X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=xmltooling%2Fencryption%2Fimpl%2FEncrypter.cpp;h=97583a7c316818ee94f1a61b9e6a4219ca7e240a;hb=420effca96f38dfa5f2a6549679a5d455a3945a7;hp=ae184e9ca3bc1a1f3bed27d386e204149d9d7374;hpb=4663e16d5cc47913d374f6b5e866360bcd18d578;p=shibboleth%2Fcpp-xmltooling.git diff --git a/xmltooling/encryption/impl/Encrypter.cpp b/xmltooling/encryption/impl/Encrypter.cpp index ae184e9..97583a7 100644 --- a/xmltooling/encryption/impl/Encrypter.cpp +++ b/xmltooling/encryption/impl/Encrypter.cpp @@ -1,5 +1,5 @@ /* - * Copyright 2001-2007 Internet2 + * Copyright 2001-2010 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,20 +22,47 @@ #include "internal.h" #include "encryption/Encrypter.h" +#include "encryption/Encryption.h" #include "security/Credential.h" +#include "signature/KeyInfo.h" #include #include #include #include +#include #include #include using namespace xmlencryption; using namespace xmlsignature; using namespace xmltooling; +using namespace xercesc; using namespace std; +Encrypter::EncryptionParams::EncryptionParams( + const XMLCh* algorithm, const unsigned char* keyBuffer, unsigned int keyBufferSize, const Credential* credential, bool compact + ) : m_algorithm(algorithm), m_keyBuffer(keyBuffer), m_keyBufferSize(keyBufferSize), m_credential(credential), m_compact(compact) +{ +} + +Encrypter::EncryptionParams::~EncryptionParams() +{ +} + +Encrypter::KeyEncryptionParams::KeyEncryptionParams(const Credential& credential, const XMLCh* algorithm, const XMLCh* recipient) + : m_credential(credential), m_algorithm(algorithm), m_recipient(recipient) +{ +} + +Encrypter::KeyEncryptionParams::~KeyEncryptionParams() +{ +} + +Encrypter::Encrypter() : m_cipher(nullptr) +{ +} + Encrypter::~Encrypter() { XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher); @@ -61,7 +88,7 @@ void Encrypter::checkParams(EncryptionParams& encParams, KeyEncryptionParams* ke } } - XSECCryptoKey* key=NULL; + XSECCryptoKey* key=nullptr; if (encParams.m_credential) { key = encParams.m_credential->getPrivateKey(); if (!key) @@ -72,7 +99,7 @@ void Encrypter::checkParams(EncryptionParams& encParams, KeyEncryptionParams* ke else { // We have to have a raw key now, so we need to build a wrapper around it. XSECAlgorithmHandler* handler =XSECPlatformUtils::g_algorithmMapper->mapURIToHandler(encParams.m_algorithm); - if (handler != NULL) + if (handler != nullptr) key = handler->createKeyForURI( encParams.m_algorithm,const_cast(encParams.m_keyBuffer),encParams.m_keyBufferSize ); @@ -105,7 +132,7 @@ EncryptedData* Encrypter::encryptElement(DOMElement* element, EncryptionParams& if (m_cipher && m_cipher->getDocument()!=element->getOwnerDocument()) { XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher); - m_cipher=NULL; + m_cipher=nullptr; } if (!m_cipher) { @@ -133,7 +160,7 @@ EncryptedData* Encrypter::encryptElementContent(DOMElement* element, EncryptionP if (m_cipher && m_cipher->getDocument()!=element->getOwnerDocument()) { XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher); - m_cipher=NULL; + m_cipher=nullptr; } if (!m_cipher) { @@ -161,10 +188,10 @@ EncryptedData* Encrypter::encryptStream(istream& input, EncryptionParams& encPar if (m_cipher) { XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher); - m_cipher=NULL; + m_cipher=nullptr; } - DOMDocument* doc=NULL; + DOMDocument* doc=nullptr; try { doc=XMLToolingConfig::getConfig().getParser().newDocument(); XercesJanitor janitor(doc); @@ -192,7 +219,7 @@ EncryptedData* Encrypter::decorateAndUnmarshall(EncryptionParams& encParams, Key throw EncryptionException("No EncryptedData element found?"); // Unmarshall a tooling version of EncryptedData around the DOM. - EncryptedData* xmlEncData=NULL; + EncryptedData* xmlEncData=nullptr; auto_ptr xmlObject(XMLObjectBuilder::buildOneFromElement(encData->getElement())); if (!(xmlObject.get()) || !(xmlEncData=dynamic_cast(xmlObject.get()))) throw EncryptionException("Unable to unmarshall into EncryptedData object."); @@ -201,7 +228,7 @@ EncryptedData* Encrypter::decorateAndUnmarshall(EncryptionParams& encParams, Key xmlEncData->releaseThisAndChildrenDOM(); // KeyInfo? - KeyInfo* kinfo = encParams.m_credential ? encParams.m_credential->getKeyInfo(encParams.m_compact) : NULL; + KeyInfo* kinfo = encParams.m_credential ? encParams.m_credential->getKeyInfo(encParams.m_compact) : nullptr; if (kinfo) xmlEncData->setKeyInfo(kinfo); @@ -212,13 +239,15 @@ EncryptedData* Encrypter::decorateAndUnmarshall(EncryptionParams& encParams, Key throw EncryptionException("Credential in KeyEncryptionParams structure did not supply a public key."); if (!kencParams->m_algorithm) kencParams->m_algorithm = getKeyTransportAlgorithm(kencParams->m_credential, encParams.m_algorithm); + if (!kencParams->m_algorithm) + throw EncryptionException("Unable to derive a supported key encryption algorithm."); m_cipher->setKEK(kek->clone()); // ownership of this belongs to us, for some reason... auto_ptr encKey( m_cipher->encryptKey(encParams.m_keyBuffer, encParams.m_keyBufferSize, ENCRYPT_NONE, kencParams->m_algorithm) ); - EncryptedKey* xmlEncKey=NULL; + EncryptedKey* xmlEncKey=nullptr; auto_ptr xmlObjectKey(XMLObjectBuilder::buildOneFromElement(encKey->getElement())); if (!(xmlObjectKey.get()) || !(xmlEncKey=dynamic_cast(xmlObjectKey.get()))) throw EncryptionException("Unable to unmarshall into EncryptedKey object."); @@ -249,18 +278,21 @@ EncryptedKey* Encrypter::encryptKey( const unsigned char* keyBuffer, unsigned int keyBufferSize, KeyEncryptionParams& kencParams, bool compact ) { + if (!kencParams.m_algorithm) + throw EncryptionException("KeyEncryptionParams structure did not include a key encryption algorithm."); + // Get a fresh cipher object and document. if (m_cipher) { XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher); - m_cipher=NULL; + m_cipher=nullptr; } XSECCryptoKey* kek = kencParams.m_credential.getPublicKey(); if (!kek) throw EncryptionException("Credential in KeyEncryptionParams structure did not supply a public key."); - DOMDocument* doc=NULL; + DOMDocument* doc=nullptr; try { doc=XMLToolingConfig::getConfig().getParser().newDocument(); XercesJanitor janitor(doc); @@ -269,7 +301,7 @@ EncryptedKey* Encrypter::encryptKey( m_cipher->setKEK(kek->clone()); auto_ptr encKey(m_cipher->encryptKey(keyBuffer, keyBufferSize, ENCRYPT_NONE, kencParams.m_algorithm)); - EncryptedKey* xmlEncKey=NULL; + EncryptedKey* xmlEncKey=nullptr; auto_ptr xmlObjectKey(XMLObjectBuilder::buildOneFromElement(encKey->getElement())); if (!(xmlObjectKey.get()) || !(xmlEncKey=dynamic_cast(xmlObjectKey.get()))) throw EncryptionException("Unable to unmarshall into EncryptedKey object."); @@ -299,26 +331,41 @@ EncryptedKey* Encrypter::encryptKey( const XMLCh* Encrypter::getKeyTransportAlgorithm(const Credential& credential, const XMLCh* encryptionAlg) { + XMLToolingConfig& conf = XMLToolingConfig::getConfig(); const char* alg = credential.getAlgorithm(); if (!alg || !strcmp(alg, "RSA")) { - if (XMLString::equals(encryptionAlg,DSIGConstants::s_unicodeStrURI3DES_CBC)) - return DSIGConstants::s_unicodeStrURIRSA_1_5; - else - return DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1; + if (XMLString::equals(encryptionAlg,DSIGConstants::s_unicodeStrURI3DES_CBC)) { + if (conf.isXMLAlgorithmSupported(DSIGConstants::s_unicodeStrURIRSA_1_5, XMLToolingConfig::ALGTYPE_KEYENCRYPT)) + return DSIGConstants::s_unicodeStrURIRSA_1_5; + else if (conf.isXMLAlgorithmSupported(DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1, XMLToolingConfig::ALGTYPE_KEYENCRYPT)) + return DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1; + } + else { + if (conf.isXMLAlgorithmSupported(DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1, XMLToolingConfig::ALGTYPE_KEYENCRYPT)) + return DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1; + else if (conf.isXMLAlgorithmSupported(DSIGConstants::s_unicodeStrURIRSA_1_5, XMLToolingConfig::ALGTYPE_KEYENCRYPT)) + return DSIGConstants::s_unicodeStrURIRSA_1_5; + } } else if (!strcmp(alg, "AES")) { + const XMLCh* ret = nullptr; switch (credential.getKeySize()) { case 128: - return DSIGConstants::s_unicodeStrURIKW_AES128; + ret = DSIGConstants::s_unicodeStrURIKW_AES128; case 192: - return DSIGConstants::s_unicodeStrURIKW_AES192; + ret = DSIGConstants::s_unicodeStrURIKW_AES192; case 256: - return DSIGConstants::s_unicodeStrURIKW_AES256; + ret = DSIGConstants::s_unicodeStrURIKW_AES256; + default: + return nullptr; } + if (conf.isXMLAlgorithmSupported(ret, XMLToolingConfig::ALGTYPE_KEYENCRYPT)) + return ret; } else if (!strcmp(alg, "DESede")) { - return DSIGConstants::s_unicodeStrURIKW_3DES; + if (conf.isXMLAlgorithmSupported(DSIGConstants::s_unicodeStrURIKW_3DES, XMLToolingConfig::ALGTYPE_KEYENCRYPT)) + return DSIGConstants::s_unicodeStrURIKW_3DES; } - return NULL; + return nullptr; }