2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file xmltooling/encryption/Decrypter.h
20 * Wrapper API for XML Decryption functionality.
23 #if !defined(__xmltooling_decrypter_h__) && !defined(XMLTOOLING_NO_XMLSEC)
24 #define __xmltooling_decrypter_h__
26 #include <xmltooling/encryption/Encryption.h>
28 #include <xsec/xenc/XENCCipher.hpp>
30 namespace xmltooling {
31 class XMLTOOL_API CredentialResolver;
32 class XMLTOOL_API KeyResolver;
35 namespace xmlencryption {
38 * Wrapper API for XML Decryption functionality.
40 class XMLTOOL_API Decrypter
46 * @param KEKresolver locked credential resolver to supply key decryption key
47 * @param resolver directly or indirectly resolves the data decryption key
49 Decrypter(const xmltooling::CredentialResolver* KEKresolver=NULL, const xmltooling::KeyResolver* resolver=NULL)
50 : m_cipher(NULL), m_KEKresolver(KEKresolver), m_resolver(resolver) {
56 * Replace the current data encryption KeyResolver interface, if any, with a new one.
58 * @param resolver the KeyResolver to attach
60 void setKeyResolver(const xmltooling::KeyResolver* resolver) {
65 * Replace the current key encryption CredentialResolver interface, if any, with a new one.
67 * @param resolver the locked CredentialResolver to attach
69 void setKEKResolver(const xmltooling::CredentialResolver* resolver) {
70 m_KEKresolver=resolver;
74 * Decrypts the supplied information and returns the resulting as a DOM
75 * fragment owned by the document associated with the marshalled EncryptedData
78 * Note that the DOM nodes will be invalidated once that document
79 * is released. The caller should therefore process the DOM fragment as
80 * required and drop all references to it before that happens. The usual
81 * approach should be to unmarshall the DOM and then release it, or the
82 * DOM can also be imported into a separately owned document.
84 * @param encryptedData the data to decrypt
85 * @return the decrypted DOM fragment
87 DOMDocumentFragment* decryptData(EncryptedData& encryptedData);
90 * Decrypts the supplied information and returns the resulting key.
91 * The caller is responsible for deleting the key. The algorithm of the
92 * key must be supplied by the caller based on knowledge of the associated
93 * EncryptedData information.
95 * @param encryptedKey the encrypted/wrapped key to decrypt
96 * @param algorithm the algorithm associated with the decrypted key
97 * @return the decrypted key
99 XSECCryptoKey* decryptKey(EncryptedKey& encryptedKey, const XMLCh* algorithm);
102 XENCCipher* m_cipher;
103 const xmltooling::CredentialResolver* m_KEKresolver;
104 const xmltooling::KeyResolver* m_resolver;
107 DECL_XMLTOOLING_EXCEPTION(DecryptionException,XMLTOOL_EXCEPTIONAPI(XMLTOOL_API),xmlencryption,xmltooling::XMLToolingException,Exceptions in decryption processing);
111 #endif /* __xmltooling_decrypter_h__ */