--- old/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/EncryptedKeyResolver.java 2013-06-28 11:33:45.202066568 -0400
+++ new/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/EncryptedKeyResolver.java 2013-06-28 11:33:45.030071923 -0400
@@ -2,123 +2,149 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-/*
- * Copyright 1999-2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations;
import java.security.Key;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
import javax.crypto.SecretKey;
import com.sun.org.apache.xml.internal.security.encryption.EncryptedKey;
import com.sun.org.apache.xml.internal.security.encryption.XMLCipher;
+import com.sun.org.apache.xml.internal.security.encryption.XMLEncryptionException;
import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverSpi;
import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver;
import com.sun.org.apache.xml.internal.security.utils.EncryptionConstants;
import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import org.w3c.dom.Element;
-
/**
- * The EncryptedKeyResolver is not a generic resolver. It can
- * only be for specific instantiations, as the key being unwrapped will
- * always be of a particular type and will always have been wrapped by
+ * The EncryptedKeyResolver is not a generic resolver. It can
+ * only be for specific instantiations, as the key being unwrapped will
+ * always be of a particular type and will always have been wrapped by
* another key which needs to be recursively resolved.
*
* The EncryptedKeyResolver can therefore only be instantiated
- * with an algorithm. It can also be instantiated with a key (the KEK) or
+ * with an algorithm. It can also be instantiated with a key (the KEK) or
* will search the static KeyResolvers to find the appropriate key.
*
* @author Berin Lautenbach
*/
-
public class EncryptedKeyResolver extends KeyResolverSpi {
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(
- RSAKeyValueResolver.class.getName());
-
-
- Key _kek;
- String _algorithm;
-
- /**
- * Constructor for use when a KEK needs to be derived from a KeyInfo
- * list
- * @param algorithm
- */
- public EncryptedKeyResolver(String algorithm) {
- _kek = null;
- _algorithm=algorithm;
+ /** {@link org.apache.commons.logging} logging facility */
+ private static java.util.logging.Logger log =
+ java.util.logging.Logger.getLogger(EncryptedKeyResolver.class.getName());
+
+ private Key kek;
+ private String algorithm;
+ private List internalKeyResolvers;
+
+ /**
+ * Constructor for use when a KEK needs to be derived from a KeyInfo
+ * list
+ * @param algorithm
+ */
+ public EncryptedKeyResolver(String algorithm) {
+ kek = null;
+ this.algorithm = algorithm;
+ }
+
+ /**
+ * Constructor used for when a KEK has been set
+ * @param algorithm
+ * @param kek
+ */
+ public EncryptedKeyResolver(String algorithm, Key kek) {
+ this.algorithm = algorithm;
+ this.kek = kek;
+ }
+
+ /**
+ * This method is used to add a custom {@link KeyResolverSpi} to help
+ * resolve the KEK.
+ *
+ * @param realKeyResolver
+ */
+ public void registerInternalKeyResolver(KeyResolverSpi realKeyResolver) {
+ if (internalKeyResolvers == null) {
+ internalKeyResolvers = new ArrayList();
}
+ internalKeyResolvers.add(realKeyResolver);
+ }
- /**
- * Constructor used for when a KEK has been set
- * @param algorithm
- * @param kek
- */
-
- public EncryptedKeyResolver(String algorithm, Key kek) {
- _algorithm = algorithm;
- _kek = kek;
+ /** @inheritDoc */
+ public PublicKey engineLookupAndResolvePublicKey(
+ Element element, String BaseURI, StorageResolver storage
+ ) {
+ return null;
+ }
- }
+ /** @inheritDoc */
+ public X509Certificate engineLookupResolveX509Certificate(
+ Element element, String BaseURI, StorageResolver storage
+ ) {
+ return null;
+ }
/** @inheritDoc */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String BaseURI, StorageResolver storage) {
+ public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
+ Element element, String BaseURI, StorageResolver storage
+ ) {
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "EncryptedKeyResolver - Can I resolve " + element.getTagName());
+ }
- return null;
- }
+ if (element == null) {
+ return null;
+ }
- /** @inheritDoc */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String BaseURI, StorageResolver storage) {
- return null;
- }
-
- /** @inheritDoc */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String BaseURI, StorageResolver storage) {
- SecretKey key=null;
- if (log.isLoggable(java.util.logging.Level.FINE))
- log.log(java.util.logging.Level.FINE, "EncryptedKeyResolver - Can I resolve " + element.getTagName());
-
- if (element == null) {
- return null;
- }
-
- boolean isEncryptedKey = XMLUtils.elementIsInEncryptionSpace(element,
- EncryptionConstants._TAG_ENCRYPTEDKEY);
-
- if (isEncryptedKey) {
- log.log(java.util.logging.Level.FINE, "Passed an Encrypted Key");
- try {
- XMLCipher cipher = XMLCipher.getInstance();
- cipher.init(XMLCipher.UNWRAP_MODE, _kek);
- EncryptedKey ek = cipher.loadEncryptedKey(element);
- key = (SecretKey) cipher.decryptKey(ek, _algorithm);
- }
- catch (Exception e) {}
- }
+ SecretKey key = null;
+ boolean isEncryptedKey =
+ XMLUtils.elementIsInEncryptionSpace(element, EncryptionConstants._TAG_ENCRYPTEDKEY);
+ if (isEncryptedKey) {
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "Passed an Encrypted Key");
+ }
+ try {
+ XMLCipher cipher = XMLCipher.getInstance();
+ cipher.init(XMLCipher.UNWRAP_MODE, kek);
+ if (internalKeyResolvers != null) {
+ int size = internalKeyResolvers.size();
+ for (int i = 0; i < size; i++) {
+ cipher.registerInternalKeyResolver(internalKeyResolvers.get(i));
+ }
+ }
+ EncryptedKey ek = cipher.loadEncryptedKey(element);
+ key = (SecretKey) cipher.decryptKey(ek, algorithm);
+ } catch (XMLEncryptionException e) {
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, e.getMessage(), e);
+ }
+ }
+ }
- return key;
- }
+ return key;
+ }
}