X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=xmltooling%2Fencryption%2FEncrypter.h;h=140a8601f9c703ea02cbc19f6e7ac95a3d3e5195;hb=a0d768778a8f5f539b909baf5b115e70ea765f0f;hp=c562a225a3089506d1b42f27c79f6bc3a8079548;hpb=5cb314df178f78c6fa7b9826c2c5a5298ec7a473;p=shibboleth%2Fcpp-xmltooling.git diff --git a/xmltooling/encryption/Encrypter.h b/xmltooling/encryption/Encrypter.h index c562a22..140a860 100644 --- a/xmltooling/encryption/Encrypter.h +++ b/xmltooling/encryption/Encrypter.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2007 Internet2 + * Copyright 2001-2010 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,13 +23,21 @@ #if !defined(__xmltooling_encrypter_h__) && !defined(XMLTOOLING_NO_XMLSEC) #define __xmltooling_encrypter_h__ -#include +#include -#include -#include +#include + +class XENCCipher; + +namespace xmltooling { + class XMLTOOL_API Credential; +}; namespace xmlencryption { + class XMLTOOL_API EncryptedData; + class XMLTOOL_API EncryptedKey; + /** * Wrapper API for XML Encryption functionality. * Designed to allow both external and internal key generation as follows: @@ -47,7 +55,10 @@ namespace xmlencryption { * Summing up, if KeyEncryptionParams are used, a raw key must be available or the * key can be generated when the encryption algorithm itself is a standard one. If * no KeyEncryptionParams are supplied, then the key must be supplied either in raw - * or object form. + * or object form. + * + * Finally, when encrypting data, the key transport algorithm can be left blank to + * derive it from the data encryption algorithm. */ class XMLTOOL_API Encrypter { @@ -57,81 +68,74 @@ namespace xmlencryption { * Structure to collect encryption requirements. */ struct XMLTOOL_API EncryptionParams { - /** * Constructor. + * * The algorithm constant and key buffer MUST be accessible for the life of - * the structure. The other objects will be destroyed if need be when the structure is destroyed. + * the structure. * - * @param algorithm the XML Encryption key wrapping or transport algorithm constant + * @param algorithm the XML Encryption algorithm constant * @param keyBuffer buffer containing the raw key information * @param keyBufferSize the size of the raw key buffer in bytes - * @param key the key encryption key to use, or NULL - * @param keyInfo a KeyInfo object to place within the EncryptedData structure + * @param credential optional Credential supplying the encryption key + * @param compact true iff the encrypted representation should be made as small as possible */ EncryptionParams( - const XMLCh* algorithm=DSIGConstants::s_unicodeStrURIAES256_CBC, - const unsigned char* keyBuffer=NULL, + const XMLCh* algorithm=DSIGConstants::s_unicodeStrURIAES128_CBC, + const unsigned char* keyBuffer=nullptr, unsigned int keyBufferSize=0, - XSECCryptoKey* key=NULL, - xmlsignature::KeyInfo* keyInfo=NULL - ) : m_keyBuffer(keyBuffer), m_keyBufferSize(keyBufferSize), m_key(key), m_keyInfo(keyInfo), m_algorithm(algorithm) { - } - - ~EncryptionParams() { - delete m_key; - delete m_keyInfo; - } - private: - const unsigned char* m_keyBuffer; - unsigned int m_keyBufferSize; - XSECCryptoKey* m_key; - xmlsignature::KeyInfo* m_keyInfo; + const xmltooling::Credential* credential=nullptr, + bool compact=false + ); + + ~EncryptionParams(); + + /** Data encryption algorithm. */ const XMLCh* m_algorithm; - friend class Encrypter; + /** Buffer containing encryption key. */ + const unsigned char* m_keyBuffer; + + /** Size of buffer. */ + unsigned int m_keyBufferSize; + + /** Credential containing the encryption key. */ + const xmltooling::Credential* m_credential; + + /** Flag limiting the size of the encrypted XML representation. */ + bool m_compact; }; /** * Structure to collect key wrapping/transport requirements. */ struct XMLTOOL_API KeyEncryptionParams { - /** * Constructor. - * The algorithm and recipient constants MUST be accessible for the life of the - * structure. Using a static constant suffices for this. The other objects will be destroyed if - * when the structure is destroyed. * - * @param algorithm the XML Encryption key wrapping or transport algorithm constant - * @param key the key encryption key to use + * @param credential a Credential supplying the key encryption key + * @param algorithm XML Encryption key wrapping or transport algorithm constant * @param recipient optional name of recipient of encrypted key - * @param keyInfo a KeyInfo object to place within the EncryptedKey structure that describes the KEK */ KeyEncryptionParams( - const XMLCh* algorithm, - XSECCryptoKey* key, - const XMLCh* recipient=NULL, - xmlsignature::KeyInfo* keyInfo=NULL - ) : m_algorithm(algorithm), m_key(key), m_recipient(recipient), m_keyInfo(keyInfo) { - } + const xmltooling::Credential& credential, const XMLCh* algorithm=nullptr, const XMLCh* recipient=nullptr + ); - ~KeyEncryptionParams() { - delete m_key; - delete m_keyInfo; - } - private: + ~KeyEncryptionParams(); + + /** Credential containing key encryption key. */ + const xmltooling::Credential& m_credential; + + /** Key transport or wrapping algorithm. */ const XMLCh* m_algorithm; - XSECCryptoKey* m_key; + + /** Name of recipient that owns the key encryption key. */ const XMLCh* m_recipient; - xmlsignature::KeyInfo* m_keyInfo; - - friend class Encrypter; }; - Encrypter() : m_cipher(NULL) {} + Encrypter(); - ~Encrypter(); + virtual ~Encrypter(); /** * Encrypts the supplied element and returns the resulting object. @@ -145,10 +149,12 @@ namespace xmlencryption { * * @param element the DOM element to encrypt * @param encParams primary encryption settings - * @param kencParams key encryption settings, or NULL + * @param kencParams key encryption settings, or nullptr * @return a stand-alone EncryptedData object, unconnected to the source DOM */ - EncryptedData* encryptElement(DOMElement* element, EncryptionParams& encParams, KeyEncryptionParams* kencParams=NULL); + EncryptedData* encryptElement( + xercesc::DOMElement* element, EncryptionParams& encParams, KeyEncryptionParams* kencParams=nullptr + ); /** * Encrypts the supplied element's children and returns the resulting object. @@ -162,10 +168,12 @@ namespace xmlencryption { * * @param element parent element of children to encrypt * @param encParams primary encryption settings - * @param kencParams key encryption settings, or NULL + * @param kencParams key encryption settings, or nullptr * @return a stand-alone EncryptedData object, unconnected to the source DOM */ - EncryptedData* encryptElementContent(DOMElement* element, EncryptionParams& encParams, KeyEncryptionParams* kencParams=NULL); + EncryptedData* encryptElementContent( + xercesc::DOMElement* element, EncryptionParams& encParams, KeyEncryptionParams* kencParams=nullptr + ); /** * Encrypts the supplied input stream and returns the resulting object. @@ -179,10 +187,10 @@ namespace xmlencryption { * * @param input the stream to encrypt * @param encParams primary encryption settings - * @param kencParams key encryption settings, or NULL + * @param kencParams key encryption settings, or nullptr * @return a stand-alone EncryptedData object, unconnected to any DOM */ - EncryptedData* encryptStream(std::istream& input, EncryptionParams& encParams, KeyEncryptionParams* kencParams=NULL); + EncryptedData* encryptStream(std::istream& input, EncryptionParams& encParams, KeyEncryptionParams* kencParams=nullptr); /** * Encrypts the supplied key and returns the resulting object. @@ -190,9 +198,21 @@ namespace xmlencryption { * @param keyBuffer raw key material to encrypt * @param keyBufferSize size in bytes of raw key material * @param kencParams key encryption settings + * @param compact true iff the encrypted representation should be made as small as possible * @return a stand-alone EncryptedKey object, unconnected to any DOM */ - EncryptedKey* encryptKey(const unsigned char* keyBuffer, unsigned int keyBufferSize, KeyEncryptionParams& kencParams); + EncryptedKey* encryptKey( + const unsigned char* keyBuffer, unsigned int keyBufferSize, KeyEncryptionParams& kencParams, bool compact=false + ); + + /** + * Maps a data encryption algorithm to an appropriate key transport algorithm to use. + * + * @param credential the key encryption key + * @param encryptionAlg data encryption algorithm + * @return a key transport algorithm + */ + static const XMLCh* getKeyTransportAlgorithm(const xmltooling::Credential& credential, const XMLCh* encryptionAlg); private: void checkParams(EncryptionParams& encParams, KeyEncryptionParams* kencParams);