-/*
- * Copyright 2001-2007 Internet2
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
*/
/**
#if !defined(__xmltooling_encrypter_h__) && !defined(XMLTOOLING_NO_XMLSEC)
#define __xmltooling_encrypter_h__
-#include <xmltooling/encryption/Encryption.h>
+#include <xmltooling/exceptions.h>
-#include <xsec/enc/XSECCryptoKey.hpp>
-#include <xsec/xenc/XENCCipher.hpp>
+#include <xsec/dsig/DSIGConstants.hpp>
+
+class XENCCipher;
namespace xmltooling {
class XMLTOOL_API Credential;
namespace xmlencryption {
+ class XMLTOOL_API EncryptedData;
+ class XMLTOOL_API EncryptedKey;
+
/**
* Wrapper API for XML Encryption functionality.
* Designed to allow both external and internal key generation as follows:
* Structure to collect encryption requirements.
*/
struct XMLTOOL_API EncryptionParams {
-
/**
* Constructor.
*
* @param compact true iff the encrypted representation should be made as small as possible
*/
EncryptionParams(
- const XMLCh* algorithm=DSIGConstants::s_unicodeStrURIAES256_CBC,
- const unsigned char* keyBuffer=NULL,
+#ifdef XSEC_OPENSSL_HAVE_AES
+ const XMLCh* algorithm=DSIGConstants::s_unicodeStrURIAES128_CBC,
+#else
+ const XMLCh* algorithm=DSIGConstants::s_unicodeStrURI3DES_CBC,
+#endif
+ const unsigned char* keyBuffer=nullptr,
unsigned int keyBufferSize=0,
- const xmltooling::Credential* credential=NULL,
+ const xmltooling::Credential* credential=nullptr,
bool compact=false
- ) : m_algorithm(algorithm), m_keyBuffer(keyBuffer), m_keyBufferSize(keyBufferSize),
- m_credential(credential), m_compact(compact) {
- }
+ );
+
+ ~EncryptionParams();
- ~EncryptionParams() {}
- private:
+ /** Data encryption algorithm. */
const XMLCh* m_algorithm;
+
+ /** Buffer containing encryption key. */
const unsigned char* m_keyBuffer;
+
+ /** Size of buffer. */
unsigned int m_keyBufferSize;
+
+ /** Credential containing the encryption key. */
const xmltooling::Credential* m_credential;
+
+ /** Flag limiting the size of the encrypted XML representation. */
bool m_compact;
-
- friend class Encrypter;
};
/**
* Structure to collect key wrapping/transport requirements.
*/
struct XMLTOOL_API KeyEncryptionParams {
-
/**
* Constructor.
*
* @param recipient optional name of recipient of encrypted key
*/
KeyEncryptionParams(
- const xmltooling::Credential& credential,
- const XMLCh* algorithm=NULL,
- const XMLCh* recipient=NULL
- ) : m_credential(credential), m_algorithm(algorithm), m_recipient(recipient) {
- }
+ const xmltooling::Credential& credential, const XMLCh* algorithm=nullptr, const XMLCh* recipient=nullptr
+ );
- ~KeyEncryptionParams() {}
- private:
+ ~KeyEncryptionParams();
+
+ /** Credential containing key encryption key. */
const xmltooling::Credential& m_credential;
+
+ /** Key transport or wrapping algorithm. */
const XMLCh* m_algorithm;
+
+ /** Name of recipient that owns the key encryption key. */
const XMLCh* m_recipient;
-
- friend class Encrypter;
};
- Encrypter() : m_cipher(NULL) {}
+ Encrypter();
- ~Encrypter();
+ virtual ~Encrypter();
/**
* Encrypts the supplied element and returns the resulting object.
*
* @param element the DOM element to encrypt
* @param encParams primary encryption settings
- * @param kencParams key encryption settings, or NULL
+ * @param kencParams key encryption settings, or nullptr
* @return a stand-alone EncryptedData object, unconnected to the source DOM
*/
EncryptedData* encryptElement(
- xercesc::DOMElement* element, EncryptionParams& encParams, KeyEncryptionParams* kencParams=NULL
+ xercesc::DOMElement* element, EncryptionParams& encParams, KeyEncryptionParams* kencParams=nullptr
);
/**
*
* @param element parent element of children to encrypt
* @param encParams primary encryption settings
- * @param kencParams key encryption settings, or NULL
+ * @param kencParams key encryption settings, or nullptr
* @return a stand-alone EncryptedData object, unconnected to the source DOM
*/
EncryptedData* encryptElementContent(
- xercesc::DOMElement* element, EncryptionParams& encParams, KeyEncryptionParams* kencParams=NULL
+ xercesc::DOMElement* element, EncryptionParams& encParams, KeyEncryptionParams* kencParams=nullptr
);
/**
*
* @param input the stream to encrypt
* @param encParams primary encryption settings
- * @param kencParams key encryption settings, or NULL
+ * @param kencParams key encryption settings, or nullptr
* @return a stand-alone EncryptedData object, unconnected to any DOM
*/
- EncryptedData* encryptStream(std::istream& input, EncryptionParams& encParams, KeyEncryptionParams* kencParams=NULL);
+ EncryptedData* encryptStream(std::istream& input, EncryptionParams& encParams, KeyEncryptionParams* kencParams=nullptr);
/**
* Encrypts the supplied key and returns the resulting object.