src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/EncryptedKeyResolver.java

Print this page


   1 /*
   2  * reserved comment block
   3  * DO NOT REMOVE OR ALTER!
   4  */
   5 /*
   6  * Copyright  1999-2004 The Apache Software Foundation.
   7  *
   8  *  Licensed under the Apache License, Version 2.0 (the "License");
   9  *  you may not use this file except in compliance with the License.
  10  *  You may obtain a copy of the License at


  11  *
  12  *      http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  *  Unless required by applicable law or agreed to in writing, software
  15  *  distributed under the License is distributed on an "AS IS" BASIS,
  16  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17  *  See the License for the specific language governing permissions and
  18  *  limitations under the License.
  19  *
  20  */
  21 package com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations;
  22 
  23 import java.security.Key;
  24 import java.security.PublicKey;
  25 import java.security.cert.X509Certificate;


  26 
  27 import javax.crypto.SecretKey;
  28 
  29 import com.sun.org.apache.xml.internal.security.encryption.EncryptedKey;
  30 import com.sun.org.apache.xml.internal.security.encryption.XMLCipher;

  31 import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverSpi;
  32 import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver;
  33 import com.sun.org.apache.xml.internal.security.utils.EncryptionConstants;
  34 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
  35 import org.w3c.dom.Element;
  36 
  37 
  38 /**
  39  * The <code>EncryptedKeyResolver</code> is not a generic resolver.  It can
  40  * only be for specific instantiations, as the key being unwrapped will
  41  * always be of a particular type and will always have been wrapped by
  42  * another key which needs to be recursively resolved.
  43  *
  44  * The <code>EncryptedKeyResolver</code> can therefore only be instantiated
  45  * with an algorithm.  It can also be instantiated with a key (the KEK) or
  46  * will search the static KeyResolvers to find the appropriate key.
  47  *
  48  * @author Berin Lautenbach
  49  */
  50 
  51 public class EncryptedKeyResolver extends KeyResolverSpi {
  52 
  53         /** {@link java.util.logging} logging facility */
  54     static java.util.logging.Logger log =
  55         java.util.logging.Logger.getLogger(
  56                         RSAKeyValueResolver.class.getName());
  57 
  58 
  59         Key _kek;
  60         String _algorithm;
  61 
  62         /**
  63          * Constructor for use when a KEK needs to be derived from a KeyInfo
  64          * list
  65          * @param algorithm
  66          */
  67         public EncryptedKeyResolver(String algorithm) {
  68                 _kek = null;
  69         _algorithm=algorithm;
  70         }
  71 
  72         /**
  73          * Constructor used for when a KEK has been set
  74          * @param algorithm
  75          * @param kek
  76          */
  77 
  78         public EncryptedKeyResolver(String algorithm, Key kek) {
  79                 _algorithm = algorithm;
  80                 _kek = kek;

  81 











  82         }
  83 
  84     /** @inheritDoc */
  85    public PublicKey engineLookupAndResolvePublicKey(
  86            Element element, String BaseURI, StorageResolver storage) {
  87 
  88            return null;
  89    }
  90 
  91    /** @inheritDoc */
  92    public X509Certificate engineLookupResolveX509Certificate(
  93            Element element, String BaseURI, StorageResolver storage) {

  94       return null;
  95    }
  96 
  97    /** @inheritDoc */
  98    public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
  99            Element element, String BaseURI, StorageResolver storage) {
 100            SecretKey key=null;
 101            if (log.isLoggable(java.util.logging.Level.FINE))
 102                         log.log(java.util.logging.Level.FINE, "EncryptedKeyResolver - Can I resolve " + element.getTagName());

 103 
 104               if (element == null) {
 105                  return null;
 106               }
 107 
 108               boolean isEncryptedKey = XMLUtils.elementIsInEncryptionSpace(element,
 109                                       EncryptionConstants._TAG_ENCRYPTEDKEY);
 110 
 111               if (isEncryptedKey) {

 112                           log.log(java.util.logging.Level.FINE, "Passed an Encrypted Key");

 113                           try {
 114                                   XMLCipher cipher = XMLCipher.getInstance();
 115                                   cipher.init(XMLCipher.UNWRAP_MODE, _kek);






 116                                   EncryptedKey ek = cipher.loadEncryptedKey(element);
 117                                   key = (SecretKey) cipher.decryptKey(ek, _algorithm);




 118                           }
 119                           catch (Exception e) {}
 120               }
 121 
 122       return key;
 123    }
 124 }
   1 /*
   2  * reserved comment block
   3  * DO NOT REMOVE OR ALTER!
   4  */
   5 /**
   6  * Licensed to the Apache Software Foundation (ASF) under one
   7  * or more contributor license agreements. See the NOTICE file
   8  * distributed with this work for additional information
   9  * regarding copyright ownership. The ASF licenses this file
  10  * to you under the Apache License, Version 2.0 (the
  11  * "License"); you may not use this file except in compliance
  12  * with the License. You may obtain a copy of the License at
  13  *
  14  * http://www.apache.org/licenses/LICENSE-2.0
  15  *
  16  * Unless required by applicable law or agreed to in writing,
  17  * software distributed under the License is distributed on an
  18  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  19  * KIND, either express or implied. See the License for the
  20  * specific language governing permissions and limitations
  21  * under the License.
  22  */
  23 package com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations;
  24 
  25 import java.security.Key;
  26 import java.security.PublicKey;
  27 import java.security.cert.X509Certificate;
  28 import java.util.ArrayList;
  29 import java.util.List;
  30 
  31 import javax.crypto.SecretKey;
  32 
  33 import com.sun.org.apache.xml.internal.security.encryption.EncryptedKey;
  34 import com.sun.org.apache.xml.internal.security.encryption.XMLCipher;
  35 import com.sun.org.apache.xml.internal.security.encryption.XMLEncryptionException;
  36 import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverSpi;
  37 import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver;
  38 import com.sun.org.apache.xml.internal.security.utils.EncryptionConstants;
  39 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
  40 import org.w3c.dom.Element;
  41 

  42 /**
  43  * The <code>EncryptedKeyResolver</code> is not a generic resolver.  It can 
  44  * only be for specific instantiations, as the key being unwrapped will 
  45  * always be of a particular type and will always have been wrapped by 
  46  * another key which needs to be recursively resolved.
  47  *
  48  * The <code>EncryptedKeyResolver</code> can therefore only be instantiated
  49  * with an algorithm.  It can also be instantiated with a key (the KEK) or 
  50  * will search the static KeyResolvers to find the appropriate key.
  51  *
  52  * @author Berin Lautenbach
  53  */

  54 public class EncryptedKeyResolver extends KeyResolverSpi {
  55 
  56     /** {@link org.apache.commons.logging} logging facility */
  57     private static java.util.logging.Logger log = 
  58         java.util.logging.Logger.getLogger(EncryptedKeyResolver.class.getName());
  59 
  60     private Key kek;
  61     private String algorithm;
  62     private List<KeyResolverSpi> internalKeyResolvers;

  63 
  64     /**
  65      * Constructor for use when a KEK needs to be derived from a KeyInfo
  66      * list
  67      * @param algorithm
  68      */
  69     public EncryptedKeyResolver(String algorithm) {             
  70         kek = null;
  71         this.algorithm = algorithm;
  72     }
  73 
  74     /**
  75      * Constructor used for when a KEK has been set
  76      * @param algorithm
  77      * @param kek
  78      */

  79     public EncryptedKeyResolver(String algorithm, Key kek) {            
  80         this.algorithm = algorithm;
  81         this.kek = kek;
  82     }
  83 
  84     /**
  85      * This method is used to add a custom {@link KeyResolverSpi} to help
  86      * resolve the KEK.
  87      *
  88      * @param realKeyResolver
  89      */
  90     public void registerInternalKeyResolver(KeyResolverSpi realKeyResolver) {
  91         if (internalKeyResolvers == null) {
  92             internalKeyResolvers = new ArrayList<KeyResolverSpi>();
  93         }
  94         internalKeyResolvers.add(realKeyResolver);
  95     }
  96 
  97     /** @inheritDoc */
  98     public PublicKey engineLookupAndResolvePublicKey(
  99         Element element, String BaseURI, StorageResolver storage
 100     ) {
 101         return null;
 102     }
 103 
 104     /** @inheritDoc */
 105     public X509Certificate engineLookupResolveX509Certificate(
 106         Element element, String BaseURI, StorageResolver storage
 107     ) {
 108         return null;
 109     }
 110 
 111     /** @inheritDoc */
 112     public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
 113         Element element, String BaseURI, StorageResolver storage
 114     ) {
 115         if (log.isLoggable(java.util.logging.Level.FINE)) {
 116             log.log(java.util.logging.Level.FINE, "EncryptedKeyResolver - Can I resolve " + element.getTagName());
 117         }
 118 
 119         if (element == null) {
 120             return null;
 121         }
 122 
 123         SecretKey key = null;
 124         boolean isEncryptedKey = 
 125             XMLUtils.elementIsInEncryptionSpace(element, EncryptionConstants._TAG_ENCRYPTEDKEY);
 126         if (isEncryptedKey) {
 127             if (log.isLoggable(java.util.logging.Level.FINE)) {
 128                 log.log(java.util.logging.Level.FINE, "Passed an Encrypted Key");
 129             }
 130             try {
 131                 XMLCipher cipher = XMLCipher.getInstance();
 132                 cipher.init(XMLCipher.UNWRAP_MODE, kek);
 133                 if (internalKeyResolvers != null) {
 134                     int size = internalKeyResolvers.size();
 135                     for (int i = 0; i < size; i++) {
 136                         cipher.registerInternalKeyResolver(internalKeyResolvers.get(i));
 137                     }
 138                 }
 139                 EncryptedKey ek = cipher.loadEncryptedKey(element);
 140                 key = (SecretKey) cipher.decryptKey(ek, algorithm);
 141             } catch (XMLEncryptionException e) {
 142                 if (log.isLoggable(java.util.logging.Level.FINE)) {
 143                     log.log(java.util.logging.Level.FINE, e.getMessage(), e);
 144                 }
 145             }

 146         }
 147 
 148         return key;
 149     }
 150 }