2 * Copyright 2001-2006 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
20 * Methods for encrypting XMLObjects and other data.
24 #include "encryption/Encrypter.h"
26 #include <xsec/enc/XSECCryptoException.hpp>
27 #include <xsec/framework/XSECException.hpp>
28 #include <xsec/framework/XSECAlgorithmMapper.hpp>
29 #include <xsec/framework/XSECAlgorithmHandler.hpp>
30 #include <xsec/xenc/XENCEncryptedData.hpp>
31 #include <xsec/xenc/XENCEncryptedKey.hpp>
33 using namespace xmlencryption;
34 using namespace xmlsignature;
35 using namespace xmltooling;
38 Encrypter::~Encrypter()
40 XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher);
41 memset(m_keyBuffer,0,32);
44 void Encrypter::checkParams(EncryptionParams& encParams, KeyEncryptionParams* kencParams)
46 if (encParams.m_keyBufferSize==0) {
47 if (encParams.m_key) {
49 throw EncryptionException("Generating EncryptedKey inline requires the encryption key in raw form.");
51 else if (!encParams.m_key) {
53 throw EncryptionException("Using a generated encryption key requires a KeyEncryptionParams object.");
55 // We're generating a random key. The maximum supported length is AES-256, so we need 32 bytes.
56 if (XSECPlatformUtils::g_cryptoProvider->getRandom(m_keyBuffer,32)<32)
57 throw EncryptionException("Unable to generate random data; was PRNG seeded?");
58 encParams.m_keyBuffer=m_keyBuffer;
59 encParams.m_keyBufferSize=32;
63 if (!encParams.m_key) {
64 // We have to have a raw key now, so we need to build a wrapper around it.
65 XSECAlgorithmHandler* handler =XSECPlatformUtils::g_algorithmMapper->mapURIToHandler(encParams.m_algorithm);
67 encParams.m_key = handler->createKeyForURI(
68 encParams.m_algorithm,const_cast<unsigned char*>(encParams.m_keyBuffer),encParams.m_keyBufferSize
72 throw EncryptionException("Unable to build wrapper for key, unknown algorithm?");
75 // Set the encryption key.
76 m_cipher->setKey(encParams.m_key->clone());
79 EncryptedData* Encrypter::encryptElement(DOMElement* element, EncryptionParams& encParams, KeyEncryptionParams* kencParams)
81 // We can reuse the cipher object if the document hasn't changed.
83 if (m_cipher && m_cipher->getDocument()!=element->getOwnerDocument()) {
84 XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher);
89 m_cipher=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newCipher(element->getOwnerDocument());
92 checkParams(encParams,kencParams);
93 m_cipher->encryptElementDetached(element, ENCRYPT_NONE, encParams.m_algorithm);
94 return decorateAndUnmarshall(encParams, kencParams);
96 catch(XSECException& e) {
97 auto_ptr_char temp(e.getMsg());
98 throw EncryptionException(string("XMLSecurity exception while encrypting: ") + temp.get());
100 catch(XSECCryptoException& e) {
101 throw EncryptionException(string("XMLSecurity exception while encrypting: ") + e.getMsg());
105 EncryptedData* Encrypter::encryptElementContent(DOMElement* element, EncryptionParams& encParams, KeyEncryptionParams* kencParams)
107 // We can reuse the cipher object if the document hasn't changed.
109 if (m_cipher && m_cipher->getDocument()!=element->getOwnerDocument()) {
110 XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher);
115 m_cipher=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newCipher(element->getOwnerDocument());
118 checkParams(encParams,kencParams);
119 m_cipher->encryptElementContentDetached(element, ENCRYPT_NONE, encParams.m_algorithm);
120 return decorateAndUnmarshall(encParams, kencParams);
122 catch(XSECException& e) {
123 auto_ptr_char temp(e.getMsg());
124 throw EncryptionException(string("XMLSecurity exception while encrypting: ") + temp.get());
126 catch(XSECCryptoException& e) {
127 throw EncryptionException(string("XMLSecurity exception while encrypting: ") + e.getMsg());
131 EncryptedData* Encrypter::encryptStream(istream& input, EncryptionParams& encParams, KeyEncryptionParams* kencParams)
133 // Get a fresh cipher object and document.
136 XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher);
140 DOMDocument* doc=NULL;
142 doc=XMLToolingConfig::getConfig().getParser().newDocument();
143 XercesJanitor<DOMDocument> janitor(doc);
144 m_cipher=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newCipher(doc);
146 checkParams(encParams,kencParams);
147 StreamInputSource::StreamBinInputStream xstream(input);
148 m_cipher->encryptBinInputStream(&xstream, ENCRYPT_NONE, encParams.m_algorithm);
149 EncryptedData* xmlEncData = decorateAndUnmarshall(encParams, kencParams);
152 catch(XSECException& e) {
153 auto_ptr_char temp(e.getMsg());
154 throw EncryptionException(string("XMLSecurity exception while encrypting: ") + temp.get());
156 catch(XSECCryptoException& e) {
157 throw EncryptionException(string("XMLSecurity exception while encrypting: ") + e.getMsg());
161 EncryptedData* Encrypter::decorateAndUnmarshall(EncryptionParams& encParams, KeyEncryptionParams* kencParams)
163 XENCEncryptedData* encData=m_cipher->getEncryptedData();
165 throw EncryptionException("No EncryptedData element found?");
167 // Unmarshall a tooling version of EncryptedData around the DOM.
168 EncryptedData* xmlEncData=NULL;
169 auto_ptr<XMLObject> xmlObject(XMLObjectBuilder::buildOneFromElement(encData->getElement()));
170 if (!(xmlObject.get()) || !(xmlEncData=dynamic_cast<EncryptedData*>(xmlObject.get())))
171 throw EncryptionException("Unable to unmarshall into EncryptedData object.");
173 // Unbind from DOM so we can divorce this from the original document.
174 xmlEncData->releaseThisAndChildrenDOM();
177 if (encParams.m_keyInfo) {
178 xmlEncData->setKeyInfo(encParams.m_keyInfo);
179 encParams.m_keyInfo=NULL; // transfer ownership
182 // Are we doing a key encryption?
184 m_cipher->setKEK(kencParams->m_key->clone());
185 // ownership of this belongs to us, for some reason...
186 auto_ptr<XENCEncryptedKey> encKey(
187 m_cipher->encryptKey(encParams.m_keyBuffer, encParams.m_keyBufferSize, ENCRYPT_NONE, kencParams->m_algorithm)
189 EncryptedKey* xmlEncKey=NULL;
190 auto_ptr<XMLObject> xmlObjectKey(XMLObjectBuilder::buildOneFromElement(encKey->getElement()));
191 if (!(xmlObjectKey.get()) || !(xmlEncKey=dynamic_cast<EncryptedKey*>(xmlObjectKey.get())))
192 throw EncryptionException("Unable to unmarshall into EncryptedKey object.");
194 xmlEncKey->releaseThisAndChildrenDOM();
197 if (kencParams->m_recipient)
198 xmlEncKey->setRecipient(kencParams->m_recipient);
201 if (kencParams->m_keyInfo) {
202 xmlEncKey->setKeyInfo(kencParams->m_keyInfo);
203 kencParams->m_keyInfo=NULL; // transfer ownership
206 // Add the EncryptedKey.
207 if (!xmlEncData->getKeyInfo())
208 xmlEncData->setKeyInfo(KeyInfoBuilder::buildKeyInfo());
209 xmlEncData->getKeyInfo()->getOthers().push_back(xmlEncKey);
210 xmlObjectKey.release();
217 EncryptedKey* Encrypter::encryptKey(const unsigned char* keyBuffer, unsigned int keyBufferSize, KeyEncryptionParams& kencParams)
219 // Get a fresh cipher object and document.
222 XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher);
226 DOMDocument* doc=NULL;
228 doc=XMLToolingConfig::getConfig().getParser().newDocument();
229 XercesJanitor<DOMDocument> janitor(doc);
230 m_cipher=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newCipher(doc);
231 m_cipher->setKEK(kencParams.m_key->clone());
232 auto_ptr<XENCEncryptedKey> encKey(m_cipher->encryptKey(keyBuffer, keyBufferSize, ENCRYPT_NONE, kencParams.m_algorithm));
234 EncryptedKey* xmlEncKey=NULL;
235 auto_ptr<XMLObject> xmlObjectKey(XMLObjectBuilder::buildOneFromElement(encKey->getElement()));
236 if (!(xmlObjectKey.get()) || !(xmlEncKey=dynamic_cast<EncryptedKey*>(xmlObjectKey.get())))
237 throw EncryptionException("Unable to unmarshall into EncryptedKey object.");
239 xmlEncKey->releaseThisAndChildrenDOM();
242 if (kencParams.m_recipient)
243 xmlEncKey->setRecipient(kencParams.m_recipient);
246 if (kencParams.m_keyInfo) {
247 xmlEncKey->setKeyInfo(kencParams.m_keyInfo);
248 kencParams.m_keyInfo=NULL; // transfer ownership
251 xmlObjectKey.release();
254 catch(XSECException& e) {
255 auto_ptr_char temp(e.getMsg());
256 throw EncryptionException(string("XMLSecurity exception while encrypting: ") + temp.get());
258 catch(XSECCryptoException& e) {
259 throw EncryptionException(string("XMLSecurity exception while encrypting: ") + e.getMsg());