X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=xmltooling%2Fencryption%2Fimpl%2FDecrypter.cpp;h=49af2f37574114361b555ccce607923baa332e5c;hb=81b488b2790e7bdeb2f43560b1d4a7d22c3dfdf5;hp=89a274b6a305681e20cd950909c3926a36fccec1;hpb=a8d82f50437c7228f2bb572b4b7821a7d8494c3f;p=shibboleth%2Fcpp-xmltooling.git diff --git a/xmltooling/encryption/impl/Decrypter.cpp b/xmltooling/encryption/impl/Decrypter.cpp index 89a274b..49af2f3 100644 --- a/xmltooling/encryption/impl/Decrypter.cpp +++ b/xmltooling/encryption/impl/Decrypter.cpp @@ -1,17 +1,21 @@ -/* - * Copyright 2001-2007 Internet2 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. + * + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** @@ -21,42 +25,61 @@ */ #include "internal.h" +#include "logging.h" #include "encryption/Decrypter.h" #include "encryption/EncryptedKeyResolver.h" +#include "encryption/Encryption.h" #include "security/Credential.h" #include "security/CredentialCriteria.h" #include "security/CredentialResolver.h" -#include #include #include #include #include #include +#include #include #include using namespace xmlencryption; using namespace xmlsignature; using namespace xmltooling; +using namespace xercesc; using namespace std; +Decrypter::Decrypter(const CredentialResolver* credResolver, CredentialCriteria* criteria, const EncryptedKeyResolver* EKResolver) + : m_cipher(nullptr), m_credResolver(credResolver), m_criteria(criteria), m_EKResolver(EKResolver) +{ +} + Decrypter::~Decrypter() { if (m_cipher) XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher); } +void Decrypter::setEncryptedKeyResolver(const EncryptedKeyResolver* EKResolver) +{ + m_EKResolver=EKResolver; +} + +void Decrypter::setKEKResolver(const CredentialResolver* resolver, CredentialCriteria* criteria) +{ + m_credResolver=resolver; + m_criteria=criteria; +} + DOMDocumentFragment* Decrypter::decryptData(const EncryptedData& encryptedData, XSECCryptoKey* key) { - if (encryptedData.getDOM()==NULL) + if (encryptedData.getDOM()==nullptr) throw DecryptionException("The object must be marshalled before decryption."); // We can reuse the cipher object if the document hasn't changed. if (m_cipher && m_cipher->getDocument()!=encryptedData.getDOM()->getOwnerDocument()) { XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher); - m_cipher=NULL; + m_cipher=nullptr; } if (!m_cipher) @@ -87,12 +110,9 @@ DOMDocumentFragment* Decrypter::decryptData(const EncryptedData& encryptedData, // Resolve a decryption key directly. vector creds; - int types = - CredentialCriteria::KEYINFO_EXTRACTION_KEY | - CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES | - CredentialCriteria::KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES; + int types = CredentialCriteria::KEYINFO_EXTRACTION_KEY | CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES; if (m_criteria) { - m_criteria->setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL); + m_criteria->setUsage(Credential::ENCRYPTION_CREDENTIAL); m_criteria->setKeyInfo(encryptedData.getKeyInfo(), types); const EncryptionMethod* meth = encryptedData.getEncryptionMethod(); if (meth) @@ -101,7 +121,7 @@ DOMDocumentFragment* Decrypter::decryptData(const EncryptedData& encryptedData, } else { CredentialCriteria criteria; - criteria.setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL); + criteria.setUsage(Credential::ENCRYPTION_CREDENTIAL); criteria.setKeyInfo(encryptedData.getKeyInfo(), types); const EncryptionMethod* meth = encryptedData.getEncryptionMethod(); if (meth) @@ -119,18 +139,18 @@ DOMDocumentFragment* Decrypter::decryptData(const EncryptedData& encryptedData, return decryptData(encryptedData, key); } catch(DecryptionException& ex) { - log4cpp::Category::getInstance(XMLTOOLING_LOGCAT".Decrypter").warn(ex.what()); + logging::Category::getInstance(XMLTOOLING_LOGCAT".Decrypter").warn(ex.what()); } } // We need to find an encrypted decryption key somewhere. We'll need the underlying algorithm... const XMLCh* algorithm= - encryptedData.getEncryptionMethod() ? encryptedData.getEncryptionMethod()->getAlgorithm() : NULL; + encryptedData.getEncryptionMethod() ? encryptedData.getEncryptionMethod()->getAlgorithm() : nullptr; if (!algorithm) throw DecryptionException("No EncryptionMethod/@Algorithm set, key decryption cannot proceed."); // Check for external resolver. - const EncryptedKey* encKey=NULL; + const EncryptedKey* encKey=nullptr; if (m_EKResolver) encKey = m_EKResolver->resolveKey(encryptedData, recipient); else { @@ -149,14 +169,14 @@ DOMDocumentFragment* Decrypter::decryptData(const EncryptedData& encryptedData, void Decrypter::decryptData(ostream& out, const EncryptedData& encryptedData, XSECCryptoKey* key) { - if (encryptedData.getDOM()==NULL) + if (encryptedData.getDOM()==nullptr) throw DecryptionException("The object must be marshalled before decryption."); // We can reuse the cipher object if the document hasn't changed. if (m_cipher && m_cipher->getDocument()!=encryptedData.getDOM()->getOwnerDocument()) { XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher); - m_cipher=NULL; + m_cipher=nullptr; } if (!m_cipher) @@ -167,7 +187,7 @@ void Decrypter::decryptData(ostream& out, const EncryptedData& encryptedData, XS auto_ptr in(m_cipher->decryptToBinInputStream(encryptedData.getDOM())); XMLByte buf[8192]; - unsigned int count = in->readBytes(buf, sizeof(buf)); + xsecsize_t count = in->readBytes(buf, sizeof(buf)); while (count > 0) out.write(reinterpret_cast(buf),count); } @@ -187,12 +207,9 @@ void Decrypter::decryptData(ostream& out, const EncryptedData& encryptedData, co // Resolve a decryption key directly. vector creds; - int types = - CredentialCriteria::KEYINFO_EXTRACTION_KEY | - CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES | - CredentialCriteria::KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES; + int types = CredentialCriteria::KEYINFO_EXTRACTION_KEY | CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES; if (m_criteria) { - m_criteria->setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL); + m_criteria->setUsage(Credential::ENCRYPTION_CREDENTIAL); m_criteria->setKeyInfo(encryptedData.getKeyInfo(), types); const EncryptionMethod* meth = encryptedData.getEncryptionMethod(); if (meth) @@ -201,7 +218,7 @@ void Decrypter::decryptData(ostream& out, const EncryptedData& encryptedData, co } else { CredentialCriteria criteria; - criteria.setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL); + criteria.setUsage(Credential::ENCRYPTION_CREDENTIAL); criteria.setKeyInfo(encryptedData.getKeyInfo(), types); const EncryptionMethod* meth = encryptedData.getEncryptionMethod(); if (meth) @@ -219,18 +236,18 @@ void Decrypter::decryptData(ostream& out, const EncryptedData& encryptedData, co return decryptData(out, encryptedData, key); } catch(DecryptionException& ex) { - log4cpp::Category::getInstance(XMLTOOLING_LOGCAT".Decrypter").warn(ex.what()); + logging::Category::getInstance(XMLTOOLING_LOGCAT".Decrypter").warn(ex.what()); } } // We need to find an encrypted decryption key somewhere. We'll need the underlying algorithm... const XMLCh* algorithm= - encryptedData.getEncryptionMethod() ? encryptedData.getEncryptionMethod()->getAlgorithm() : NULL; + encryptedData.getEncryptionMethod() ? encryptedData.getEncryptionMethod()->getAlgorithm() : nullptr; if (!algorithm) throw DecryptionException("No EncryptionMethod/@Algorithm set, key decryption cannot proceed."); // Check for external resolver. - const EncryptedKey* encKey=NULL; + const EncryptedKey* encKey=nullptr; if (m_EKResolver) encKey = m_EKResolver->resolveKey(encryptedData, recipient); else { @@ -252,31 +269,38 @@ XSECCryptoKey* Decrypter::decryptKey(const EncryptedKey& encryptedKey, const XML if (!m_credResolver) throw DecryptionException("No CredentialResolver supplied to provide decryption keys."); - if (encryptedKey.getDOM()==NULL) + if (encryptedKey.getDOM()==nullptr) throw DecryptionException("The object must be marshalled before decryption."); - XSECAlgorithmHandler* handler = XSECPlatformUtils::g_algorithmMapper->mapURIToHandler(algorithm); - if (!handler) - throw DecryptionException("Unrecognized algorithm, no way to build object around decrypted key."); + XSECAlgorithmHandler* handler; + try { + handler = XSECPlatformUtils::g_algorithmMapper->mapURIToHandler(algorithm); + if (!handler) + throw DecryptionException("Unrecognized algorithm, no way to build object around decrypted key."); + } + catch(XSECException& e) { + auto_ptr_char temp(e.getMsg()); + throw DecryptionException(string("XMLSecurity exception while decrypting key: ") + temp.get()); + } + catch(XSECCryptoException& e) { + throw DecryptionException(string("XMLSecurity exception while decrypting key: ") + e.getMsg()); + } // We can reuse the cipher object if the document hasn't changed. if (m_cipher && m_cipher->getDocument()!=encryptedKey.getDOM()->getOwnerDocument()) { XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher); - m_cipher=NULL; + m_cipher=nullptr; } if (!m_cipher) m_cipher=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newCipher(encryptedKey.getDOM()->getOwnerDocument()); // Resolve key decryption keys. - int types = - CredentialCriteria::KEYINFO_EXTRACTION_KEY | - CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES | - CredentialCriteria::KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES; + int types = CredentialCriteria::KEYINFO_EXTRACTION_KEY | CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES; vector creds; if (m_criteria) { - m_criteria->setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL); + m_criteria->setUsage(Credential::ENCRYPTION_CREDENTIAL); m_criteria->setKeyInfo(encryptedKey.getKeyInfo(), types); const EncryptionMethod* meth = encryptedKey.getEncryptionMethod(); if (meth) @@ -285,7 +309,7 @@ XSECCryptoKey* Decrypter::decryptKey(const EncryptedKey& encryptedKey, const XML } else { CredentialCriteria criteria; - criteria.setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL); + criteria.setUsage(Credential::ENCRYPTION_CREDENTIAL); criteria.setKeyInfo(encryptedKey.getKeyInfo(), types); const EncryptionMethod* meth = encryptedKey.getEncryptionMethod(); if (meth) @@ -320,7 +344,7 @@ XSECCryptoKey* Decrypter::decryptKey(const EncryptedKey& encryptedKey, const XML } } catch(DecryptionException& ex) { - log4cpp::Category::getInstance(XMLTOOLING_LOGCAT".Decrypter").warn(ex.what()); + logging::Category::getInstance(XMLTOOLING_LOGCAT".Decrypter").warn(ex.what()); } }