = matchingElement; String xopURI = includeElement.getAttributeNS(null, "href"); if (xopURI != null) {
LOG.debug("EncryptedKeyResolver - Can I resolve {}", element.getTagName()); LOG.debug("Passed an Encrypted Key"); try { XMLCipher cipher = XMLCipher.getInstance(); cipher.init(XMLCipher.UNWRAP_MODE, kek); if (internalKeyResolvers != null) { int size = internalKeyResolvers.size(); for (int i = 0; i < size; i++) { cipher.registerInternalKeyResolver(internalKeyResolvers.get(i)); EncryptedKey ek = cipher.loadEncryptedKey(element); key = (SecretKey) cipher.decryptKey(ek, algorithm); } catch (XMLEncryptionException e) { LOG.debug(e.getMessage(), e);