X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=xmltooling%2Fencryption%2FEncrypter.h;h=c562a225a3089506d1b42f27c79f6bc3a8079548;hb=5cb314df178f78c6fa7b9826c2c5a5298ec7a473;hp=bb00268be7cac2bd9248c36f6c289e5cde462624;hpb=e39828c168f8f0135373daf46989d6b28257b39f;p=shibboleth%2Fcpp-xmltooling.git
diff --git a/xmltooling/encryption/Encrypter.h b/xmltooling/encryption/Encrypter.h
index bb00268..c562a22 100644
--- a/xmltooling/encryption/Encrypter.h
+++ b/xmltooling/encryption/Encrypter.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2006 Internet2
+ * Copyright 2001-2007 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
*/
/**
- * @file Encrypter.h
+ * @file xmltooling/encryption/Encrypter.h
*
* Methods for encrypting XMLObjects and other data.
*/
@@ -99,16 +99,21 @@ namespace xmlencryption {
/**
* Constructor.
- * The algorithm constant MUST be accessible for the life of the structure.
- * Using a static constant suffices for this. The other objects will be destroyed if need be
+ * The algorithm and recipient constants MUST be accessible for the life of the
+ * structure. Using a static constant suffices for this. The other objects will be destroyed if
* when the structure is destroyed.
*
* @param algorithm the XML Encryption key wrapping or transport algorithm constant
* @param key the key encryption key to use
+ * @param recipient optional name of recipient of encrypted key
* @param keyInfo a KeyInfo object to place within the EncryptedKey structure that describes the KEK
*/
- KeyEncryptionParams(const XMLCh* algorithm, XSECCryptoKey* key, xmlsignature::KeyInfo* keyInfo=NULL)
- : m_key(key), m_keyInfo(keyInfo), m_algorithm(algorithm) {
+ KeyEncryptionParams(
+ const XMLCh* algorithm,
+ XSECCryptoKey* key,
+ const XMLCh* recipient=NULL,
+ xmlsignature::KeyInfo* keyInfo=NULL
+ ) : m_algorithm(algorithm), m_key(key), m_recipient(recipient), m_keyInfo(keyInfo) {
}
~KeyEncryptionParams() {
@@ -116,9 +121,10 @@ namespace xmlencryption {
delete m_keyInfo;
}
private:
+ const XMLCh* m_algorithm;
XSECCryptoKey* m_key;
+ const XMLCh* m_recipient;
xmlsignature::KeyInfo* m_keyInfo;
- const XMLCh* m_algorithm;
friend class Encrypter;
};
@@ -129,55 +135,65 @@ namespace xmlencryption {
/**
* Encrypts the supplied element and returns the resulting object.
- * The returned object will be unmarshalled around a DOM tree created
- * using the encrypted element's owning document.
*
* If an encryption algorithm is set, but no key, a random key will be
- * generated iff keParams is non-NULL and the algorithm is known.
+ * generated iff kencParams is non-NULL and the algorithm is known.
*
* If key encryption parameters are supplied, then the encryption key
* is wrapped and the result placed into an EncryptedKey object in the
* KeyInfo of the returned EncryptedData.
*
- * @param element the DOM element to encrypt
- * @param keParams key encryption settings, or NULL
+ * @param element the DOM element to encrypt
+ * @param encParams primary encryption settings
+ * @param kencParams key encryption settings, or NULL
+ * @return a stand-alone EncryptedData object, unconnected to the source DOM
*/
EncryptedData* encryptElement(DOMElement* element, EncryptionParams& encParams, KeyEncryptionParams* kencParams=NULL);
/**
* Encrypts the supplied element's children and returns the resulting object.
- * The returned object will be unmarshalled around a DOM tree created
- * using the encrypted content's owning document.
*
* If an encryption algorithm is set, but no key, a random key will be
- * generated iff keParams is non-NULL and the algorithm is known.
+ * generated iff kencParams is non-NULL and the algorithm is known.
* If key encryption parameters are supplied, then the encryption key
* is wrapped and the result placed into an EncryptedKey object in the
* KeyInfo of the returned EncryptedData.
*
- * @param element parent element of children to encrypt
- * @param keParams key encryption settings, or NULL
+ * @param element parent element of children to encrypt
+ * @param encParams primary encryption settings
+ * @param kencParams key encryption settings, or NULL
+ * @return a stand-alone EncryptedData object, unconnected to the source DOM
*/
EncryptedData* encryptElementContent(DOMElement* element, EncryptionParams& encParams, KeyEncryptionParams* kencParams=NULL);
/**
* Encrypts the supplied input stream and returns the resulting object.
- * The returned object will be unmarshalled around a DOM tree created
- * using the encrypted element's owning document.
*
* If an encryption algorithm is set, but no key, a random key will be
- * generated iff keParams is non-NULL and the algorithm is known.
+ * generated iff kencParams is non-NULL and the algorithm is known.
* If key encryption parameters are supplied, then the encryption key
* is wrapped and the result placed into an EncryptedKey object in the
* KeyInfo of the returned EncryptedData.
*
- * @param input the stream to encrypt
- * @param keParams key encryption settings, or NULL
+ * @param input the stream to encrypt
+ * @param encParams primary encryption settings
+ * @param kencParams key encryption settings, or NULL
+ * @return a stand-alone EncryptedData object, unconnected to any DOM
*/
EncryptedData* encryptStream(std::istream& input, EncryptionParams& encParams, KeyEncryptionParams* kencParams=NULL);
+ /**
+ * Encrypts the supplied key and returns the resulting object.
+ *
+ * @param keyBuffer raw key material to encrypt
+ * @param keyBufferSize size in bytes of raw key material
+ * @param kencParams key encryption settings
+ * @return a stand-alone EncryptedKey object, unconnected to any DOM
+ */
+ EncryptedKey* encryptKey(const unsigned char* keyBuffer, unsigned int keyBufferSize, KeyEncryptionParams& kencParams);
+
private:
void checkParams(EncryptionParams& encParams, KeyEncryptionParams* kencParams);
EncryptedData* decorateAndUnmarshall(EncryptionParams& encParams, KeyEncryptionParams* kencParams);
@@ -186,7 +202,7 @@ namespace xmlencryption {
unsigned char m_keyBuffer[32];
};
- DECL_XMLTOOLING_EXCEPTION(EncryptionException,XMLTOOL_EXCEPTIONAPI(XMLTOOL_API),xmlencryption,xmltooling::XMLToolingException,Exceptions in encryption processing);
+ DECL_XMLTOOLING_EXCEPTION(EncryptionException,XMLTOOL_EXCEPTIONAPI(XMLTOOL_API),xmlencryption,xmltooling::XMLSecurityException,Exceptions in encryption processing);
};