1 /* 2 * reserved comment block 3 * DO NOT REMOVE OR ALTER! 4 */ 5 /* 6 * Copyright 1999-2004 The Apache Software Foundation. 7 * 8 * Licensed under the Apache License, Version 2.0 (the "License"); 9 * you may not use this file except in compliance with the License. 10 * You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, software 15 * distributed under the License is distributed on an "AS IS" BASIS, 16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 * See the License for the specific language governing permissions and 18 * limitations under the License. 19 * 20 */ 21 package com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations; 22 23 import java.security.Key; 24 import java.security.PublicKey; 25 import java.security.cert.X509Certificate; 26 27 import javax.crypto.SecretKey; 28 29 import com.sun.org.apache.xml.internal.security.encryption.EncryptedKey; 30 import com.sun.org.apache.xml.internal.security.encryption.XMLCipher; 31 import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverSpi; 32 import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver; 33 import com.sun.org.apache.xml.internal.security.utils.EncryptionConstants; 34 import com.sun.org.apache.xml.internal.security.utils.XMLUtils; 35 import org.w3c.dom.Element; 36 37 38 /** 39 * The <code>EncryptedKeyResolver</code> is not a generic resolver. It can 40 * only be for specific instantiations, as the key being unwrapped will 41 * always be of a particular type and will always have been wrapped by 42 * another key which needs to be recursively resolved. 43 * 44 * The <code>EncryptedKeyResolver</code> can therefore only be instantiated 45 * with an algorithm. It can also be instantiated with a key (the KEK) or 46 * will search the static KeyResolvers to find the appropriate key. 47 * 48 * @author Berin Lautenbach 49 */ 50 51 public class EncryptedKeyResolver extends KeyResolverSpi { 52 53 /** {@link java.util.logging} logging facility */ 54 static java.util.logging.Logger log = 55 java.util.logging.Logger.getLogger( 56 RSAKeyValueResolver.class.getName()); 57 58 59 Key _kek; 60 String _algorithm; 61 62 /** 63 * Constructor for use when a KEK needs to be derived from a KeyInfo 64 * list 65 * @param algorithm 66 */ 67 public EncryptedKeyResolver(String algorithm) { 68 _kek = null; 69 _algorithm=algorithm; 70 } 71 72 /** 73 * Constructor used for when a KEK has been set 74 * @param algorithm 75 * @param kek 76 */ 77 78 public EncryptedKeyResolver(String algorithm, Key kek) { 79 _algorithm = algorithm; 80 _kek = kek; 81 82 } 83 84 /** @inheritDoc */ 85 public PublicKey engineLookupAndResolvePublicKey( 86 Element element, String BaseURI, StorageResolver storage) { 87 88 return null; 89 } 90 91 /** @inheritDoc */ 92 public X509Certificate engineLookupResolveX509Certificate( 93 Element element, String BaseURI, StorageResolver storage) { 94 return null; 95 } 96 97 /** @inheritDoc */ 98 public javax.crypto.SecretKey engineLookupAndResolveSecretKey( 99 Element element, String BaseURI, StorageResolver storage) { 100 SecretKey key=null; 101 if (log.isLoggable(java.util.logging.Level.FINE)) 102 log.log(java.util.logging.Level.FINE, "EncryptedKeyResolver - Can I resolve " + element.getTagName()); 103 104 if (element == null) { 105 return null; 106 } 107 108 boolean isEncryptedKey = XMLUtils.elementIsInEncryptionSpace(element, 109 EncryptionConstants._TAG_ENCRYPTEDKEY); 110 111 if (isEncryptedKey) { 112 log.log(java.util.logging.Level.FINE, "Passed an Encrypted Key"); 113 try { 114 XMLCipher cipher = XMLCipher.getInstance(); 115 cipher.init(XMLCipher.UNWRAP_MODE, _kek); 116 EncryptedKey ek = cipher.loadEncryptedKey(element); 117 key = (SecretKey) cipher.decryptKey(ek, _algorithm); 118 } 119 catch (Exception e) {} 120 } 121 122 return key; 123 } 124 } | 1 /* 2 * reserved comment block 3 * DO NOT REMOVE OR ALTER! 4 */ 5 /** 6 * Licensed to the Apache Software Foundation (ASF) under one 7 * or more contributor license agreements. See the NOTICE file 8 * distributed with this work for additional information 9 * regarding copyright ownership. The ASF licenses this file 10 * to you under the Apache License, Version 2.0 (the 11 * "License"); you may not use this file except in compliance 12 * with the License. You may obtain a copy of the License at 13 * 14 * http://www.apache.org/licenses/LICENSE-2.0 15 * 16 * Unless required by applicable law or agreed to in writing, 17 * software distributed under the License is distributed on an 18 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 19 * KIND, either express or implied. See the License for the 20 * specific language governing permissions and limitations 21 * under the License. 22 */ 23 package com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations; 24 25 import java.security.Key; 26 import java.security.PublicKey; 27 import java.security.cert.X509Certificate; 28 import java.util.ArrayList; 29 import java.util.List; 30 31 import javax.crypto.SecretKey; 32 33 import com.sun.org.apache.xml.internal.security.encryption.EncryptedKey; 34 import com.sun.org.apache.xml.internal.security.encryption.XMLCipher; 35 import com.sun.org.apache.xml.internal.security.encryption.XMLEncryptionException; 36 import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverSpi; 37 import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver; 38 import com.sun.org.apache.xml.internal.security.utils.EncryptionConstants; 39 import com.sun.org.apache.xml.internal.security.utils.XMLUtils; 40 import org.w3c.dom.Element; 41 42 /** 43 * The <code>EncryptedKeyResolver</code> is not a generic resolver. It can 44 * only be for specific instantiations, as the key being unwrapped will 45 * always be of a particular type and will always have been wrapped by 46 * another key which needs to be recursively resolved. 47 * 48 * The <code>EncryptedKeyResolver</code> can therefore only be instantiated 49 * with an algorithm. It can also be instantiated with a key (the KEK) or 50 * will search the static KeyResolvers to find the appropriate key. 51 * 52 * @author Berin Lautenbach 53 */ 54 public class EncryptedKeyResolver extends KeyResolverSpi { 55 56 /** {@link org.apache.commons.logging} logging facility */ 57 private static java.util.logging.Logger log = 58 java.util.logging.Logger.getLogger(EncryptedKeyResolver.class.getName()); 59 60 private Key kek; 61 private String algorithm; 62 private List<KeyResolverSpi> internalKeyResolvers; 63 64 /** 65 * Constructor for use when a KEK needs to be derived from a KeyInfo 66 * list 67 * @param algorithm 68 */ 69 public EncryptedKeyResolver(String algorithm) { 70 kek = null; 71 this.algorithm = algorithm; 72 } 73 74 /** 75 * Constructor used for when a KEK has been set 76 * @param algorithm 77 * @param kek 78 */ 79 public EncryptedKeyResolver(String algorithm, Key kek) { 80 this.algorithm = algorithm; 81 this.kek = kek; 82 } 83 84 /** 85 * This method is used to add a custom {@link KeyResolverSpi} to help 86 * resolve the KEK. 87 * 88 * @param realKeyResolver 89 */ 90 public void registerInternalKeyResolver(KeyResolverSpi realKeyResolver) { 91 if (internalKeyResolvers == null) { 92 internalKeyResolvers = new ArrayList<KeyResolverSpi>(); 93 } 94 internalKeyResolvers.add(realKeyResolver); 95 } 96 97 /** @inheritDoc */ 98 public PublicKey engineLookupAndResolvePublicKey( 99 Element element, String BaseURI, StorageResolver storage 100 ) { 101 return null; 102 } 103 104 /** @inheritDoc */ 105 public X509Certificate engineLookupResolveX509Certificate( 106 Element element, String BaseURI, StorageResolver storage 107 ) { 108 return null; 109 } 110 111 /** @inheritDoc */ 112 public javax.crypto.SecretKey engineLookupAndResolveSecretKey( 113 Element element, String BaseURI, StorageResolver storage 114 ) { 115 if (log.isLoggable(java.util.logging.Level.FINE)) { 116 log.log(java.util.logging.Level.FINE, "EncryptedKeyResolver - Can I resolve " + element.getTagName()); 117 } 118 119 if (element == null) { 120 return null; 121 } 122 123 SecretKey key = null; 124 boolean isEncryptedKey = 125 XMLUtils.elementIsInEncryptionSpace(element, EncryptionConstants._TAG_ENCRYPTEDKEY); 126 if (isEncryptedKey) { 127 if (log.isLoggable(java.util.logging.Level.FINE)) { 128 log.log(java.util.logging.Level.FINE, "Passed an Encrypted Key"); 129 } 130 try { 131 XMLCipher cipher = XMLCipher.getInstance(); 132 cipher.init(XMLCipher.UNWRAP_MODE, kek); 133 if (internalKeyResolvers != null) { 134 int size = internalKeyResolvers.size(); 135 for (int i = 0; i < size; i++) { 136 cipher.registerInternalKeyResolver(internalKeyResolvers.get(i)); 137 } 138 } 139 EncryptedKey ek = cipher.loadEncryptedKey(element); 140 key = (SecretKey) cipher.decryptKey(ek, algorithm); 141 } catch (XMLEncryptionException e) { 142 if (log.isLoggable(java.util.logging.Level.FINE)) { 143 log.log(java.util.logging.Level.FINE, e.getMessage(), e); 144 } 145 } 146 } 147 148 return key; 149 } 150 } |