/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2009 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include "logging.h"
#include "encryption/Decrypter.h"
#include "encryption/EncryptedKeyResolver.h"
+#include "encryption/Encryption.h"
#include "security/Credential.h"
#include "security/CredentialCriteria.h"
#include "security/CredentialResolver.h"
#include <xsec/framework/XSECAlgorithmMapper.hpp>
#include <xsec/framework/XSECAlgorithmHandler.hpp>
#include <xsec/utils/XSECBinTXFMInputStream.hpp>
+#include <xsec/xenc/XENCCipher.hpp>
#include <xsec/xenc/XENCEncryptedData.hpp>
#include <xsec/xenc/XENCEncryptedKey.hpp>
using namespace xmlencryption;
using namespace xmlsignature;
using namespace xmltooling;
+using namespace xercesc;
using namespace std;
+Decrypter::Decrypter(const CredentialResolver* credResolver, CredentialCriteria* criteria, const EncryptedKeyResolver* EKResolver)
+ : m_cipher(NULL), m_credResolver(credResolver), m_criteria(criteria), m_EKResolver(EKResolver)
+{
+}
+
Decrypter::~Decrypter()
{
if (m_cipher)
XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher);
}
+void Decrypter::setEncryptedKeyResolver(const EncryptedKeyResolver* EKResolver)
+{
+ m_EKResolver=EKResolver;
+}
+
+void Decrypter::setKEKResolver(const CredentialResolver* resolver, CredentialCriteria* criteria)
+{
+ m_credResolver=resolver;
+ m_criteria=criteria;
+}
+
DOMDocumentFragment* Decrypter::decryptData(const EncryptedData& encryptedData, XSECCryptoKey* key)
{
if (encryptedData.getDOM()==NULL)
// Resolve a decryption key directly.
vector<const Credential*> creds;
- int types =
- CredentialCriteria::KEYINFO_EXTRACTION_KEY |
- CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES |
- CredentialCriteria::KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES;
+ int types = CredentialCriteria::KEYINFO_EXTRACTION_KEY | CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES;
if (m_criteria) {
- m_criteria->setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+ m_criteria->setUsage(Credential::ENCRYPTION_CREDENTIAL);
m_criteria->setKeyInfo(encryptedData.getKeyInfo(), types);
const EncryptionMethod* meth = encryptedData.getEncryptionMethod();
if (meth)
}
else {
CredentialCriteria criteria;
- criteria.setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+ criteria.setUsage(Credential::ENCRYPTION_CREDENTIAL);
criteria.setKeyInfo(encryptedData.getKeyInfo(), types);
const EncryptionMethod* meth = encryptedData.getEncryptionMethod();
if (meth)
auto_ptr<XSECBinTXFMInputStream> in(m_cipher->decryptToBinInputStream(encryptedData.getDOM()));
XMLByte buf[8192];
- unsigned int count = in->readBytes(buf, sizeof(buf));
+ xsecsize_t count = in->readBytes(buf, sizeof(buf));
while (count > 0)
out.write(reinterpret_cast<char*>(buf),count);
}
// Resolve a decryption key directly.
vector<const Credential*> creds;
- int types =
- CredentialCriteria::KEYINFO_EXTRACTION_KEY |
- CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES |
- CredentialCriteria::KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES;
+ int types = CredentialCriteria::KEYINFO_EXTRACTION_KEY | CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES;
if (m_criteria) {
- m_criteria->setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+ m_criteria->setUsage(Credential::ENCRYPTION_CREDENTIAL);
m_criteria->setKeyInfo(encryptedData.getKeyInfo(), types);
const EncryptionMethod* meth = encryptedData.getEncryptionMethod();
if (meth)
}
else {
CredentialCriteria criteria;
- criteria.setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+ criteria.setUsage(Credential::ENCRYPTION_CREDENTIAL);
criteria.setKeyInfo(encryptedData.getKeyInfo(), types);
const EncryptionMethod* meth = encryptedData.getEncryptionMethod();
if (meth)
m_cipher=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newCipher(encryptedKey.getDOM()->getOwnerDocument());
// Resolve key decryption keys.
- int types =
- CredentialCriteria::KEYINFO_EXTRACTION_KEY |
- CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES |
- CredentialCriteria::KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES;
+ int types = CredentialCriteria::KEYINFO_EXTRACTION_KEY | CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES;
vector<const Credential*> creds;
if (m_criteria) {
- m_criteria->setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+ m_criteria->setUsage(Credential::ENCRYPTION_CREDENTIAL);
m_criteria->setKeyInfo(encryptedKey.getKeyInfo(), types);
const EncryptionMethod* meth = encryptedKey.getEncryptionMethod();
if (meth)
}
else {
CredentialCriteria criteria;
- criteria.setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+ criteria.setUsage(Credential::ENCRYPTION_CREDENTIAL);
criteria.setKeyInfo(encryptedKey.getKeyInfo(), types);
const EncryptionMethod* meth = encryptedKey.getEncryptionMethod();
if (meth)