2 * Copyright 2001-2009 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file xmltooling/encryption/Decrypter.h
20 * Wrapper API for XML Decryption functionality.
23 #if !defined(__xmltooling_decrypter_h__) && !defined(XMLTOOLING_NO_XMLSEC)
24 #define __xmltooling_decrypter_h__
26 #include <xmltooling/exceptions.h>
30 namespace xmltooling {
31 class XMLTOOL_API CredentialCriteria;
32 class XMLTOOL_API CredentialResolver;
35 namespace xmlencryption {
37 class XMLTOOL_API EncryptedData;
38 class XMLTOOL_API EncryptedKey;
39 class XMLTOOL_API EncryptedKeyResolver;
42 * Wrapper API for XML Decryption functionality.
44 class XMLTOOL_API Decrypter
50 * @param credResolver locked credential resolver to supply decryption keys
51 * @param criteria optional external criteria to use with resolver
52 * @param EKResolver locates an EncryptedKey pertaining to the EncryptedData
55 const xmltooling::CredentialResolver* credResolver=NULL,
56 xmltooling::CredentialCriteria* criteria=NULL,
57 const EncryptedKeyResolver* EKResolver=NULL
63 * Replace the current EncryptedKeyResolver interface, if any, with a new one.
65 * @param EKResolver the EncryptedKeyResolver to attach
67 void setEncryptedKeyResolver(const EncryptedKeyResolver* EKResolver);
70 * Replace the current CredentialResolver interface, if any, with a new one.
72 * @param resolver the locked CredentialResolver to attach, or NULL to clear
73 * @param criteria optional external criteria to use with resolver
75 void setKEKResolver(const xmltooling::CredentialResolver* resolver, xmltooling::CredentialCriteria* criteria);
78 * Decrypts the supplied information using the supplied key, and returns
79 * the resulting as a DOM fragment owned by the document associated with the
80 * marshalled EncryptedData object.
82 * Note that the DOM nodes will be invalidated once that document
83 * is released. The caller should therefore process the DOM fragment as
84 * required and drop all references to it before that happens. The usual
85 * approach should be to unmarshall the DOM and then release it, or the
86 * DOM can also be imported into a separately owned document.
88 * @param encryptedData the data to decrypt
89 * @param key the decryption key to use (it will not be freed internally)
90 * @return the decrypted DOM fragment
92 xercesc::DOMDocumentFragment* decryptData(const EncryptedData& encryptedData, XSECCryptoKey* key);
95 * Decrypts the supplied information and returns the resulting as a DOM
96 * fragment owned by the document associated with the marshalled EncryptedData
99 * Note that the DOM nodes will be invalidated once that document
100 * is released. The caller should therefore process the DOM fragment as
101 * required and drop all references to it before that happens. The usual
102 * approach should be to unmarshall the DOM and then release it, or the
103 * DOM can also be imported into a separately owned document.
105 * @param encryptedData the data to decrypt
106 * @param recipient identifier of decrypting entity for use in identifying multi-cast keys
107 * @return the decrypted DOM fragment
109 xercesc::DOMDocumentFragment* decryptData(const EncryptedData& encryptedData, const XMLCh* recipient=NULL);
112 * Decrypts the supplied information to an output stream.
114 * @param out output stream to receive the decrypted data
115 * @param encryptedData the data to decrypt
116 * @param key the decryption key to use (it will not be freed internally)
118 void decryptData(std::ostream& out, const EncryptedData& encryptedData, XSECCryptoKey* key);
121 * Decrypts the supplied information to an output stream.
123 * @param out output stream to receive the decrypted data
124 * @param encryptedData the data to decrypt
125 * @param recipient identifier of decrypting entity for use in identifying multi-cast keys
127 void decryptData(std::ostream& out, const EncryptedData& encryptedData, const XMLCh* recipient=NULL);
130 * Decrypts the supplied information and returns the resulting key.
131 * The caller is responsible for deleting the key. The algorithm of the
132 * key must be supplied by the caller based on knowledge of the associated
133 * EncryptedData information.
135 * @param encryptedKey the encrypted/wrapped key to decrypt
136 * @param algorithm the algorithm associated with the decrypted key
137 * @return the decrypted key
139 XSECCryptoKey* decryptKey(const EncryptedKey& encryptedKey, const XMLCh* algorithm);
142 XENCCipher* m_cipher;
143 const xmltooling::CredentialResolver* m_credResolver;
144 xmltooling::CredentialCriteria* m_criteria;
145 const EncryptedKeyResolver* m_EKResolver;
148 DECL_XMLTOOLING_EXCEPTION(DecryptionException,XMLTOOL_EXCEPTIONAPI(XMLTOOL_API),xmlencryption,xmltooling::XMLToolingException,Exceptions in decryption processing);
152 #endif /* __xmltooling_decrypter_h__ */