/** * @param element * @return a new KeyInfo * @throws XMLEncryptionException */ KeyInfo newKeyInfo(Element element) throws XMLEncryptionException { try { KeyInfo ki = new KeyInfo(element, null); ki.setSecureValidation(secureValidation); if (internalKeyResolvers != null) { int size = internalKeyResolvers.size(); for (int i = 0; i < size; i++) { ki.registerInternalKeyResolver(internalKeyResolvers.get(i)); } } return ki; } catch (XMLSecurityException xse) { throw new XMLEncryptionException(xse, "KeyInfo.error"); } }
private void addKeyInfo(List respondWiths, String aliase, X509Certificate[] certs, KeyBindingAbstractType abstractType) { KeyInfo keyInfo = new KeyInfo(doc); for (Iterator iterator = respondWiths.iterator(); iterator.hasNext();) { RespondWith respondWith = (RespondWith) iterator.next(); if (respondWith.equals(RespondWith.KEY_NAME)) { KeyName keyName = new KeyName(doc, aliase); keyInfo.add(keyName); } else if (respondWith.equals(RespondWith.KEY_VALUE)) { PublicKey publicKey = certs[0].getPublicKey(); KeyValue keyValue = new KeyValue(doc, publicKey); keyInfo.add(keyValue); } else if (respondWith.equals(RespondWith.X_509_CERT)) { addX509Certificate(certs[0], keyInfo); } else if (respondWith.equals(RespondWith.X_509_CHAIN)) { for (int i = 0; i < certs.length; i++) { addX509Certificate(certs[i], keyInfo); } } else { // TODO Implement the other RespondWith elements. } } abstractType.setKeyInfo(keyInfo); }
/** * Validate the Element referred to by the KeyInfoReference. * * @param referentElement * * @throws XMLSecurityException */ private void validateReference(Element referentElement) throws XMLSecurityException { if (!XMLUtils.elementIsInSignatureSpace(referentElement, Constants._TAG_KEYINFO)) { Object exArgs[] = { new QName(referentElement.getNamespaceURI(), referentElement.getLocalName()) }; throw new XMLSecurityException("KeyInfoReferenceResolver.InvalidReferentElement.WrongType", exArgs); } KeyInfo referent = new KeyInfo(referentElement, ""); if (referent.containsKeyInfoReference()) { if (secureValidation) { throw new XMLSecurityException("KeyInfoReferenceResolver.InvalidReferentElement.ReferenceWithSecure"); } else { // Don't support chains of references at this time. If do support in the future, this is where the code // would go to validate that don't have a cycle, resulting in an infinite loop. This may be unrealistic // to implement, and/or very expensive given remote URI references. throw new XMLSecurityException("KeyInfoReferenceResolver.InvalidReferentElement.ReferenceWithoutSecure"); } } }
KeyInfo keyInfo = new KeyInfo(doc); keyInfo.add(encryptedKey); encryptedData.setKeyInfo(keyInfo);
/** * Resolve the KeyInfoReference Element's URI attribute into a KeyInfo instance. * * @param element * @param baseURI * @param storage * @return the KeyInfo which is referred to by this KeyInfoReference, or null if can not be resolved * @throws XMLSecurityException */ private KeyInfo resolveReferentKeyInfo(Element element, String baseURI, StorageResolver storage) throws XMLSecurityException { KeyInfoReference reference = new KeyInfoReference(element, baseURI); Attr uriAttr = reference.getURIAttr(); XMLSignatureInput resource = resolveInput(uriAttr, baseURI, secureValidation); Element referentElement = null; try { referentElement = obtainReferenceElement(resource); } catch (Exception e) { LOG.debug("XMLSecurityException", e); return null; } if (referentElement == null) { LOG.debug("De-reference of KeyInfoReference URI returned null: {}", uriAttr.getValue()); return null; } validateReference(referentElement); KeyInfo referent = new KeyInfo(referentElement, baseURI); referent.addStorageResolver(storage); return referent; }
keyInfo = new KeyInfo(oChild, "");
&& (keyName != null || keyValue != null || certValue != null)) { Document doc = ((Element) container).getOwnerDocument(); keyInfo = new KeyInfo(doc);
&& Constants.SignatureSpecNS.equals(keyInfoElem.getNamespaceURI()) && Constants._TAG_KEYINFO.equals(keyInfoElem.getLocalName())) { this.keyInfo = new KeyInfo(keyInfoElem, baseURI); this.keyInfo.setSecureValidation(secureValidation);
this.keyInfo = new KeyInfo(getDocument());
KeyInfo kiEnc = new KeyInfo(document); X509Data xData = new X509Data(document); xData.addIssuerSerial(cer.getIssuerDN().getName(), cer.getSerialNumber());
Element kiEle = (Element)keyInfoEle; try { KeyInfo ki = new KeyInfo(kiEle, null); keyBindingAbstractType.setKeyInfo(ki); } catch (XMLSecurityException e) {
keyInfo = new KeyInfo((Element) keyInfo.getElement().cloneNode(true), null); } catch (Exception ex) { throw new WSSecurityException(
KeyInfo kiEnc = new KeyInfo(document); X509Data xData = new X509Data(document); xData.addIssuerSerial(cer.getIssuerDN().getName(), cer.getSerialNumber());
keyInfo = new KeyInfo((Element) keyInfo.getElement().cloneNode(true), null); } catch (Exception ex) { throw new WSSecurityException(
KeyInfo kiEnc = new KeyInfo(document); X509Data xData = new X509Data(document); xData.addIssuerSerial(cer.getIssuerDN().getName(), cer.getSerialNumber());
/** * Create a KeyInfo object * @throws ConversationException */ private KeyInfo createKeyInfo() throws WSSecurityException, ConversationException { KeyInfo keyInfo = new KeyInfo(document); SecurityTokenReference secToken = new SecurityTokenReference(document); secToken.addWSSENamespace(); Reference ref = new Reference(document); ref.setURI("#" + dktId); String ns = ConversationConstants.getWSCNs(getWscVersion()) + ConversationConstants.TOKEN_TYPE_DERIVED_KEY_TOKEN; ref.setValueType(ns); secToken.setReference(ref); keyInfo.addUnknownElement(secToken.getElement()); Element keyInfoElement = keyInfo.getElement(); keyInfoElement.setAttributeNS( WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS ); return keyInfo; }
/** * Create a KeyInfo object * @throws ConversationException */ private KeyInfo createKeyInfo() throws WSSecurityException, ConversationException { KeyInfo keyInfo = new KeyInfo(document); SecurityTokenReference secToken = new SecurityTokenReference(document); secToken.addWSSENamespace(); Reference ref = new Reference(document); ref.setURI("#" + dktId); String ns = ConversationConstants.getWSCNs(getWscVersion()) + ConversationConstants.TOKEN_TYPE_DERIVED_KEY_TOKEN; ref.setValueType(ns); secToken.setReference(ref); keyInfo.addUnknownElement(secToken.getElement()); Element keyInfoElement = keyInfo.getElement(); keyInfoElement.setAttributeNS( WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS ); return keyInfo; }
/** * Create a KeyInfo object * @throws ConversationException */ private KeyInfo createKeyInfo() throws WSSecurityException { KeyInfo keyInfo = new KeyInfo(getDocument()); SecurityTokenReference secToken = new SecurityTokenReference(getDocument()); secToken.addWSSENamespace(); Reference ref = new Reference(getDocument()); ref.setURI("#" + getId()); String ns = ConversationConstants.getWSCNs(getWscVersion()) + ConversationConstants.TOKEN_TYPE_DERIVED_KEY_TOKEN; ref.setValueType(ns); secToken.setReference(ref); keyInfo.addUnknownElement(secToken.getElement()); Element keyInfoElement = keyInfo.getElement(); keyInfoElement.setAttributeNS( WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS ); return keyInfo; }
public Document encrypt(Document doc, EncryptionOptions options) throws SecurityException { try { org.w3c.dom.Document dom = fomToDom(doc, options); Key dek = options.getDataEncryptionKey(); Key kek = options.getKeyEncryptionKey(); String dalg = options.getDataCipherAlgorithm(); String kalg = options.getKeyCipherAlgorithm(); boolean includeki = options.includeKeyInfo(); EncryptedKey enckey = null; XMLCipher xmlCipher = XMLCipher.getInstance(dalg); xmlCipher.init(XMLCipher.ENCRYPT_MODE, dek); if (includeki && kek != null && dek != null) { XMLCipher keyCipher = XMLCipher.getInstance(kalg); keyCipher.init(XMLCipher.WRAP_MODE, kek); enckey = keyCipher.encryptKey(dom, dek); EncryptedData encdata = xmlCipher.getEncryptedData(); KeyInfo keyInfo = new KeyInfo(dom); keyInfo.add(enckey); encdata.setKeyInfo(keyInfo); } dom = xmlCipher.doFinal(dom, dom.getDocumentElement(), false); return domToFom(dom, options); } catch (Exception e) { throw new SecurityException(e); } }
KeyInfo keyInfo = new KeyInfo(document); if (embedEncryptedKey) { keyInfo.addUnknownElement(getEncryptedKeyElement());