2 * Copyright 2001-2006 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
20 * Methods for encrypting XMLObjects and other data.
24 #include "encryption/Encrypter.h"
26 #include <xsec/enc/XSECCryptoException.hpp>
27 #include <xsec/framework/XSECException.hpp>
28 #include <xsec/framework/XSECAlgorithmMapper.hpp>
29 #include <xsec/framework/XSECAlgorithmHandler.hpp>
30 #include <xsec/xenc/XENCEncryptedData.hpp>
31 #include <xsec/xenc/XENCEncryptedKey.hpp>
33 using namespace xmlencryption;
34 using namespace xmlsignature;
35 using namespace xmltooling;
38 Encrypter::~Encrypter()
40 XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher);
41 memset(m_keyBuffer,0,32);
44 void Encrypter::checkParams(EncryptionParams& encParams, KeyEncryptionParams* kencParams)
46 if (encParams.m_keyBufferSize==0) {
47 if (encParams.m_key) {
49 throw EncryptionException("Generating EncryptedKey inline requires the encryption key in raw form.");
51 else if (!encParams.m_key) {
53 throw EncryptionException("Using a generated encryption key requires a KeyEncryptionParams object.");
55 // We're generating a random key. The maximum supported length is AES-256, so we need 32 bytes.
56 if (XSECPlatformUtils::g_cryptoProvider->getRandom(m_keyBuffer,32)<32)
57 throw EncryptionException("Unable to generate random data; was PRNG seeded?");
58 encParams.m_keyBuffer=m_keyBuffer;
59 encParams.m_keyBufferSize=32;
63 if (!encParams.m_key) {
64 // We have to have a raw key now, so we need to build a wrapper around it.
65 XSECAlgorithmHandler* handler =XSECPlatformUtils::g_algorithmMapper->mapURIToHandler(encParams.m_algorithm);
67 encParams.m_key = handler->createKeyForURI(
68 encParams.m_algorithm,const_cast<unsigned char*>(encParams.m_keyBuffer),encParams.m_keyBufferSize
72 throw EncryptionException("Unable to build wrapper for key, unknown algorithm?");
75 // Set the encryption key.
76 m_cipher->setKey(encParams.m_key->clone());
79 EncryptedData* Encrypter::encryptElement(DOMElement* element, EncryptionParams& encParams, KeyEncryptionParams* kencParams)
81 // We can reuse the cipher object if the document hasn't changed.
83 if (m_cipher && m_cipher->getDocument()!=element->getOwnerDocument()) {
84 XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher);
89 m_cipher=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newCipher(element->getOwnerDocument());
92 checkParams(encParams,kencParams);
93 m_cipher->encryptElementDetached(element, ENCRYPT_NONE, encParams.m_algorithm);
94 return decorateAndUnmarshall(encParams, kencParams);
96 catch(XSECException& e) {
97 auto_ptr_char temp(e.getMsg());
98 throw EncryptionException(string("XMLSecurity exception while encrypting: ") + temp.get());
100 catch(XSECCryptoException& e) {
101 throw EncryptionException(string("XMLSecurity exception while encrypting: ") + e.getMsg());
105 EncryptedData* Encrypter::encryptElementContent(DOMElement* element, EncryptionParams& encParams, KeyEncryptionParams* kencParams)
107 // We can reuse the cipher object if the document hasn't changed.
109 if (m_cipher && m_cipher->getDocument()!=element->getOwnerDocument()) {
110 XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher);
115 m_cipher=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newCipher(element->getOwnerDocument());
118 checkParams(encParams,kencParams);
119 m_cipher->encryptElementContentDetached(element, ENCRYPT_NONE, encParams.m_algorithm);
120 return decorateAndUnmarshall(encParams, kencParams);
122 catch(XSECException& e) {
123 auto_ptr_char temp(e.getMsg());
124 throw EncryptionException(string("XMLSecurity exception while encrypting: ") + temp.get());
126 catch(XSECCryptoException& e) {
127 throw EncryptionException(string("XMLSecurity exception while encrypting: ") + e.getMsg());
131 EncryptedData* Encrypter::encryptStream(istream& input, EncryptionParams& encParams, KeyEncryptionParams* kencParams)
133 // Get a fresh cipher object and document.
136 XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher);
140 DOMDocument* doc=NULL;
142 doc=XMLToolingConfig::getConfig().getParser().newDocument();
143 m_cipher=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newCipher(doc);
145 checkParams(encParams,kencParams);
146 StreamInputSource::StreamBinInputStream xstream(input);
147 m_cipher->encryptBinInputStream(&xstream, ENCRYPT_NONE, encParams.m_algorithm);
148 EncryptedData* xmlEncData = decorateAndUnmarshall(encParams, kencParams);
152 catch(XSECException& e) {
154 auto_ptr_char temp(e.getMsg());
155 throw EncryptionException(string("XMLSecurity exception while encrypting: ") + temp.get());
157 catch(XSECCryptoException& e) {
159 throw EncryptionException(string("XMLSecurity exception while encrypting: ") + e.getMsg());
167 EncryptedData* Encrypter::decorateAndUnmarshall(EncryptionParams& encParams, KeyEncryptionParams* kencParams)
169 XENCEncryptedData* encData=m_cipher->getEncryptedData();
171 throw EncryptionException("No EncryptedData element found?");
173 // Unmarshall a tooling version of EncryptedData around the DOM.
174 EncryptedData* xmlEncData=NULL;
175 auto_ptr<XMLObject> xmlObject(XMLObjectBuilder::buildOneFromElement(encData->getElement()));
176 if (!(xmlObject.get()) || !(xmlEncData=dynamic_cast<EncryptedData*>(xmlObject.get())))
177 throw EncryptionException("Unable to unmarshall into EncryptedData object.");
179 // Unbind from DOM so we can divorce this from the original document.
180 xmlEncData->releaseThisAndChildrenDOM();
183 if (encParams.m_keyInfo) {
184 xmlEncData->setKeyInfo(encParams.m_keyInfo);
185 encParams.m_keyInfo=NULL; // transfer ownership
188 // Are we doing a key encryption?
190 m_cipher->setKEK(kencParams->m_key->clone());
191 // ownership of this belongs to us, for some reason...
192 auto_ptr<XENCEncryptedKey> encKey(
193 m_cipher->encryptKey(encParams.m_keyBuffer, encParams.m_keyBufferSize, ENCRYPT_NONE, kencParams->m_algorithm)
195 EncryptedKey* xmlEncKey=NULL;
196 auto_ptr<XMLObject> xmlObjectKey(XMLObjectBuilder::buildOneFromElement(encKey->getElement()));
197 if (!(xmlObjectKey.get()) || !(xmlEncKey=dynamic_cast<EncryptedKey*>(xmlObjectKey.get())))
198 throw EncryptionException("Unable to unmarshall into EncryptedKey object.");
200 xmlEncKey->releaseThisAndChildrenDOM();
203 if (kencParams->m_keyInfo) {
204 xmlEncKey->setKeyInfo(kencParams->m_keyInfo);
205 kencParams->m_keyInfo=NULL; // transfer ownership
208 // Add the EncryptedKey.
209 if (!xmlEncData->getKeyInfo())
210 xmlEncData->setKeyInfo(KeyInfoBuilder::buildKeyInfo());
211 xmlEncData->getKeyInfo()->getOthers().push_back(xmlEncKey);
212 xmlObjectKey.release();
219 EncryptedKey* Encrypter::encryptKey(const unsigned char* keyBuffer, unsigned int keyBufferSize, KeyEncryptionParams& kencParams)
221 // Get a fresh cipher object and document.
224 XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher);
228 DOMDocument* doc=NULL;
230 doc=XMLToolingConfig::getConfig().getParser().newDocument();
231 m_cipher=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newCipher(doc);
232 m_cipher->setKEK(kencParams.m_key->clone());
233 auto_ptr<XENCEncryptedKey> encKey(m_cipher->encryptKey(keyBuffer, keyBufferSize, ENCRYPT_NONE, kencParams.m_algorithm));
235 EncryptedKey* xmlEncKey=NULL;
236 auto_ptr<XMLObject> xmlObjectKey(XMLObjectBuilder::buildOneFromElement(encKey->getElement()));
237 if (!(xmlObjectKey.get()) || !(xmlEncKey=dynamic_cast<EncryptedKey*>(xmlObjectKey.get())))
238 throw EncryptionException("Unable to unmarshall into EncryptedKey object.");
240 xmlEncKey->releaseThisAndChildrenDOM();
243 if (kencParams.m_keyInfo) {
244 xmlEncKey->setKeyInfo(kencParams.m_keyInfo);
245 kencParams.m_keyInfo=NULL; // transfer ownership
249 xmlObjectKey.release();
252 catch(XSECException& e) {
254 auto_ptr_char temp(e.getMsg());
255 throw EncryptionException(string("XMLSecurity exception while encrypting: ") + temp.get());
257 catch(XSECCryptoException& e) {
259 throw EncryptionException(string("XMLSecurity exception while encrypting: ") + e.getMsg());