+ BEGIN_XMLOBJECT(SAML_API,EncryptedElementType,xmltooling::XMLObject,SAML 2.0 EncryptedElementType type);
+ DECL_TYPED_FOREIGN_CHILD(EncryptedData,xmlencryption);
+ DECL_TYPED_FOREIGN_CHILDREN(EncryptedKey,xmlencryption);
+ /** EncryptedElementType local name */
+ static const XMLCh TYPE_NAME[];
+
+ /**
+ * Encrypts an object to a single recipient using this object as a container.
+ *
+ * @param xmlObject object to encrypt
+ * @param metadataProvider a locked MetadataProvider to supply encryption keys
+ * @param criteria metadata-based CredentialCriteria to use
+ * @param compact true iff compact KeyInfo should be used
+ * @param algorithm optionally specifies data encryption algorithm if none can be determined from metadata
+ * @return the encrypted object
+ */
+ virtual void encrypt(
+ const EncryptableObject& xmlObject,
+ const saml2md::MetadataProvider& metadataProvider,
+ saml2md::MetadataCredentialCriteria& criteria,
+ bool compact=false,
+ const XMLCh* algorithm=nullptr
+ );
+
+ /**
+ * Encrypts an object to multiple recipients using this object as a container.
+ *
+ * @param xmlObject object to encrypt
+ * @param recipients pairs containing a locked MetadataProvider to supply encryption keys,
+ * and a metadata-based CredentialCriteria to use
+ * @param compact true iff compact KeyInfo should be used
+ * @param algorithm optionally specifies data encryption algorithm if none can be determined from metadata
+ * @return the encrypted object
+ */
+ virtual void encrypt(
+ const EncryptableObject& xmlObject,
+ const std::vector< std::pair<const saml2md::MetadataProvider*, saml2md::MetadataCredentialCriteria*> >& recipients,
+ bool compact=false,
+ const XMLCh* algorithm=nullptr
+ );
+
+ /**
+ * Decrypts the element using the supplied CredentialResolver.
+ *
+ * <p>The object returned will be unmarshalled around the decrypted DOM element in a
+ * new Document owned by the object.
+ *
+ * <p>The final boolean parameter is used to enforce a requirement for an authenticated cipher
+ * suite such as AES-GCM or similar. These ciphers include an HMAC or equivalent step that
+ * prevents tampering. Newer applications should set this parameter to true unless the ciphertext
+ * has been independently authenticated, and even in such a case, it is rarely possible to prevent
+ * chosen ciphertext attacks by trusted signers.
+ *
+ * @param credResolver locked resolver supplying decryption keys
+ * @param recipient identifier naming the recipient (the entity performing the decryption)
+ * @param criteria optional external criteria to use with resolver
+ * @param requireAuthenticatedCipher true iff the bulk data encryption algorithm must be an authenticated cipher
+ * @return the decrypted and unmarshalled object
+ */
+ virtual xmltooling::XMLObject* decrypt(
+ const xmltooling::CredentialResolver& credResolver,
+ const XMLCh* recipient,
+ xmltooling::CredentialCriteria* criteria=nullptr,
+ bool requireAuthenticatedCipher=false
+ ) const;
+ END_XMLOBJECT;
+
+ BEGIN_XMLOBJECT(SAML_API,EncryptedID,EncryptedElementType,SAML 2.0 EncryptedID element);
+ END_XMLOBJECT;
+
+ BEGIN_XMLOBJECT(SAML_API,BaseID,EncryptableObject,SAML 2.0 BaseID abstract element);